Header Ads

Should you use a Host-based Firewall?

A firewall is a device or application that monitors and controls incoming and outgoing traffic on a network or device. A host-based firewall is a firewall that sits on a system or workstation as opposed to being located somewhere in your network. If your computer will be accessing the internet, then it is imperative that you have a host-based firewall as this can help block incoming and outgoing unrequested connections. If you run a premium or paid version of an anti-virus then most likely it will come with a firewall, but if you are running a free version of an anti-virus then you will need to install a firewall. If you have a windows PC, then you might not need to install a firewall because all versions of windows since XP SP2 have a built in firewall that is turned on by default. The problem with this firewall is that it is not much to look at especially when it comes to providing an easy to use interface for configuring its advanced features. To remedy this, you can try installing a tiny program called Windows Firewall Notifier that helps you better visualize the windows firewall functions.

To use a firewall, you have to be familiar with TCP/IP PORTS. Every TCP/IP application requires a server (a computer with a resource) and a client (a computer that requires the resource of a server). Clearly defined port numbers exists for every TCIP/IP application. A port number is a 16-bit value from 0 to 65535. Let’s use a practical interaction between a web server and web client to get the gist of port numbers.

If you put on your PC and fire up google chrome or any other web client and point it to a website, it will request for a resource (in this case a web page) from a web server. In my case, I typed www.office.com into my web browser. The IP address of this website is as seen using the ping utility. Using a tool called wireshark, we can capture the communication between the web client and server. My wireshark capture below shows the outgoing request my web client makes to the office web server.

You can see the IP addresses and a source and destination ports. Every time a request or response is sent, there must be destination and source port numbers. The destination port number is set by the type of application that is being used, in our case since it is a HTTPS request, the destination port number is 443. If we were using an FTP client, then the destination port number would be 21. Port numbers from 1 to 1024 are known as well-known ports because they have a particular application associated with each port number. The source port number is generated as an ephemeral port by the computer itself, it is incrementally generated and has to be a number above 1024, but depending on the operating system the number could be up to 65,000.

Why it is necessary to know port numbers is that you’ll come across them a lot when using firewalls. I would recommend that when it comes to using a host based firewall, deactivate the windows firewall and use a third party firewall. An excellent and free third party application is COMODO firewall. This application is easy to use and very robust.

You can find everything you want to know about the Comodo firewall in the help section of the product online page (http://help.comodo.com). I encourage you to have a firewall installed on your PC before going online because there are many threats that cannot be stopped by regular antivirus/anti-malware software.

No comments

Powered by Blogger.