Why having a home firewall isn’t enough security.
By Mike Ellis.
Having a firewall for your computer, as discussed in my post on the security settings you need enabled on your computer, is a must for any computer system. However, while having a home firewall is good, it’s not enough security. Today, I’m going to explain in greater detail why this is the case.
In normal firewall operations, if someone outside of your network attempts to make a connection to you, that traffic is blocked by the firewall. That is one of the main purposes of the firewall, to prevent unauthorized access to your computers. I can go into great detail other aspects of the firewall, and talk about the DMZ and what that means, but in this case, I’m going to just leave it at this. So, unauthorized user outside of our network attempts to connect to your computer, and the firewall blocks it. So far, so good.
However, what happens when you want to make a connection to something outside of your network? What, you say, you don’t make connections to other computers? Well, here are some that you may make many times a day without even thinking about it:
The key to this list is that each of those services that you and your computer makes each day is to a server, or, in all actuality, a series of servers, all located all over the web. So yes, you make connections to other computers all day long, perhaps without even realizing it.
There is actually nothing wrong with that at all, the point is to gather data, whether it be in the form of that email you are waiting on, or to see what status update your significant other left, or to see what the price is for that new game is. The difficulty, though, lies in this one little fact:
When you connect to a website, you actually download content from the website into your computer.
I hope I’m not making you feel foolish for writing it this way. If I am, please accept my apologies, for that is not my intention. In my experience, though, there are a lot of people who just don’t realize what actually happens when they go to a website. So, when you do access a website, your firewall isn’t going to stop you because it’s default behavior is to allow that traffic, so when you connect, you download content into your computer for viewing. If that content, i.e., that website, is compromised, then you could be bringing into your computer a virus, spyware, trojan horse, keystroke logger, etc., without you even realizing it. Just like that, your computer, your network, even, is compromised — unless you have good, reliable anti-virus software that can detect the malware.
So, if that’s the case, how do I prevent my computer from being compromised? Well, first of all, you need to have a defense-in-depth strategy in place concerning your computer. You need to have your firewall, you need to have current and reliable anti-virus software, you need to keep your computer updated, and you need to keep your User Account Control settings enabled. The key here is that one of these things may not stop the compromise, but combined together, they might just do the trick.
Another thing you need to have is someone who’s got your back, someone who will take time to explain what is happening, why it is happening, how they are going to clean it up, and how they are going to prevent it from happening in the future. My company, Tech Solutions NC, is able to be that resource. Do you need support? Reach out to me by phone at 919-606-6725, email at firstname.lastname@example.org, or by leaving a comment on this post.
The internet is a useful tool, and there are a lot of good things about the internet. The key to using it, though, is to safeguard your computer and yourself from the things that lurk in the shadows. That’s my goal — to help you safely navigate the waters of the internet without harm.