A personal firewall will have a variety of levels of protection that depends on whether your computer is connected to the Internet or to a network. A computer on a home network will often have shared files with other computers on the network and will also access the same resources, such as printers. If this is the case there will be more access than if the computers are connecting to the Internet.
Connecting to the Internet is risky and needs to be controlled. Firewalls should be set to restrict certain data that is outgoing and incoming as well as close any ports that aren’t being used. A port is a standardized number that routes Internet traffic with the use of network software.
You don’t need to be a computer expert. Most firewall settings are configured according to default. If you need to modify these settings you’ll usually get an alert when you’re making the change.
There are two basic components to a personal firewall. The first component will look at the data when it comes into your computer to decide whether or not the data should be allowed to pass through. The second component will set up certain policies for some applications. These policies can be relaxed since they simply let certain programs have access to the Internet.
The first component is known as the “packet filter”. This filter will take a look at each packet of data and will let it pass through or let it drop. These packets are composed of data that is routed on the network. There are rules for these packets, which are called polices, that let data pass or decide which data fails to meet the policy standards. Failure to meet these policies will give an alert or else just drop the packet depending on how the firewall has been configured.
The second component is known as the “application filter”. This filter will decide whether certain programs are allowed to receive and send data through one port or another. A browser will need to have access to the Internet so a policy is put into place that allows the receiving and sending of data using Port 80, which is a standard number.
Just because the web browser is using Port 80, and other ports are blocked by the personal firewall, your computer still won’t be secure.
An application filter is set up for certain programs and not the particular components of these programs. Every program will have more than one module, each of which can be infected. In a Windows environment these are known as DDLs (dynamic link libraries).
In most cases your antivirus software will be able to determine if a module is infected but any new viruses, that are not yet part of the antivirus database, may slip by undetected. Your computer system will be vulnerable if your personal firewall allows this to happen.
A firewall won’t give you complete protection against viruses and hackers. A firewall is only effective for keeping some hackers out of your system and you should supplement your system with antivirus software. You should also practice safe file sharing procedures.
There is one main rule to follow with firewalls: If you don’t know what is trying to accessing your computer consider it a risk.
By: Paul Wilcox
Posts Tagged ‘Ports’
Using Firewalls to Protect Your Computer From Attack
March 22nd, 2010What Are Network Patch Panels?
March 17th, 2010
Patch panels are used as the central point in a network where all the network cables terminate. It is the grand central station of the network. Networks that use these panels (and almost all modern networks use this technology) are consider “star-networks” or they use the term “star-topology.” This is because if you look at a drawing of your network, all the network nodes (nodes are end-points on the network and include things like computers and printer) all connect back to the central “hub” and it looks like a big starburst. Another term is “spoke-and-wheel” where the “wheel” is your hub and patch panel and the individual cables going out to your nodes (computers and printers) become the spokes.
They come in various types and configurations from the simple wall-mounted 12-port patch panel block, to elaborate 96-port (and more!) rack-mounted patch panel. As was mentioned above, patch panels are rated for speed. So if you are running Cat 6 cable, you will need a Cat 6 patch panel.
Network panels come in various designs and styles. There are patch where the cables plug-in straight (90°), or angled at a 45° angle downwards; there are panels with 110 style punch downs on the back and ones with tool-less punch downs; there are various number of ports on the panels. Check the internet for the vast array of styles available. There are also two different standards for network panels: T568A and T568B mentioned above. Be sure to buy the correct ones for the installation!
It is best to buy patch panels that are rated for both standards. Since the only difference between the two standards is the order of the colored pairs, most manufacturers rate their patch panels for both standards. They simply have both wiring diagrams affixed to their patch panels.
By: Dean Novosat
Network Redundancy Techniques
November 10th, 2009
When building a network, some considerations must be taken from the point of view ofavailability. In the context of networks, availability means that the network must be operable during the whole day regardless of failures. Thus, some techniques must be taken to make the network available all the time.
In order to develop redundant network one must consider the possible failures that must occur during the network operation. These failures are categorized into two types: link failure and network device failures. In link failures, one cable connecting two computers or two any two devices such as routers or switches can be disconnected and make some of the
network or all of it to be down. On the other end, device failure means that the network device itself is down which could be router, switch, or a hub.
First let us find how to overcome link failures. The solution in link failures is simpler than device failure because all we need to do is to provide multiple links between devices such that when a link is down, other link takes its role. This is simple of course but can lead to problems. This is because when there are more one link connecting the devices the data will find multiple links and the switch will forward the data to multiple links and the receiving end will receive the data more than one time. In addition, looping can occur because the data will be forwarded across the links forever. This will occur because there is more than one path to the destination and because the switch or the hub forwards the data to all ports.
The solution to looping is to use some protocols that block some ports on the switch and open others so that only one path is existed to the destination. This is achieved by what is called spanning tee protocol, which is available on Cisco switches. Notice that the concept of looping and STP are applied only to devices connected through a LAN and not to routers.
Second let us see the other type of failure which is device failure. This type occurs when a network device fails and thus is unable to forward the packets. The failure here can have a big impact on the network if it occurs in the core layer of the network which connects the whole network together. Therefore the solution is suggested to be applied at the core layer where two network devices are connected to the network to forward the data, one is the primary and the other is the secondary If one device fails, the secondary becomes available.
The above technique is configured on the router or the switch depending on what is used. Some protocols are developed to accomplish this function and are available on Cisco devices. When implementing it, one must connect the device at the core which must be redundant to the proper ports of other devices and connect similar device to the rest of the network in the same manner the primary device is connected. If the primary fails, this secondary takes its role.
By: Youssef Edward
