June 2003 Bulletin

Firewalls keep away hackers

A traffic cop to safeguard information

By Ian J. Alexander, MD, FRCS(C)

At its most basic level, a firewall is a traffic cop. Firewalls sit between two networks and inspect each piece of information that attempts to move between them. Depending on a firewall’s configuration, it will then accept or reject each piece of information. For example, an orthopaedic surgeon who wants to review patient information from a home computer would be given access. However, an unknown third party who attempts to view the same information would be rejected.

While a firewall can separate any two-computer networks, most often it is used to protect an internal network from the public’s access on the Internet. Which begs the question: "What do I need to be protected from?"

You need to be protected from "hackers," unknowns who want to get into your network and steal or corrupt information. While this is real threat, a more frequent cause for concern is an Internet worm or virus that causes loss of data or affects network availability.

Types of firewalls

As the need for network security has increased, so has the number of offerings from firewall vendors. There are three broad categories for firewalls:

Software-based firewalls: They are typically installed on a single computer connected directly to the Internet. These firewalls inform you when your computer is attempting to connect to the outside network and allows you to manually accept or reject the connection. For more information, visit Web sites:

http://www.zonealarm.com,

http://www.Symantec.com or

http://www.iss.net.

Networking hardware with firewall features: Cable and Digital Subscriber Line (DSL) routers–a technology for bringing high-bandwidth information to homes and small businesses over copper telephone lines–are sold at consumer electronic stores and have built-in firewall features. They protect any computer that runs through the DSL. They are designed for use in small networks with simple network settings. For more information, visit Web sites:

http://www.linksys.com or

http://www.dlink.com.

Dedicated hardware firewalls: They are built specifically to handle very large amounts of network traffic. These systems need to be installed by a computer network professional. Dedicated hardware-based firewalls can handle higher amounts of traffic and provide more features. For more information, visit Web sites:

http://www.cisco.com or

http://www.sonicwall.com.

More features and options

There are endless numbers of additional firewall features and options. A relatively new trend is pairing a hardware-based firewall with managed services provided by the hardware vendor. For example, some firewall manufacturers now offer the ability to filter incoming network traffic for viruses, to remotely monitor the firewall for potential attacks on your network, to assist in spam (bulk e-mail) filtering and to act as a content filter, blocking sites of questionable intent from being viewed internally. These services typically are billed monthly, in addition to the upfront cost of the device itself.

Security features

One of the key security features of a firewall is a service called Network Address Translation (NAT) that helps to obscure the number and types of computers behind your network. It’s useful because it forces all network traffic to run through the firewall’s rules–instead of just going to each computer individually. NAT functionality is frequently bundled with hardware firewall devices.

Testing your configuration

Once your firewall is in place, it is a good idea to test it. Internally you can run a free Web-based scanner like "Shields Up!" that is available from Web site http://grc.com/intro.htm. These scanners will determine what network you are coming from and determine if any security holes exist. While it is not an exhaustive search, it is a good general indication of your system’s vulnerability.

A better option is to run a full vulnerability test against your network from an outside connection. Many companies have produced software specifically designed to test the firewall and your network’s security. These programs methodically test every port on your firewall to see if a connection is possible.

How to start

In today’s network climate, having a firewall is mandatory to safely manage Internet traffic. With the wide variety and availability of firewalls, appropriate solutions exist for most settings.

If you’re unsure about how to choose a firewall for your practice or home network or which one to purchase, it’s a good idea to consult an information technology professional for assistance.

Ian J. Alexander, MD, FRCS(C), is an orthopaedic surgeon and president of Aristar Inc., an Ohio software company that develops handheld computer applications for orthopaedic surgeons. He can be reached at (330) 668-2267 or via e-mail at ija@aristar.com.

Computer Link welcomes suggestions about future topics for the column and questions about the use of computers in orthopaedic practice. Send your suggestions to the Bulletin at AAOS, 6300 N. River Rd., Rosemont, Ill. 60018.


Home Previous Page