Exposing your PC directly to the Internet is like not locking your door when you leave home, and the end result is someone intentionally or unintentionally intruding into your room and swept gold and silver jewelry. How can we guarantee the safety of the system? Installing firewall software is the most commonly used measure, and often as a complementary means, the installation of hardware-based firewall is also a common measure.
And even if you are an experienced veteran, configuring firewalls is not an easy task. If you have ever abandoned the idea of installing a firewall, or whether the firewall has a comprehensive protection of the system, it does not matter, today we will resolve the mystery for you.
Opening the Merriam-Webster Dictionary (merriam-webster), "Firewall" originally meant: a wall used to block the spread of fire. In the area of information technology, firewalls are used to protect computers from harmful intrusions from the Internet. Unlike fires, the threat from the network does not just affect the computers that are nearby, and if someone uses your IP address and TCP or UDP ports, no matter how far away, your system will be hit.
Whenever you use a browser, E-mail, or download a file from an Internet site or remote server, the data is passed through one or more ports in the system. And those computer hackers, whether they spy on the system's gifted teens, wily spyware, or the Windows XP Messenger service pop up spam, have the same attack strategy--either by discovering an open port to access the system, or by tricking you into opening a port like this.
Firewalls can monitor thousands of ports-either dial-up or broadband-and it can block unauthorized access requests. Hardware-based firewalls are typically integrated into routers and gateway products, between PCs and cable or DSL modems. And the software firewall is running on top of the PC.
For hardware firewalls, they are better at protecting PC networks that are connected over broadband. More importantly, they not only have the same routing capabilities, they also act as a NAT (network address translation, net addresses translation) server that hides the IP addresses of computers in the local area network from foreign visitors.
For this reason alone, a hardware firewall is enough to be a smart choice for broadband users, even if you have only one PC. At this point you may wish to purchase a 4-port router, such as Linksys VEFSR41 or D-link di-704p, whose price is not high, about 300~400 yuan. Some products also built-in wireless access module, the price may be slightly more expensive, you can query the relevant Web site for detailed information.
The matching strategy of firewall
The hardware firewall is highly configurable: it can block all data in and out of the specified port. Therefore, planning and configuring a hardware firewall requires a lot of work. Instead, the software firewall runs on top of your PC and is relatively easy to set up and maintain. In addition to blocking illegal access through open ports, software firewalls can prevent malicious programs from sending data to remote servers (like Trojans, spyware and backdoor software written by gifted teens). If you connect to the Internet by dialing, the external hardware firewall is not necessarily your best choice, and the advantage of the software firewall is obvious. For Windows XP users, it is risky to protect PCs simply through integrated ICF (Internet Connection firewall,internet connection firewalls) within the system.
ICF is enabled by selecting the "Start" * "Control Panel" * "Network Connection", right-clicking the Internet connection that needs to be secured, selecting the "Properties" option from the shortcut menu, and entering the Advanced tab, selecting By restricting or preventing access to this computer from the Internet to protect my computer and network, click the OK button (shown in Figure 1).
While this may reduce some of the system's security pressures, this is far from enough. As set above, it is much safer than not having a firewall, but Windows XP's built-in firewall can only monitor incoming connections compared to other professional software firewalls. As a result, like back orifice, NetBus, or other backdoor programs, ICF is powerless for this type of illegal access.