The Ohio State University

www.osu.edu

  1. Help
  2. Campus map
  3. Find people
  4. Webmail

Ohio State University logo Safe Computing logo

spacer Home

spacer Safety Issues
spacer Computer Theft
spacer Hoaxes
spacer Identity Theft
spacer Online Addictions
spacer Online Shopping
spacer Phishing
spacer Power Surges
spacer Social Networking Sites
spacer Spam
spacer Spyware
spacer Viruses

spacer General Safeguards
spacer Anti-spam
spacer Antivirus Software
spacer Backups
spacer Encryption
spacer Firewalls
spacer Privacy
spacer Healthy Habits
spacer Identity Management
spacer Social Security Number
spacer Network Security
spacer (Effective) Passwords
spacer Security Patches
spacer Wireless

spacer Legal Issues
spacer Software Piracy
spacer Copyright Infringement
spacer Online Harassment

spacer Getting Help
spacer Virus Problems
spacer Technical Problems
spacer Reporting Network Attacks

Firewalls and Network Security

Firewalls are an important first-line of defense for network security. When your computer is connected to the Internet, it's a possible target for break-in, so it's important that you take measures to protect it. With high-speed connections such as Ethernet, cable modem or DSL, your computer is connected to the Internet whenever it is turned on, not just when you're actively using it. Computers using dialup modems are vulnerable only when you have established a dialup connection to your Internet Service Provider.

Intruders can cause problems in many ways: they can compromise your system, gain access to stored personal documents, steal personal information that could lead to identity theft, steal your account and password information for other systems, send unsolicited mass e-mail, spread viruses, and even use your computer to break into other computers. Services that present potential break-in opportunities over the Internet include web, e-mail, file transfer, remote log-ins, print sharing, popup messaging, and many others.

For these reasons, it's important that you understand the value of firewalls, which come in two forms:

  • Network firewalls operate on their own hardware and add protection by blocking or filtering traffic between themselves and the Internet. Since your computers are placed behind them, network firewalls can be used to protect a group of computers or devices without having to install a firewall on each device. Some DSL or cable-modem routers include a network firewall, which adds a layer of protection to your entire network. Note that NAT (network address translation, see below) is NOT a network firewall.

  • Personal firewalls (also called host-based firewalls) are software that is installed on your computer to block or filter traffic between your computer and the network. Most newer operating systems such as Microsoft Windows XP (service pack 2 and later), Mac OS X, and Linux have built-in personal firewalls. Personal firewalls are good protection, but they can sometimes be disabled or turned off by attacking software. They are better protection when combined with a network firewall on a cable-modem or DSL router.

When configuring a firewall, you can set up your own rules for what you want to block or let in. It's best to block all incoming connections by default, and allow only those you specifically designate. But if you're running network services that must let other computers connect to yours, this isn't an option. If you do need to allow incoming connections, you should take the time to test and tune the services allowed by your firewall. The increase in security will be worth it. It can be tempting to set up your firewall to allow all connections and only block those known to be vulnerable, but this approach is not secure because it is impossible to know what will be vulnerable in the future. Some personal firewalls also enable you to block outbound connections. This feature can be valuable because you get a warning if you try to connect to a suspicious site.

Network Address Translation (NAT) as firewall. NAT is a method of hiding a group of machines behind a single IP address, originally developed when a shortage of IP address space caused problems on the Internet. NAT has some security properties and can protect computers and other devices from external attacks on the Internet similar to a network-based firewall. But NAT is far less configurable and flexible, and the protection it offers is more by accident than by design. Today NAT is used more for convenience, but it should not be relied on as the only form of protection for your computers, unless it is not possible to add a host or network firewall as well.

For more information on using firewalls, consult the OIT Network Security Group's FAQ.

top
computer graphic

Quick Tips

Whenever your computer is connected to the Internet and turned on, it is a possible target for network intruders

Make sure to use your computer's firewalls in addition to whatever firewalls are availalbe on your network
OIT | Office of CIO | TELR