44. Make sure firewall can keep
hackers out
By Mark Alberstat
Having a firewall on your PC or Mac these days should be as common as a
word processor or modem.
Although Windows XP has a built-in firewall, and the latest service pack
beefs it up, critics still suggest you run another one, such as ZoneAlarm.
If you are running a Mac with OS X, however, you are in luck as that
bundled-in firewall is top-notch.
Mac's firewall is called IPFW and is cribbed from Darwin, the FreeBSD
version of Unix. This is a good thing as this firewall has been out in the
wild for years and has been working well in helping keep many of the
Internet's important nodes up and running.
What many Mac users don't know, however, is that, as shipped, the firewall
is not enabled. The thought behind this is that not all Macs will be on
the Internet. If you are cruising the Net with your Mac, enable this
software through the system preferences pane.
Mac users who know about IPFW and use it often complain about its
non-user-friendly interface, something that may be corrected in a future
release. You can attempt to configure IPFW yourself, but oftentimes, a
poorly configured firewall is worse than having no firewall at all, and OS
X comes pretty secure out of the box to start with. If you don't want to
wait for the next release of the OS, BrickHouse has an interface that is
often recommended and is easy to install and use. Although this software
is shareware, the author does ask for a $25 donation. Like all shareware,
you are on the honour system. But if you consider that this software could
save you hundreds of dollars in headaches, grief and repair time, the
small donation may be well worth it.
With BrickHouse, you walk through a series of steps or choices to set up
the firewall. Most recommend blocking all incoming and outgoing traffic
except for HTTP (the service which allows in websites) and FTP for file
transfer. Once established, these rules are saved and can be run each time
you boot up your machine.
After you have your firewall configured the way you want, testing it -
whether you are using a Mac or a PC - is as easy as pointing your browser
to ShieldsUp, a free service found at www.grc.com.
This site will scan your system for open ports and give you back a
"passed" or "failed" grade.
Whether you are on a Mac or PC, no firewall is 100 per cent secure, and
the more blocks you put up around your machine the more of a challenge
some hackers believe it is to get in.
Keep your firewall up to date with new releases of the software and always
have your virus scanner running and up to date as well.
The following are a few related links:
www.grc.com for firewall testing.
www.securemac.com/brickhouse.php
The Mousepad runs every two weeks. It's a service of Chebucto Community
Net, a community-owned Internet provider. If you have a question about
computing, email mousepad@chebucto.ns.ca. If we use your question in
a column, we'll send you a free mousepad.
Originally published 10 October 2004
