A traffic cop to safeguard information
By Ian J. Alexander, MD, FRCS(C)
At its most basic level, a firewall is a traffic cop. Firewalls sit between two networks and inspect each piece of information that attempts to move between them. Depending on a firewalls configuration, it will then accept or reject each piece of information. For example, an orthopaedic surgeon who wants to review patient information from a home computer would be given access. However, an unknown third party who attempts to view the same information would be rejected.
While a firewall can separate any two-computer networks, most often it is used to protect an internal network from the publics access on the Internet. Which begs the question: "What do I need to be protected from?"
You need to be protected from "hackers," unknowns who want to get into your network and steal or corrupt information. While this is real threat, a more frequent cause for concern is an Internet worm or virus that causes loss of data or affects network availability.
Types of firewalls
As the need for network security has increased, so has the number of offerings from firewall vendors. There are three broad categories for firewalls:
Software-based firewalls: They are typically installed on a single computer connected directly to the Internet. These firewalls inform you when your computer is attempting to connect to the outside network and allows you to manually accept or reject the connection. For more information, visit Web sites:
Networking hardware with firewall features: Cable and Digital Subscriber Line (DSL) routersa technology for bringing high-bandwidth information to homes and small businesses over copper telephone linesare sold at consumer electronic stores and have built-in firewall features. They protect any computer that runs through the DSL. They are designed for use in small networks with simple network settings. For more information, visit Web sites:
Dedicated hardware firewalls: They are built specifically to handle very large amounts of network traffic. These systems need to be installed by a computer network professional. Dedicated hardware-based firewalls can handle higher amounts of traffic and provide more features. For more information, visit Web sites:
More features and options
There are endless numbers of additional firewall features and options. A relatively new trend is pairing a hardware-based firewall with managed services provided by the hardware vendor. For example, some firewall manufacturers now offer the ability to filter incoming network traffic for viruses, to remotely monitor the firewall for potential attacks on your network, to assist in spam (bulk e-mail) filtering and to act as a content filter, blocking sites of questionable intent from being viewed internally. These services typically are billed monthly, in addition to the upfront cost of the device itself.
One of the key security features of a firewall is a service called Network Address Translation (NAT) that helps to obscure the number and types of computers behind your network. Its useful because it forces all network traffic to run through the firewalls rulesinstead of just going to each computer individually. NAT functionality is frequently bundled with hardware firewall devices.
Testing your configuration
Once your firewall is in place, it is a good idea to test it. Internally you can run a free Web-based scanner like "Shields Up!" that is available from Web site http://grc.com/intro.htm. These scanners will determine what network you are coming from and determine if any security holes exist. While it is not an exhaustive search, it is a good general indication of your systems vulnerability.
A better option is to run a full vulnerability test against your network from an outside connection. Many companies have produced software specifically designed to test the firewall and your networks security. These programs methodically test every port on your firewall to see if a connection is possible.
How to start
In todays network climate, having a firewall is mandatory to safely manage Internet traffic. With the wide variety and availability of firewalls, appropriate solutions exist for most settings.
If youre unsure about how to choose a firewall for your practice or home network or which one to purchase, its a good idea to consult an information technology professional for assistance.
Ian J. Alexander, MD, FRCS(C), is an orthopaedic surgeon and president of Aristar Inc., an Ohio software company that develops handheld computer applications for orthopaedic surgeons. He can be reached at (330) 668-2267 or via e-mail at email@example.com.
Computer Link welcomes suggestions about future topics for the column and questions about the use of computers in orthopaedic practice. Send your suggestions to the Bulletin at AAOS, 6300 N. River Rd., Rosemont, Ill. 60018.