DragonWall

Internet Firewall Service Frequently Asked Questions (FAQ)

What is an internet firewall?
Why is it called a "firewall"?
I only have one computer. Do I need a firewall?
Why are internet firewalls suddenly getting so much attention?
Inexpensive firewall software is available for my PC. Does it work?
Does DragonWall.net offer firewall software?
How does firewall software compare to a "dedicated" firewall?
What kinds of computers on my network will be protected?
How does a firewall keep out intruders?
How does a firewall let several computers share one internet connection?
What equipment is needed for a small network?
If I use a dial-up modem to connect my firewall to the internet, how does the phone number get dialed?
What is a "firewall service?"
Does DragonWall sell internet access?
What if I have more than one internet IP address?
What is the process of acquiring and installing a DragonWall firewall?

 


What is an internet firewall?
 Simply put, a firewall lets users on a network go out and get information, but it prevents people on the internet from coming in and taking information. The internet is designed to allow people to share information and resources. Connecting to the internet can open your computers to access by overly curious or malicious individuals. On the other hand there are a host of good reasons for connecting to the internet. A properly configured internet firewall will protect your computers from intrusion.


Why is it called a "firewall"?
The term "firewall" is a metaphor for the firewalls used in building and automotive construction. In construction, a firewall is used to keep fire from spreading. Thus occupants in a car are protected from a fire in the engine by an automotive firewall. Apartment buildings may have firewalls between apartments. Commercial buildings are designed with fire zones separated by firewalls. Similarly, an internet firewall protects the computers on your network from whatever goes on outside your firewall. Given that it opens to let in desired traffic and closes to keep out undesired traffic the term "fire-door" might be more appropriate. Nevertheless, the term "firewall" has caught on.


I only have one computer. Do I need a firewall?
 Probably not. If your computer operating system is configured to not "share" resources you are reasonably safe from intrusion. One case where a single computer should have a firewall is a laptop that is used on a network during the day then connected to the internet at home in the evening or weekend. The home should have a firewall so that the same network configuration can be used by the laptop at either place.


Why are internet firewalls suddenly getting so much attention?
 Two factors have caused the attention. Firstly, the media has widely reported the business effects of some computer hacker assaults on major web sites. Secondly, and more importantly, the advent of cheap, high-bandwidth, full-time internet access via DSL and cable modem has changed the landscape. In the days when most access was by dial-up phone lines a hacker had little chance of going after a site because connection was for a limited time and at a constantly changing internet address. The constant connections of DSL, leased lines, and cable modems give hackers more opportunity to penetrate.


Inexpensive firewall software is available for my PC. Does it work?
Mostly. For software-based firewalls to adequately protect a network, all of the following must be true.

  • The software must be properly installed and configured.
  • Improperly configured software can leave gaping holes for an intruder to exploit.
  • The computer running the software must be always available when someone on the network wants internet access. If the computer is turned off, has crashed or frozen, or run out of memory, then the internet will not be accessible.
  • The firewall software must be running. Unfortunately, users will sometimes cancel jobs they do not recognize or which they suspect of slowing their computer or which have quit responding.
  • Security updates from the vendor must be promptly installed.
  • The software must be matched to the PCs chip architecture and operating system.
  • No conflicting software must be installed on the PC.


    Does DragonWall.net offer firewall software?
     No. We believe in the "Plug It In, Turn It On, Forget It" approach to internet security. This demands a dedicated device that does what it does without interference from other programs or hardware devices.


    How does firewall software compare to a "dedicated" firewall?
     A dedicated internet firewall is called a "firewall appliance". The notion of an appliance is that it performs a limited function efficiently and reliably, similar to kitchen appliances. Other network "appliances" have other functions such as serving up web pages, handling e-mail, processing faxes, or responding to database queries. Bigger organizations tend to have more network appliances than small companies because they have the scale to justify single function appliances. An internet firewall is typically the first appliance put on a network.

    An analogy to household items is apt. A PC is like a machine that makes toast, washes clothes, vacuums carpets, strengths your abdominal muscles, and cooks hamburgers while draining out all the grease. Extra attachments will let it wash cars and change TV channels. All these features and capabilities are amazing yet make the product complicated and often unreliable. If the price is reasonable, most of us prefer to have a toaster to make toast and a vacuum cleaner to vacuum carpets.

    When computers were extremely expensive it made sense to load them up with functions to be economically justified. Most people don't recall that the Ford Model T had initial success because its motor was designed to run farm machinery. Now that computers are cheap enough to show up in five-dollar wristwatches, loading have-to-be-there-and-working applications onto PCs makes sense only to the most budget conscious. For the rest of us, the PC that does word processing, spreadsheets and prints checks need not control the office air conditioning. At DragonWall.net, we believe the internet firewall function is important enough to justify a "dedicated" appliance.


    What kinds of computers on my network will be protected?
     The internet firewall is a "transparent" device. It does not care what computer or operating system you use on your network. You can have any combination of Microsoft Windows, Apple Macintosh, Novell, Linux, BeOS, or UNIX computers. Each computer must have a network interface card to connect it to your network and software that supports TCP/IP protocols.


    How does a firewall keep out intruders?
     Information flows over networks in "packets". Packets are groups of characters sent from one device to another. Each packet has the "address" of the machine it is intended for and the address of the originating computer. Special computers, called routers, pass the packets from the originating computer to the destination computer. When a destination computer sees a packet with its address, it opens to packet to get the characters or bytes. The trouble is, any computer can send packets to any computer on the internet. Hackers take advantage of this to hack into computers. The firewall sets itself up as a visible location on the internet. The computers on your network are not visible from the internet. When one of your computers asks for something from the internet, the firewall changes the originating computer address in the packets to its own address. When the response comes back to the firewall via the internet, it examines the packet then forwards it on to your computer. If a packet comes from a computer you did not request anything from, the firewall will throw the packet away, thus protecting your computers from its contents. If you choose, the firewall can also inform you of the thrown away packet.


    How does a firewall let several computers share one internet connection?
     The firewall shows up as a single address on the internet. The internet service provider (ISP) whom you pay for internet service (dial-up, DSL, ISDN, cable, or leased) takes the packets (see prior question) and passes them on to the internet. The ISP also identifies packets intended for your firewall and passes them on to you. All packets for your network are addressed (see prior question) to the firewall. The firewall sorts out which of your computers is to receive each packet. Since the computers behind the firewall (on your network) are not visible (see prior question) to the internet, the ISP does not know whether you have one or many.


    What equipment is needed for a small network?

  • A small office or home network must have network compatible computers, that is they must have network interface connectors (typically modular phone jack type with eight wires), and network compatible operating systems (most are).
  • A network hub is needed to connect the computers together.
  • Appropriate cables connect the network hub to the firewall and to the computers. The most common configurations use "Category 5" cabling.
  • The network firewall.
  • The modem or interface that connects you to the internet service provider (ISP). This can be a cable modem, a DSL modem, an ISDN modem, a dial-up modem, or a leased line interface. It must be an external modem (separate box), not an internal modem (card that goes into a PC).
  • A cable connecting the network firewall to the modem.
  • A cable connecting the modem to the cable TV or the telephone line.
    We provide diagrams to help you visualize the connections.


    If I use a dial-up modem to connect my firewall to the internet, how does the phone number get dialed?
     When one of the computers on your network wants to access the internet, the firewall dials the modem and logs onto the internet. When there has been no activity for a while, the firewall hangs up the modem.


    What is a "firewall service?"
    DragonWall works with you to select the appropriate feature set for the firewall. DragonWall configures the firewall to meet your requirements. You are relieved of all technical issues. The firewall is tested to ensure it is properly configured. Passwords are encoded on the firewall to ensure that protection is not overridden. DragonWall assists with integrating the firewall onto the new or existing network. Finally, DragonWall provides on-going technical support for the firewall. This includes keeping you informed of new security threats that may affect your network.


    Does DragonWall sell internet access?
     No, we will work with whatever carrier (e.g. telephone company, leased line provider, or cable TV company) you have selected. We will also work with whatever Internet Service Provider (ISP) you have selected. If you do not have internet service we can handle the technical arrangements.


    What if I have more than one internet IP address?
    In order to have complete protection for your network, each IP address connected to the network MUST have a firewall.


    What is the process of acquiring and installing a DragonWall firewall?

  • We ask you a series of questions about your network or proposed network.
  • We offer suggestions for those who are designing a network.
  • We ask you what features you want from your firewall. Each feature is explained in non-technical terms.
  • We ask about your carrier and ISP, mostly what information they have given you about your account.
  • We make sure you have an appropriate modem from your carrier.
  • You arrange payment.
  • We configure and ship your firewall.
  • We follow up to ensure the firewall integrates properly with your network.