* Firewalls Briefing

A quick primer on firewalls and encryption.

By Erik J. Heels

First published 3/2/2003; Law Practice Management magazine; American Bar Association

A firewall is a combination of hardware, software, and security policies used to protect a private network. But most people refer to “firewall” as either a piece of hardware or a piece of software. Internet programs operate on predefined ports, so administrators can allow or deny access to certain programs by enabling or restricting access to these ports. For example, FTP (file transfer) operates on port 21, telnet (remote logon) on port 23, SMTP (outgoing mail) on port 25, HTTP (web server) on port 80, POP3 (incoming mail) on port 110. See Practically Networked (http://www.practicallynetworked.com/sharing/app_port_list.htm) for a listing of popular Internet programs and the ports they use.

Single Computer

For single PCs, consider software firewalls, which cost about $50. See CNET (http://www.cnet.com/software/1,11066,0-352108-1202-0,00.html) for reviews and pricing.

Small Networks

For small multi-computer networks, consider a hardware firewall. Many routers come with integrated firewalls, which typically include default settings with strong security. See CNET (http://computers.cnet.com/hardware/search/results/0,10121,0-7052-402-0,00.html) for reviews and pricing. For example, I use an Asante FriendlyNET FR3004LC Cable/DSL router (http://www.asante.com/products/routers/FR3004/index.html) that includes a packet filtering firewall with NAT (Network Address Translation, which allows multiple computer to share one static or dynamic IP address).

Large Networks

Large networks should have a dedicated hardware firewall such as those offered by WatchGuard, Nokia, Cisco, or Check Point. See Network Computing (http://www.networkcomputing.com/compareit/comp-1308b.html) for reviews and pricing.

Encryption

Encryption is process of converting data into ciphertext, which cannot be read or understood without decrypting the data. For example, encryption software can turn human-readable text into unreadable data. For example, if I shift my hands one space to the right on my keyboard, the phrase “the end” becomes “yjr rmf.” You can encrypt individual programs such as e-mail (http://www.cnet.com/software/0-806183-8-7832100-1.html), all files, or all data transmitted over the Internet. For example, users who now use (inherently insecure) telnet for remote logon should use SSH instead. See FreeSSH (http://www.freessh.org/) for a list of SSH clients. See Securitypointer.com (http://www.securitypointer.com/) for a good overview of encryption and related technologies.