Using a firewall

Why do I need a firewall and what does it do?

The Internet today is a very different from the small group of researchers and educational institutions who shared open and unlimited access in the '80s. Today the Internet faces constant attack from viruses, trojans, malicious hackers, and criminals. To combat these problems a computer should be equipped with a firewall. There are several types of firewalls but we will discuss "personal" or "host-based" types. A host-based firewall is software installed and run from a computer. The firewall's purpose is to protect that one computer or "host" on which it is running. Network data moves in two directions - inbound and outbound. Inbound data enters the computer and outbound data leaves the computer. A firewall limits or restricts the inbound connections in an attempt to prevent unauthorized access or remote exploitation of a computer. This is what built-in firewalls in Windows XP and Mac OS X do. More advanced host-based firewalls like Sygate, (provided free to faculty, staff, and students at UCSF) not only restrict inbound connections but also restrict outbound connections looking for known attack techniques and monitoring each program's access to the network. An advanced host based firewall combined with other security measures help prevent unauthorized access and the theft of personal, confidential, or Protected Health Information.  Here is more information about "personal" firewalls.

Where can I get a firewall?

There are several different host-based firewall solutions including built-in and commercial products. Sygate, for Windows operating systems, assists all users in meeting the minimum security requirements. If you don't have a Windows operating system here are firewall instructions for other operating systems:

• Mac OS X
• Linux (iptables)
• FreeBSD, Solaris, OpenBSD (ipf)

Quick Links

• Download
• Support
• Further information