Welcome to the Firewalls FAQ!

Note: This FAQ will cover some of the most basic but frequently asked questions on firewalls. They are written on the assumption that the firewall in question is a good and trusted one, but with no frills such as Application Integrity checks. In the event that you have a question not answered here, please start a new thread to ask your question.


Q: What is a firewall?

A:
An Internet firewall is a piece of software/hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. If you are a home user, installing a firewall is the most effective step you can take to help protect your computer. It is important to have a firewall (and antivirus software) turned on before you connect to the Internet.


Q: Why do I need a firewall?

If your computer is not protected when you connect to the Internet, hackers can gain access to personal information on your computer. They can install code on your computer that destroys files or causes malfunctions. They can also use your computer to cause problems on other home and business computers connected to the Internet. A firewall helps to screen out many kinds of malicious Internet traffic before it reaches your system.
Some firewalls can also help to prevent others from using your computer to attack other computers without your knowledge.



Q:When should I give a program "server rights" and when should I deny a program server rights?

A: You may receive some alerts asking you if a certain program should act as a server and be given "server rights". PCHF recommends that you not give any program server rights unless one of the following is true for you:

• You are hosting a Web site on your computer
• You are sharing files with another person(s)
• You are playing games that require point-to-point connections with other players across the Internet
• You are using telephone/conference software such as Skype.

If any of these situations apply to you, then you should give programs for the activity server rights. If none of the above examples applies to you, it is not recommended that you allow any program to have server rights. Allowing a program to have server rights means that an outside connection can access your computer through that program.



Q: Why is my firewall blocking internet access after a while?

A: The most common cause is that you are losing your IP address. Most ISPs use DHCP to assign IP addresses. Many also send a heartbeat to see if you are still connected.Your firewall may have blocked them.

1. Go to Run type in command, hit OK, and type ipconfig /all then press enter. In the returned data list will be a line DNS and DHCP Servers with the IP address(s) listed out to the side
2. In your firewall set these zones to Trusted, if there is such a feature.
3. Click OK and then Apply and see if that works to fix it.



Q: Do I need a PC firewall if I'm already using a hardware firewall?

A: Most home network routers include a built-in hardware firewall that monitors and blocks inbound communications at the network level. By comparison, a PC firewall can monitor and block both inbound and outbound communications at the PC level. For the most complete protection, a PC firewall should be installed on every computer on a network. Combined, a router's firewall and a PC firewall provide multiple layers of protection that a router firewall couldn't provide by itself. And unlike your home network router, a PC firewall can easily go where your computer goes. Only a PC firewall can protect your Internet-connected computer on the road.



Q: Outbound protection/filtering? Inbound protection/filtering? What is the difference? Do I really need both?

A: Filtering is the process whereby a firewall, based on rules/filters that have been created by the user, analyses the information passing through it and make a choice on whether the information at hand should be discarded, or allowed to pass through.

Inbound filtering/protection is widely-thought to be the more important of the two. This means the filtering of the information coming from the internet (outside your computer).

Outbound filtering has been debated on for ages. Some people feel that it is required, as you may have some malware installed on your computer without you realising. If it attempts to connect and tramsit information to a remote host on the internet, your firewall will inform you. If you block this transmission of data, then your private information will be divulged to no one. However, there is another school of thought. Some people believe that the key point is not to allow malware to enter your system at all, and that will rely on anti-virus, anti-spyware software, etc. So what do you think? It is entirely up to you to decide. Most commercial firewalls out in the market have both inbound and outbound protection. Windows Firewall, which is a simple firewall installed on default in Windows Service Pack 2, has only inbound protection.



Q: Stealth Mode? What is it all about? Where can I check whether my computer is fully stealthed?


A: It is important not only to block requests to reach your computer, but to also make it appear as if your computer does not even exist on the Internet. When you are connected to the Internet and your computer cannot be detected through probes to your computer, you are in what is called Stealth Mode. This will be the ultimate security buff for home/small business users. Hackers have the ability to detect if you are on the Internet by probing your machine with special data and examining the results. When you are in Stealth mode the firewall does not send this information back making it seem like you are not even connected. Due to this hackers will not continue targeting your computer as they will think you are not online.

Here is where you can check whether your computer is fully stealthed:
Shields UP!! — System Error



Q: Why are my ports not stealthed? / 0 intrusions recorded.

A: Anything that has Server rights in your firewall will be listening on the port it needs for inbound connections. If you are behind a NAT router or hardware firewall, that is the system being tested in most cases, not your software firewall. Also, using "netstat" shows what is listening on your system, but if it does not have Server rights in your firewall, then it will listen but never receive inbound connections - your firewall is doing its job.



Q: My firewall blocked thousands of intrusions and still blocking. Is someone targeting me specifically?

A: Possibly. But most of it all is just what we call internet background noise. In whatever case, you are safe with a good and trusted firewall protecting you.



Q: XXX.exe is trying to access the internet. Should I allow it?

A: If you do not recognize the filename, search the Microsoft Support site or use a search engine like Google for information on the program in order to determine what the program is and what it is used for. You can then decide to allow or deny access to this program.
When in doubt, it is prudent to deny access.




Trusted Firewalls (Click on the links below)


Webroot Desktop Firewall
Lavasoft Firewall
AVG 7.1 Plus Firewall
Agnitum Outpost Firewall
ZoneAlarm

Here are more trusted choices of firewall software:
http://www.pchelpforum.com/firewall-software/



Happy and safe surfing!