Firewall Overview Learn how to secure (and test) your connection

• A firewall should monitor incoming and outgoing traffic (windows XP firewall monitors incoming traffic only)
• Some firewalls are more secure than others (stateful packet inspection, ICSA Certified, etc)
• Most firewalls do not protect against viruses
• All firewalls require administration (set-up configuration, updates, making holes for applications)
• Some firewalls have the option of being configured only after an administrative password is entered.  This might be useful, if you want to limit what other users (kids) can do to change your firewall.
  
• Change the default administrative password included in a purchased firewall
• Event logs – how do you want to handle these?
• Many “alerts” come from infected machines doing random scanning
• You can traceroute IP#’s and search for info on Port Numbers

For more information -

• Howstuffworks - a tutorial about firewalls.
• firewallguide.com - a comprehensive site ( overview , software FW , Hardware FW , )
• EPIC  - Tools for protecting Online Privacy . links to personal firewalls, anonymizers, etc.
• ICSA Labs - tests and certifies firewalls.
• The NAT Page .
• Xcleaner , webwasher .
• Firewall Forensics - helps explain the contents of your firewall's alerts/logs

You may need to research specific applications and how they work with firewalls - for example here is a write-up that explains music sharing issues through a firewall , and helps explain the high volume of hits in my own firewall log .

To help read the logs / alerts from firewalls, you will need to see this:

• dshield - integrates the logs of many firewalls.
• Dshield's port report - describes the Port's use and how many other firewalls are also seeing  this attack.
• http://www.iss.net/security_center/advice/Exploits/Ports/default.htm
• Port Numbers - Official list from IANA
• You can also search for "port xxx" using google

What about the IP number of the attacker?.  You can whois and traceroute it, but you can also see if the attacker's  IP number already appears in Dshield's Are You Cracked search.  Rather than use your own IP, just supply the IP number of the attacker.

Example Firewall Set-ups:

Testing Your Current Security

• Partial tests: Shields up (from GRC - see also grcsucks.com ), secure me (from DSL Reports - go to the bottom of the page), Portscan (from cablemodemhelp)-
• Comprehensive tests: Hackerwacker , Security Space Audit ,
• Ethereal - Power users may want to try this  free network analyzer which lets you examine packet level data from a live network connection.  This could be used to examine exactly what is being communicated to/from your PC.
• Wireless LANs at Risk - This article will show you some of the tools and techniques that anyone can use to easily sneak onto your wireless network.
• PC Flank ,
• Online Security Tests   and Snoop test , If you are using an anonymizer service, you can test how complete it is using these several tests.

Security breaches and hacker techniques

• Security Focus , CERT .Packetstorm ,
• Cybersnoop , Keylogger ,