Page 9 - 1906
P. 9
(Continued from page 8) security measure, more so even than installing
anti-virus software. This applies to any firewalls
passing the firewall, or disclosing sensi- you install.
tive information, such as your bank Most operating system include a host-based fire-
passwords or credit card details.
wall, which is probably adequate for most home
If you run a server from home, perhaps to host users with a network-based firewall between
a Website or exchange files, you need two fire- their LAN and the Internet. However, aftermarket
walls, one between the Internet and the net- software is available from many anti-virus ven-
work called a Demilitarized Zone (DMZ), and a dors, and you may wish to consider one of these,
second one between the DMZ and your home especially if you have a laptop with sensitive in-
network; see Figure 3. The firewall between the formation and use it at public Wi-Fi hot spots.
DMZ and the Internet is less secure, because it Regardless of how you use it, check your fire-
allows incoming requests to the servers on the wall’s documentation to be sure it’s properly con-
DMZ network. Such requests are not allowed figured for you situation.
through to the home network. Other DMZ archi-
tectures may be preferable depending on your You can implement a network-based firewall in
requirements. You will need to do some re- three different ways:
search before implementing one, but fortunate- · purchase purpose-built hardware, proba-
ly, few home computer users need this com- bly with an integrated router,
plexity. · install firewall software on a compact PC
such as a Raspberry Pi, and
· install firewall software on a standard PC.
The first is the easiest and by far the most pref-
erable, as it’s ready to use right out of the box
after minimal configuration. The second requires
Figure 3. DMZ more work and expertise but can result in a unit
that is at least as effective, but few users have
Because firewalls are software running on small the expertise needed to insure the security that
dedicated processors and are exposed to the this application requires. The third is unlikely to
Internet, they are subject to hacking, and they be satisfactory, as PCs have hard disks, moni-
are attractive targets. Most home users rely on tors, and keyboards which aren’t needed here,
firewalls included in the cable modems and and you will be tempted to use a surplus one that
routers supplied by their Internet Service Pro- probably has an old operating system with many
viders (ISPs). Unfortunately, ISPs are not dili- known vulnerabilities. You will also have to re-
gent in installing patches to correct the security move many programs that were needed in its
flaws that are frequently uncovered. If the only former role as a general-purpose PC but may
devices on your home network are PCs with have security risks. For firewall duty you want
their own host-based firewalls and you haven’t simple hardware and software and the latest ver-
enabled file sharing among them, the risk isn’t sion of the latter.
large. However, if you have network-shared A good firewall tutorial is available at http://
storage or other devices without firewalls, you computer.howstuffworks.com/firewall.htm and a
should add your own firewall between your net- more technical one at http://
work and the ISP’s interface. Many routers in- mercury.webster.edu/aleshunas/COSC%
clude firewalls and these are convenient to use 205130/Chapter-22.pdf .
here. Most security experts say that keeping
your software up-to-date is the most important
9
