Your computer system must be isolated from the Internet. The best way to do this is to use a combination of a hardware firewall (which could be part part of the the modem / router) and a software firewall. Regardless of how you connect to the Internet you will have a device called a modem (or router) which could be a dial up modem, a broad band modem or a cable modem.

The picture shows three scenarios a) Computer connected to directly to the Internet without a firewall. b) Computer connected via a standalone firewall and modem. c) Computer connected to the Internet via a modem router hardware firewall (all in one) with a software firewall installed on the computer. This is the best way.

The firewalls should not only filter and block unwanted attacks from the outside but also they should stop malware from getting out in the unfortunate event that your system becomes infected. Most hardware firewalls are configured such that the latter (egress or out going) feature is either turned off or completely disabled. The basic software firewalls that come built in with Windows XP and Mac OS X do not make the latter (egress) feature available to the average user – thus consider getting a third party firewall as discussed in the software firewall section.

Another feature that is very useful to enable especially on the firewall which is directly connected to the Internet is typically called “Stealth” by most manufacturers. This became available to Mac OS X Tiger update under the Advanced option tab.

What the “Stealth” feature does is prevent hackers from finding out if your machine is connected to the Internet by preventing your computer system responding to unsolicited request e.g. pings.

The main advantage of using a standalone hardware firewall in-conjunction with a software firewall is that it prevents a single point failure. Since it is not uncommon for attackers to find flaws in firewalls and find way of by passing them. But if you use both a hardware and software firewall if one fails or is miss-configured you should still be protected by the second firewall.

Note: If you cannot have a hardware firewall, then you must NOT connect to the Internet without first installing a software firewall. If you only have one computer, then try to get a software firewall downloaded by a friend or from an Internet café and put it on a USB memory stick. Or as a last resort download it to your computer, but then copy it to a disk or memory stick. In all these circumstances follow the sanitisation instructions very carefully.

Hardware firewall

Ideally you should buy a stand-alone hardware firewall. For example, for a broadband connection a hardware firewall would typically include a ADSL2+ modem firewall router all in one. Any recent, i.e. ADSL2+ modem firewall router will be adequate for the home user.

If you have your broadband provided by cable then you will probably need a standalone hardware firewall which you will connect in series with the cable modem.

For dial up modems there are no hardware firewalls combined in the dial up hardware. You are then force to rely solely on the software firewall.

Look at the offerings (typically SOHO - small office / home office section) from some of the following manufacturers - not listed in any particular order:

• Belkin

• D-Link

• Linksys

• NetGear

• Thompson

• Zyxel

This is not intended to be a comprehensive list of manufacturers of firewalls routers, just some suggestions to give a starting point to look at. The budget end of the market has developed very nicely and it is possible to purchase (in the UK) for the home user a good ADSL2+ modem firewall router box for approximately £55 GBP ($100USD).

The following are examples of the types of ADSL firewall routers available at the budget end of the market.

Some manufacturers offer a built in 4 way switch in the modem firewall router as shown above in some of the products. Otherwise you may also need a small 4 or 8 way switch if you have more than one computer on your home network.

If you receive your broad band via a cable modem, you will need a standalone firewall router or a combined cable modem firewall router.

Note: Ideally buy a firewall or modem firewall router combined appliance whose output is to "Ethernet" ports rather than to a USB connection. The reason is that the Ethernet type firewalls do not need special software drivers installed on the computer and are much easier to configure. Also it means that you can make a simple home network just by adding a switch.

It is best to install a software firewall in addition to having a hardware firewall since it isolates each machine if you have more than one computer and it protects you against single point failures.

Note: Some modem firewall routers come with WiFi or or wireless access, i.e. enabling you to connect wireless to your computer or laptop. See the section on wireless security before you enable the wireless access.

Before you start installing any software or changing your configuration on your computer - you must back up all your vital data and files - you can ignore this step only if you have a brand new system that has no vital data and/or files. See here for instructions on how to backup your data. [0]

If you have already backed up your data you can go on to the next step:

Bookmark/Search this post with:

delicious [1] | digg [2] | reddit [3] | furl [4] | yahoo [5]