Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

A Rookie's Guide to Defensive Blocks: Page 4 of 7

• Stateful devices: Monitor all details of sessions in which they are involved. For example, a stateful firewall goes beyond examining an individual packet's header and looks at the entire TCP session.

There are Trojans whose sole purpose is to capture keystrokes and e-mail them to attackers or broadcast them to IRC channels. Not all Trojan traffic waits for incoming connections either--some initiate contact with an outside host, even using normal traffic such as HTTP. One advantage of personal firewalls here is that they can look at which application is sending the data, and the better products let you set access rules based not only on ports but on applications. You can, for example, let only Microsoft Internet Explorer and Netscape send data through Port 80. Remember, though, that personal firewalls cannot remove Trojans, and viruses are still a threat, so you need to run antivirus software as well (see "How Trojan Viruses Work: A New Wrinkle").

Halt! Who Goes There?

Say you have a public Web server connected directly to your LAN, and incoming connections are blocked to all machines except the Web server. Sounds good--unless someone takes advantage of an exploit on the server. The attacker then has access to your LAN.