Subtitle: Your network should have a doorman, and the firewall is it.

There are two basic types of firewalls, software and hardware. The primary difference is that a software firewall runs as software on the computer it is protecting. A hardware firewall exists as a separate piece of hardware that sits between the 'outside' and the system or systems it is protecting.

For a simple home setup, high-speed internet and a single computer for example, I recommend having both. The hardware firewall will intercept and drop the majority, if not all, of the invalid entries to your computer. This will keep the activity of your software firewall to a minimum, allowing your computer to spend it's time doing something you find productive. The software firewall, which is not likely to be of the same design as the hardware firewall, acts as a second layer of defense, picking off what the hardware firewall isn't designed to.

The good news is most modern operating systems now include a software firewall. It's free, and allowing ligitimate traffic through when you add services to your network is often automatic. Third party software firewalls may not be as automatic, but there may be features that make it worthwhile to get. Features of software firewall is really a different article.

Hardware firewalls can come in a number of forms.

When you purchase a consumer router, you typically are getting three different network devices in one. A firewall, a router, and a switch. One low cost (typically under $100); one low power device (typically up to twelve volts DC and two amps or less for twenty-four watts or less).

The majority of internet service providers out there will include only one external IP address in the basic service they provide. This is where routing comes in. Including routing in the same box as does the firewalling adds only a little overhead, as it has to process the packets that come in or go out anyways. Routing when you only have one external IP address involves Network Address Translation (NAT). Big technical words. NAT works like adding a name to the address on a piece of standard mail. The post office knows where your address is, but has no idea who is living there.

An ethernet switch allows multiple ethernet devices (computers, printers, etc) to connect with out having to have a wire running from each device to each of the other devices.

Commercial firewalls are usually standalone devices that just keep the outside out, and inside in. Commercial firewalls are also processing allot more traffic than your average consumer box.

It is also possible to repurpose an older computer system as a firewall. There are a number of bootable CDs and even bootable floppies that run Unix style operating systems such as Linux, NetBSD, FreeBSD, and OpenBSD. With varying levels of knowledge, it is also possible to take a default installation of one of these operating systems and roll your own hardware firewall.

On a network of two or more computers the software firewall between each computer and your network is not just added protection between the computer and the internet. Malicious software (of the virus, worm, spyware, or adware varieties) have a number of ways of spreading from computer to computer. If the malicious software (malware) is downloaded from a web site using a pathway you have to open up between your firewalls and the outside world, obviously it's going to get onto your system. Once the malware is on a system, it may still try and spread to other computers on your network using more indirect methods. The software firewall can protect against this kind of spread. Properly configured, both the hardware and software firewalls can prevent malware from sending information back to the internet you don't want to get there.

Software firewalls are often included as part of a suite of security software, this may include anti spyware, anti virus, anti spam, and privacy protection software. These are the security patrol and house keeper to the door man that is the firewall.

Add Comments

Vote

[ Link ]

July 17th 2009 @ 21:22

Posted By: Annie Mor - Category: No Category

Email this Post to a Friend

Mor, on Disaster Planning

Subtitle: When, not if, and putting your head in the sand is not a plan.

Disaster Planning can be a scary thing. One security expert's personal website has an essay on it that is quite good from a business perspective.

Reading it from a personal point of view is also valuable. The title of the article has an excellent point; that being, pick an appropriate disaster.

For home computer users, a reasonable disaster is your computers being stolen, removed, or destroyed. Basically, you lose access to your computers.

Disaster planning is not just making a plan for what you are going to do once a disaster happens, it's also what you will continue to do so that when the disaster happens, you lose as little as possible.

When you lose access to your computers, you lose more than just equipment. It has taken you a while to adjust your computer's environment so it works well for you. Those pictures from your wedding, or your child's baby pictures are also lost if you store them on your computer. Something’s can't be replaced.

Backing up your computer, either settings and documents, or a way to restore the computer to new hardware, is part of the solution. If your backup is on another computer in your house and all the electronics in the home get stolen, you can't recover from that backup.

Copying the backup to media that you keep at a friend or family member’s home helps you recover when you lose all your electronics. Backing up to an online storage system is another option; the advantages and disadvantages of which is another article. A good fireproof safe that is rated to keep computer media like CDs, DVDs, and removable or external hard drives safe has its advantages also.

Storing your backup off site (the site being your home) is best because if you find you can’t access your computers because your access to your house has been denied, a backup at home will be as useful as a backup that was in a computer stolen by a thief.

Some of the items I have touched on here I will come back to in later posts.

Add Comments

Vote

[ Link ]

June 25th 2009 @ 20:41

Posted By: Annie Mor - Category: No Category

Email this Post to a Friend

Mor, on RAID

Subtitle: RAID keeps your system running when a drive stops spinning.

So, you just picked up a brand new computer and it proudly said it has RAID. Now what?

RAID is the acronym for Redundant Array of Independent Disks. The creators of RAID, David A. Patterson, Garth A. Gibson and Randy Katz, used the word Inexpensive instead of Independent when they described the idea in their document. What Patterson, Gibson and Katz (PGK) were saying in the document was that if you strung together a few small, off the consumer shelf drives together, in the proper way, you could get the space and reliability of a larger, more expensive drive sold as enterprise or server equipment.

That proper way was either to store mirror copies of a 'disk' on two real disks (this is RAID 1,) or keep enough extra information about what was written on your 'disk' on three or more real disks so that if one of your real disks die, you can recreate what was on it from the hints from the other drives (this is RAID 2 to 5.)

There have been further enhancements of RAID since 1988. Go figure. Just like with everything else, the only constant in computers is change. Hot Spare, Stripped Hot Spare, RAID 0, RAID 6 and RAID stacking pretty much covers the names of the improvements.

RAID 0, strictly speaking, isn't even really a RAID level. The first letter of RAID stands for Redundant, and RAID 0 isn't redundant. RAID 0 stripes your data across two drives. This has advantages, however, reads and writes can be fast because the information can go to and from the disks over two paths, instead of just one.

RAID 0 does have a place in a RAID system however; it can be used together with the real RAID levels to create RAID 10, 50, 60, and possibly more. This allows for the final array of disks to perform faster, which is a good thing; because other than RAID 0, RAID levels usually cause the array to be slower than a single disk (called by some SLED for Single Large Expensive Disk.) The performance decrease usually comes from having to update multiple drives whenever you write information out.

RAID 6 came as a realization that RAID 5 was keeping its notes to rebuild a failed drive in a way that was a simplified case of a complex mathematics theorem (Wikipedia explains it and has further reference for the math geeks in the audience.) The big thing about RAID 6 from a user’s point of view is it can have two drives die and still keep on working. Hard drives have gotten huge. The bigger the parts of your RAID, the longer it takes for a replacement of a dead drive to be rebuilt from the hints on the other drives. While the replacement is being rebuilt, your RAID will fall over completely dead if any more drives die. RAID 6 makes this less likely, because two drives would have to fail.

A Hot Spare, striped or not, sits in your array waiting for a drive to fail so that the RAID system can start rebuilding the array immediately, and not wait until you find out that a drive has failed, possibly buy a replacement, and put it in place of the dead drive (which may include shutting down the system.) This reduces the time you are vulnerable to further failures.

Striping a hot spare into your array helps in a similar way to how rotating the hints so that no one drive has all the hints on it helps RAID 5. When updating the hints on RAID 2, 3, 4, writes to two different drives will require updating the hints on the hint drive twice. If you have the ability to talk to multiple drives at the same time, you can be updating the hint stripe on two different drives from writes to two data stripes on another two different drives. Rebuilding to a striped hot spare works in a similar fashion, the rebuild doesn't have to proceed from the top to the bottom of the replacement drive.

Do you want RAID? Maybe, big consumer drives are becoming bigger and bigger and less and less expensive (see Moore's Law.) A one terabyte hard drive can be purchased for $100 or less.

I figure RAID makes sense in a couple of ways. If you collect computers like I do, you can combine lots of smaller older drives into a larger more robust drive. If you have a lot large files, you can make a bigger drive than you can currently purchase. RAID can keep your computer up and running if one drive of an array dies.

Add Comments

Vote

[ Link ]

June 19th 2009 @ 19:42

Posted By: Annie Mor - Category: No Category

Email this Post to a Friend

July 2009

1 Posts

June 2009

2 Posts

Older Posts

3 Posts dating from June 2009

Email Subscription