Install a personal firewall

The fourth delivery of this home PC security series focuses on a relatively new security element for home PCs, the personal firewall. Having a personal firewall in our home PC will soon be a must if we run Windows XP and have a broadband connection to the Internet. In Europe, a freshly installed XP box connected to the Internet can be hacked within minutes (or even seconds).

Wikipedia.org defines personal firewall as a piece of ‘software installed on an end-user's PC which controls communications to and from the user's PC, permitting or denying communications based on a security policy’. How does a firewall work?

Let’s try to explain it without complex IT terms: Communications to and from a PC use different protocols. These protocols are the languages computers use to talk to each other. Complexity in these communications has been mitigated using a layered approach. For each communication layer different protocols exist. Some of these layers use as ending points the term ‘port’.

Firewalls control precisely these communications. For example, they allow that you can browse the Internet (in IT terms, this means that you are using the HTTP protocol from your PC to the Internet through a specific port). At the same time, they can forbid any communication from the Internet to your PC so that your printer cannot be used by external parties.

The peculiarity of personal firewalls is that they make an attempt to hide this IT complexity to the user by prompting pop-up windows when these communications happen for the first time in your PC. Normally, they offer you the possibility to allow always (this means that the firewall create a permanent allow rule), only for that specific occasion or never.

It takes some time (and some answers) for a personal firewall at home to know about your communication profile. Let’s face it, most users select the ‘allow always’ option when they are prompted for the tenth time with the disturbing firewall question window.

The basic piece of security advice is to grant access only to those communications you are sure you need and you are certain about their origin (basically, in a normal home use, those coming from your Internet browser, your email client and any additional network-based software you use). All the rest, whenever the window of your firewall pops up, select anything but ‘allow always’.

A popular personal firewall is Kerio. You can download a free copy from softpedia