Musings on Personal (and SOHO) Firewalls
No one can argue that bandwidth is increasing when connecting to the Internet from homes or small offices. Nor is it likely that the proliferation of "always-on" technologies like cable modem and digital subscriber line (DSL) will slow down any time soon. Such technologies simply offer too much value for the money to be overlooked. As I'm writing this piece, I'm hooked into the Time-Warner cable modem infrastructure and my favorite bandwidth/speed test is reporting 5.85 megabits per second or Mbps. I pay about $47 a month for this service; by contrast, a T-1 line costs about $700 a month in my hometown, and delivers 1.544 Mbps. You can visit bandwidthplace to run your own "speed test" remember that speed varies on cable networks, but bandwidth is guaranteed on a T-1 line.
Faster Internet connections, more connections, and more ways to use them will continue to change the way we work and live in an increasingly digital, wired world. Likewise, homes and small offices are using more networks up from less than 1 percent of households in the US to over 4 percent of households in just 2 years, and up from 18 percent of small businesses to over 45 percent in the same time frame. Although concerns for single-system connections are nearly identical to network connections, those with networks attached to the Internet have more to lose in the event of a successful break-in or "hack attack."
In this brave new wired world, mere consumers and small office operators must become security conscious. In other words, anybody who uses DSL or a cable modem should be concerned about and proactive in ensuring the security and integrity of the Internet connections they use (and the systems that connect to them). Although this is less true for modem users who typically tend to stay logged in only for short periods of time, and whose network addresses change quite frequently security consciousness is not unwarranted even for those who use older, slower technologies to access the Internet.
Securing the Perimeter
Maintaining a "secure perimeter" is an integral notion in the areas of system and network security. Basically, this boils down to screening incoming requests for information or services from outside your perimeter and in some cases, blocking such requests altogether and can also involve screening outgoing traffic from inside your perimeter to the Internet as well, depending on the circumstances and the kinds of online content you want to allow or deny for your users (which may only be the gang otherwise known as "me, myself, and I").
In a small office, home office, or personal home connection, the perimeter represents the boundary between the service provider's internal network (and from thence, to the Internet) and your own computer (or network, if you've got more than one computer attached to the Internet). Physically, this is situated in the computer or in some other device that attaches to the service provider's box or directly to the service provider's network. In some cases, you will use a special cable modem or DSL box that accepts a connection to the outside network in one port, and that plugs into a network interface card (NIC) in another port. In other cases, you may use a box that integrates the functions of an interface to the service provider's network with those of a network hub (or similar function). These two scenarios are depicted in Figure 1.
Figure 1 Whether you connect a single machine or a network segment via cable modem or DSL, the perimeter sits at the connection device.
Simply put, a firewall is a special bit of software that sits on the perimeter to inspect all incoming traffic and in some cases, outgoing traffic as well. Like the metal shield designed to prevent a fire in the engine compartment in your car from spreading into the passenger compartment, a network firewall keeps the bad stuff outside the system or network that it guards. As our earlier definition of perimeter security indicated, the firewall's job is to guard that perimeter and protect it from unwanted and unauthorized penetration, while allowing you to access resources on the Internet.