Burney's Legal Tech Reviews - Fantastic, Functional Firewalls

Brett Burney is the Legal Technology Support Coordinator at Thompson Hine in Cleveland, Ohio. He regularly reviews products for Law.com's Automated Lawyer and Law Office Computing Magazine. Feel free to e-mail Brett with your legal-technology questions at bburney@bburney.net.

If you use the Internet, you should be using a firewall. In today’s world of “always-on” broadband Internet connections (cable, DSL, etc.), it is more important than ever to proactively protect your Internet use. This applies to both home and small office computer networks. Using a firewall is responsible, effective, and smart.

Facts About Firewalls

I know that many people scoff at the idea of evil hackers roaming the matrix of cyberspace searching for their next victim. The scoffers also ask questions like "why would anyone want information on my computer?” or “how could they find my little PC on the whole wide Internet?” And while I agree that the dark images of “hackers” have been perpetuated more by Hollywood than by real life, there is a tinge of truth to the malicious techie tendencies.

It’s true that many people on the Internet aren’t interested in your personal e-mail. They could probably care less about the poems that you’ve written or the documents that you’ve created. Sure there’s the occasional credit card number or financial account password that they could pick up, but these days, those things are not the driving force behind their quest for access to your computer. What is important these days is your computer’s processing power and the fact that it’s always connected to the Internet via a cable modem, DSL, or even a T1 line.

A popular Internet pastime these days is something called a “Denial of Service”  (DoS) attack. Basically, many computers are made to send requests to a specific Web server. The Web server eventually gets overwhelmed and virtually shuts down. The operative phrase in the above scenario is “many computers.” A person launching a DoS attack usually doesn’t have enough computers to do this on their own. They finds computers at businesses and homes that are connected to the Internet with a broadband connection to help in the attack plan. If you were a party to an attack like this, you may not even know it. (A significant DoS attack was carried out recently. If you still need more convincing, you can read a thorough analysis of a DoS attack here).

On another note, it is my belief that as law offices keep more and more client information and confidential data electronically, they will start to realize the ethical obligations involved in protecting digital information. Again, a firewall is good first step in the right direction.

Lastly, installing and using a firewall is just good basic computing responsibility. If you use the Internet, you should be aware of the dangers and the risks, just like anything else you do in life. My aim is to review a few products here that will show you how easy it is to effectively start using firewalls. Of course, there is a ton of information available on the Web about firewalls. I have a few “honorable mentions” of sites that are terrific starting points (after my column, of course):

* The Home PC Firewall Guide is a fantastic resource. Most of the information can be applied to small office networks as well. You will find just about everything you need to know about firewalls from this Web site.

* Firewalls for Beginners is a very good overview.

* A very thorough explanation of firewalls and related technology can be found here.

A Little Bit o’ Net

The next step in getting familiar with firewalls is to understand some basic terms and concepts about how the Internet works. I won’t get overly technical here but I will concentrate on providing a good foundation for everyone.

First, communication on the Internet happens based on a set of protocols collectively called TCP/IP. The “IP” part stands for “Internet Protocol” which works as a sort of postal system for computers connected to the Internet. When you dial-up or otherwise connect to the Internet, your computer is assigned an “IP address”. When you instruct your computer to visit LLRX.com, you are actually connecting to an IP address. (The translation from words – “www.llrx.com” – into the set of numbers of an IP address is handled by the Domain Name System (DNS) but I’ll save all that for another column.)

When you visit a Web page, you don’t get the whole page at once. Part of the job of TCP/IP is to properly direct and coordinate the “packets” of information that come through the Internet. Each packet has a “header” that contains information on where the packet comes from and where it is going. This means that part of the header includes IP addresses.

Fascinating Firewall Functions

IP addresses, packets, and headers are important because that’s how firewalls decide whether or not to let something through to the computers on your home or office network. At a fundamental level, firewalls use a technique called "packet filtering” to block information packets based upon the IP addresses contained in the header. If I knew the IP address of a certain computer that I didn’t want to access my network or Web site, I could program my firewall to block any packet of information that contained that IP address.

If firewalls stopped there, it would be pretty sad because all someone would have to do to circumvent packet filtering protection would be to obtain a new IP address. Some people just pretend they get another IP address with the practice of “IP spoofing”.

Fortunately, many firewalls today practice something called “stateful inspection”  (or “Stateful Packet Inspection” commonly referred to as “SPI”). This is basically packet filtering on steroids. With SPI, firewalls not only check the header information for IP addresses, they also look at the contents of the packets to determine what is contained within. Based on whatever settings you select, your firewall can then allow or prohibit those packets into your network.

Hardware and Software but Never Fear

As with everything else in life, there is no “one-stop” solution for your firewall needs. Some firewalls work through hardware while others are software applications installed on your PC. I usually recommend a combination of both a hardware and software firewall. That may sound like a bit of overkill, but each serves a slightly different function and it’s always good to have extra protection.

The two “hardware” firewalls that I’ll be discussing are both basic network routers. Both of them are marketed for either home or small office networks, usually for people that don’t have full-time technical-people to install equipment for them.

Routers by themselves are not much – they simply sit between your network of computers and your Internet connection and coordinate Internet traffic. When you have two or more computers on your network that need to connect to the Internet, the router is the piece of hardware that makes sure both computers can use the Internet at the same time without interfering with each other.

This makes routers perfect vehicles for firewalls since they intercept all the Internet traffic anyway. A router has to look at the header of a packet to determine which computer on your network to send it to so it just makes sense that it can act as a firewall at the same time. Once you set up your router properly as a firewall, you may never have to visit it again or know that it’s even working for you.

Software firewalls (sometimes called “personal” firewalls) are slightly different. Software firewalls are installed on your computer and allow you to tweak your individualized settings to determine what kind of Internet traffic that you want coming to your desktop. For example, a hardware/router firewall may not have the ability to block an ad from appearing on a page, but you can “train” a software firewall to recognize such ads and block them appropriately.

Software firewalls also allow you to monitor specific “Internet-activity” from particular programs and allow or disallow that traffic as you please. For example, when you fire up Windows Media Player, the software firewall will alert you that the program is attempting to access the Internet and retrieve some information. If you’re not fond of that happening, you can choose to block that communication.

SMC Barricade 2.4 GHz Wireless Cable/DSL Broadband Router (SMC7004VWBR)

The first hardware router I tested was the SMC Wireless Barricade. I’ve been a fan of SMC networking products for a while and have enjoyed using one of their earlier “Barricade” router/firewall products for a year.

The Wireless Barricade is a slim little  fellow with the added bonus of a wireless access point. While I unfortunately can’t dwell on the wireless aspects in this column, I’ll suffice it to remind everyone  that you will obviously need a wireless card for your computer to take advantage of that feature.

On the other hand, the Wireless Barricade offers four regular network ports (with RJ-45 connectors) to comfortably handle your “wired” machines.

There is one other mode of protection in router/firewalls that I need to quickly touch upon before going forward. Network Address Translation (NAT) works to protect your networked computers by hiding their individual IP addresses. Where you may have 5 computers on your network, a router with NAT protection presents those computers with one single IP address. This is yet just another layer of protection. The Wireless Barricade features a NAT firewall as well as SPI.

Setting up the Wireless Barricade is simple. There is one port on the back of the unit entitled WAN into which I plugged a network cable running from my cable modem. I then plugged my computers into the LAN ports and even had one laptop connected with a wireless card. SMC included a great “EZ 3-Click Installation Guide” in the box to help you set everything up. The Wireless Barricade houses several green lights on the front of the unit to let you know it has power and is ready to go. These lights are sometimes hard to see but helpful when you need to troubleshoot your connections.

Once the Wireless Barricade is physically set up, you need to configure the firewall settings. This is done through your computer and a Web browser. The EZ Installation Guide doesn’t contain information on this but you’ll find what you need to know on a PDF User Guide on the enclosed CD-ROM.

The first step is to make sure you can configure the Wireless Barricade appropriately for your Internet connection. Since I use a cable modem, I selected DHCP. If you have a DSL connection, you might need to select PPPoE. Again, the User Guide will help a lot here but you might need some extra information from your broadband provider.

I found the firewall setup of the Wireless Barricade to be slick and simple. I followed the User Guide step-by-step and successfully enabled the firewall, controlled access among my networked computers, and even had the option of blocking access to certain URLs. It’s also easy to set up a “Demilitarized Zone” (DMZ) in the settings areas. A DMZ places your computer outside of the firewall protection. You may need to do this for certain programs like networked games or NetMeeting.

My favorite feature of the Wireless Barricade is that you can set it to send you an e-mail when it detects an unauthorized access attempt. Most of these attempts won’t amount to anything serious, but it’s a good practice to keep track of all such suspicious attacks.

Link to product: http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=258&site=c 

Linksys EtherFast Cable/DSL Firewall Router (BEFSX41)

When it comes to home and small office networking, Linksys is a huge leader. The product I received for review was the EtherFast Cable/DSL Firewall Router. While this particular model is “wired,” LInksys offers several great comparable products in the wireless category (like this one http://www.linksys.com/Products/product.asp?grid=23&prid=415 for example).


Setting up the EtherFast Router is similar to the Wireless Barricade above – just plug in the appropriate network cable from your broadband modem and you’re ready to go.

To help you get over the DHCP/PPPoE/etc. confusion, Linksys included a CD-ROM in the package that you can use to automatically detect the appropriate settings for your router and broadband connection. This didn’t work so well for my particular setup, but happily the included “Fast Start” guide (in paper form) does a great job of walking you through the setup manually. Once you get physically set up, be prepared to access the CD-ROM for the complete User Guide to walk you through the firewall settings.

The EtherFast Router offers both NAT and SPI protection. I really liked the browser interface included with the product. The options appeared to be a little more clear and the help boxes were excellent. Simply clicking different options will allow you to enable firewall protection and block certain URLs as you please. You can even block URLs based on a time schedule. An “Advanced” section in the setup menu allows you to set up some extra filters and other options like DMZs.

My only disappointment with the Linksys EtherFast Router was that it didn’t provide e-mail notifications of unauthorized access attempts. On the other hand, you can enable the router to keep logs of such access attempts that you can refer to at any time.

I really liked the Linksys product. It just seemed to be a little heartier and offered a few extra setup options for complete customization. While the SMC Wireless Barricade is a good solid choice for home or small office networks, the Linksys EtherFast Router takes a slight lead in my opinion.

Link to product: http://www.linksys.com/products/product.asp?prid=433&grid=23

Norton Personal Firewall 2003

Now it’s time to move on to the software layer of firewall protection. Once you have a solid foundation of protection built up with a hardware router, you can tweak that protection with a personal firewall program.

Software or “personal” firewall programs are installed on individual computers and give the individual user control over what kind of Internet traffic is allowed on their PC. While hardware router/firewalls are the first line of defense that operate without any user intervention, personal firewalls can constantly be trained and modified to only accept what you choose. They operate in much the same way as hardware firewalls and some offer additional bells or whistles, such as the ability to inspect and block certain e-mail messages.

The brand new Norton Personal Firewall 2003 is a comprehensive firewall protection package that is easy to setup and use. I am a big fan of other Norton products like SystemWorks and therefore felt very comfortable in using Personal Firewall. When you install Personal Firewall, it will ask you if you want to connect to LiveUpdate – a service from Norton (Symantec) that will update your software with appropriate fixes and information. My only gripe is that I had to reboot after the initial installation, and then again after the LiveUpdate completed.
 

After you’re done with reboots, Personal Firewall finally pops up with the “Security Assistant.” The Assistant takes you through setting up the basic properties for the firewall, all the while explaining what’s going on. I found this to be a great educational tool and a fun way to set up the firewall.

Once up and operational, Norton Personal Firewall sits in your system tray (the lower right hand corner) and watches everything that goes on. If it detects some Internet activity that it thinks shouldn’t be going on, it will block it. If you’re curious about what’s being blocked or allowed, you can double-click the “Alert Tracker” – a little globe that sits on the side of your screen. The Alert Tracker will tell you what program has requested access to the Internet (which includes obvious applications like Web browsers, e-mail programs, etc.). I found that the Alert Tracker got in the way, wasn’t too friendly, and didn’t provide much information unless you clicked on a message.

The main interface of Norton Personal Firewall is nice but sparse. You can click options on and off from the main page, or click on the “Configure” button to select additional options. You can drill a little deeper into many options if you choose. In the “Ad Blocking” section, you can elect to block all Internet ads and prevent pop-up windows from getting in your way when you surf the Internet.

If you are new to firewalls and want a personal firewall application that is easy to set up and install, then Norton Personal Firewall is a good pick. Personal Firewall will take care of your computer and you can enjoy the backing of a reputation from Norton products.

Link to product: http://www.symantec.com/sabu/nis/npf/ 

ZoneAlarm Pro 3.1



My pick for a personal firewall is ZoneAlarm Pro 3.1 from ZoneLabs. While you can still get a free version of ZoneAlarm (with a few less options), Pro 3.1 offers a lot more with an updated interface.

First off, there is no reboot required after installing ZoneAlarm – it’s ready to serve and protect almost immediately.

The short but comprehensive tutorial is highly recommended to get familiar with the individual features of the program. Once that is done, a small ZoneAlarm icon will sit in your system tray. This icon will change as you engage in Internet activity to show you that something is happening. You can also use this icon to stop all Internet activity through a simple right-click.

The user interface for ZoneAlarm is very clean and comfortable. For the firewall function, you use “sliders” to choose between high, medium, and low security for “Internet” and “trusted” zones. The “Program Control” section lets you set specific options for individual programs that connect to the Internet. You can do the same thing in Norton Personal Firewall, but I believe that ZoneAlarm has a better-to-understand interface, and allows you to quickly and easily choose applicable options.

I also like the way that ZoneAlarm alerts you to questionable Internet traffic. An “Alert Advisor” will pop up in the right hand corner of your screen and provide some information as to what the traffic is all about. You usually have the option to click a button for more information which takes you to a Web browser window filled with helpful information. I found this to be a great bonus.

When it comes to Internet ads, ZoneAlarm provides a great feature for banner ads – you can elect to block banner ads that do not load within a specified time. I chose to block all ads that do not load within one second and I had ZoneAlarm replace the ad with the word “AD.” You can also block pop-up ads with ZoneAlarm but I only found this to be about 98% effective – some pop-ups did get through.

Overall, I had a better experience in setting up and using ZoneAlarm Pro 3.1 over Norton Personal Firewall. While I could highly recommend both products, I feel a little more comfortable using ZoneAlarm.

Link to product: http://www.zonelabs.com/store/content/catalog/products/zap/zap_details.jsp 

No Softie for Software

Both Norton Personal Firewall and ZoneAlarm Pro 3.1 are offered as trials so it’s not going to hurt anything for you to try them out. You can still use either software firewall without purchasing a hardware router but it's my belief that you'll have a more secure network with both.

When you feel lik you want to test out all of your new-found firewall protection, there are a couple of trusted sites I would point you to. First, you can head over to a site called Shields Up! where you can click on a couple of buttons called "Test My Shields!" and "Probe My Ports." As you can probably guess, these actions will go through the motions of testing all the possible avenues that could be used by malicious users to gain access to your computer. If these tools say you are protected, then you can rest a little easier.

A similar but not quite as thorough test can be done through the Symantec Security Check. This service is actually directly accessible from the Norton Personal Firewall interface but anyone can use it as necessary.

That should be about it. Hopefully some of the information and links I've provided here will at least provide a starting point for getting more information on putting a firewall into your network.

Please feel free to e-mail me (bburney@bburney.net) with any questions, suggestions, comments, or any helpful tips and tricks that you might have relating to technology used in the practice of law.