I've always had an appreciation for the term "Firewall" when it comes to Internet Security.  Of course, as initially planned by those who coined the term, it conjures up an image of a very large brick wall where people are safe and sound on one side while a blazing fire rages out of control on the other.  Of course, it's a metaphor for you and your computer residing in safety, protected from the firestorm of threats - viruses, attacks, probes, hackers, etc. - running rampant on the Internet.

The concept of Internet firewalls is a little more involved than that.  It turns out, that there are two basic forms of firewalls, and working together, they can provide a very safe haven for you as you work and interact online.

The first type of firewall is a hardware firewall.  It is typically a device that occupies the space between you and the Internet.  It acts as a sort of Internet traffic cop monitoring the flow of information as you make requests over the Internet, and as the responses come back to you.  The firewall is setup to watch for specific types of traffic that can it recognizes as potentially malicious and stops it in its tracks. 

This type of firewall can be very effective in protecting you from a lot of known attacks.  It's smart enough to detect malicious activity and prevent it from ever making it to your computer where just the attempt to attack you can cause harm.

Many believe that hardware firewalls are normally setup by businesses and very serious Internet users with more know-how than the rest of us.  However, today, this is no longer the case.  If you have a high-speed Internet connection, you can bet that the device that connects you to the Internet has a built-in firewall.  If you're operating a small network, you also probably have a router with a built-in firewall.  Be sure to contact your Internet provided to see if they can assist you with taking the best advantage of this protection that you already have.

In contrast to hardware firewalls, software firewalls act very differently.  They actually reside on your computer and monitor which programs are running and what they are doing, as well as what information is being transmitted between you and the Internet.

There are a wide variety of Internet attacks that work by getting your computer to do things you don't know it's doing, and that you certainly don't want it doing.  For example, one method of attacking your computer is to install a keyboard tracker.  These programs monitor all of your keyboard activity and send that information to someone waiting on the Internet.  They're hoping to get banking passwords and things like that.  A software firewall will be able to pickup on this attack by two tell-tale signs.  First, it detects that a program wants to monitor your keyboard activity, and next, it detects that a new program is attempting to send information out over the Internet. Other Internet attacks simply highjack your email and start using your computer to send out viruses.  A software firewall will detect the unauthorized access to email and stop it in its tracks.

My preferred software firewall is ZoneAlarm from ZoneLabs.  ZoneAlarm provides a complete solution for a Personal Firewall, Anti-Virus, Anti-Spyware, Email Protection, IM Protection, and more! $39.95 for a single-user license (as a special offer if you follow this link), or for just $10.00 more, protect the entire family (up to 3 computers!)

Now you might think that having two types of firewalls is a bit much.  The truth is that they compliment each other very well.  The software firewall is able to monitor activity on your computer as it happens, but that can be a lot of work and a drain on your computer's resources if you come under heavy attack.  And since Internet hackers write programs to probe all kinds of potential weaknesses on your computer, this is actually quite common.  To prevent this, a hardware firewall watches for certain types of requests and prevents them from ever getting to your computer.  This is great at preventing a wide variety of attacks, but it can't get them all since the hardware firewall can't get as much insight since it can't see how your computer is actually going to handle the requests.

Now automated Internet defenses are critical in protecting you against Internet attacks, but your best defense is to become informed and aware.  Please stick with us here in the Internet Safety forum as we explore these topics.

Every day, I receive literally hundreds of emails trying to get me to follow links, open attachments, or take other actions that are certainly not in my best interest.  In fact, I know quite a few of them are viruses or other Internet attacks lying in wait.

Just a few moments ago, I received one with the subject line, "Make $75 per online survey".  It told me to read the attached .html file for details.

Fortunately, I have a trick for examining files like this without triggering their payloads.  Notice that my email software shows that there is an attachment called, "Full_Details.htm".  Almost all of the time, I will simply delete a message like this, but sometimes my curiosity and desire to expose things like this get the better of me.  In these cases, I right-click on the attachment and save the file on my desktop.  Note that you must be careful.  This is almost certainly a virus, and doing anything other than deleting it carries a risk.

Once I have the file saved on my desktop, I take special care to open it with a program where I can control the contents.  DO NOT OPEN SUCH A FILE WITH YOUR BROWSER!  I will right-click on the file and select to open it with something like notepad.  Notepad will not attempt to execute the file in any way, and all I can see is the source. 

When I did that with this file, I saw a very cryptic block of Javascript that was clearly encoded in such a way as to attempt to avoid detection by out-of-date security measures.  It even went so far as to encode a message telling you that you needed to take actions that would circumvent your security measures if they did protect you from the threat.

Now, neither you nor I need to analyze attachments like this.  First, it carries a risk.  Second, unless you potentially need to see the file, there's no benefit to taking the risk.  Third, you have to be able to recognize threats once you do go this far.  And fourth, unless your job is to assess Internet threats, you just plain ol' shouldn't take the risk.

Bottom line:  If you get an attachment from an untrusted source, delete the email.  Additionally, if you did get it from a trusted source, consider the fact that it's not what it appears to be.  Perhaps someone "spoofed" the email address to appear as if it came from someone you know, or perhaps that person was infected with this virus and now their computer is attempting to attack you.

And one final tip.  When I was done taking these risk, I would click on the files in my mail and on my desktop, hold down the shift key, and press the delete key.  This extra step immediately deletes the file/email without sending it to the trash bin for potential recovery.

For reference, I'm running Windows Vista and Office 2007.

It's staggering how many different Internet threats exist.  As part of our effort to help you become informed and to learn how to protect yourself from these threats, we are launching a series of articles targeted as helping you to understand and protect yourself from these threats.

In this article, we will start with a list the types of threats that we have found.  We extend a special thanks to McAfee for their online Virus Glossary, and C|Net's Glossary of Internet Security Terms, which we found to be a great starting point for identifying these terms.  We've also added a few of our own, which while they may not be standard terms, we will be using as a launching point for future articles designed to educate and protect you.

• Anti Anti-Virus Virus:  This has got to me my favorite if not just for its name.  This is a virus that attacks anti-virus software.
• Back Door/Trap Door:  This is a generally a secret password left in software by the programmer, which can pose a security risk if found by hackers.
• Brute-Force Attack: This is when an attacker just keeps hitting away at an account or computer in an attempt to find a password to gain access.
• Denial-of-Service Attack:  This is when an attacker continuously sends request to a server, or exploits known vulnerabilities to cause a server to stop answering legitimate requests.
• Drive-by: This is when an attacker causes a program to be installed on your computer without your knowledge.
• Drive-by Network Hijacking: Yes, we made up the term, but not the threat.  This is when a hacker accesses your wireless network, sometimes by driving near your home with a laptop in their car.
• Fram:  This was a new one for me.  This is when a friend or family member forwards spam to you.
• Keylogger: This is a program that monitors your keyboard activity, often sending it to another computer for analysis in hopes of stealing passwords or other private information.
• Password Attacks: These include all sorts of ways hackers attempt to steal passwords.
• Shoulder Surfing: Somewhat low-tech, this is when someone attempts to watch you using your computer in hopes at seeing sensitive information.
• Sniffing: This is when an attacker monitors Internet traffic in hopes of intercepting passwords or sensitive information.
• Peer-to-Peer (P2P): This is a way for multiple computers to share information. P2P itself is not so much a threat as it is a way for copyrighted information to be shared, and also for viruses to be transmitted to your computer.
• Pharming: This is a way for hackers to take your legitimate Internet requests and reroute them to their own servers in hopes to steal your information.
• Phishing: This is when hackers attempt to trick you into providing passwords and other information.  Typically this is in the form of email that tells you to go to a legitimate-sounding web site, but it can take place pretty much anyway someone might communicate with you.
• Port Scan: This is when a hacker programmatically scans your computer's network protocols to locate potential targets for attacking.
• Social Engineering: This is when attackers drop the technical approach, and work to gain your trust to get you to divulge sensitive information or take actions that can open your computer to attacks.  This is a particularly effective method of attack.
• Spoofs: This is when attackers try to disguise themselves as legitimate or known sources to you.  For example, they might send malicious email appearing to be from a known and trusted friend.
• Spyware: This is a pretty generic terms for programs and viruses that watch your computer activity, often triggering pop-up advertisements, or even stealing your information.
• Trojans, or Trojan Horses: These are malicious programs that appear not to be malicious.  Common forms include screen savers and games.  These programs typically perform the function you expect, and then a little more that you don't.
• Viruses: These are programs that "infect" your computer by altering the programs or memory.  They are able to run without your knowledge, and they spread to other computers automatically.
• Worms: These are a type of virus that instead of altering programs or memory, they simply replicate themselves where ever possible.
• Zombie: A fun term, but a serious problem.  This is when your computer is no longer under your control, but rather being controlled by a unknown hacker.  Zombies are often used to launch Internet attacks leaving the hacker free from detection.

Wow!  As you can see, there are a wide variety of threats on the Internet.  Fortunately, with a little knowledge and diligence, we can all keep ourselves protected.  Be sure to watch for our upcoming articles where we will visit these threats in more detail.

Please join in our discussion about this post.