cFos' firewall analyzes incoming and outgoing packets, blocking potentially dangerous ones. Thus, it can shield you from a some basic security risks encountered in today's network environment, but it is no substitute for "real" firewall software like Zonelabs' Zonealarm, Agnitum Output, Kerio Personal Firewall, Symantec's Nortan Personal Firewall, to name a few.
cFos checks your PPP data transfer and blocks all packets using an unknown protocol type (i.e., everything that's not IP or VJ-compressed TCP/IP). What's more, cFos also screens your IP traffic for ICMP messages, which can may prove dangerous in a number of ways. External PING packets, for instance, can be employed in so-called Denial-of-Service (DoS) attacks under ADSL. In addition, all TCP & UDP packets sent to or from certain ports are blocked. The exact port numbers can be viewed and modified in SETTINGS.INI. Look for the lines with "-tcp-dport" and "-udp-dport" in them.
If there is an unauthorized access attempt, you will be alerted to it by a red shield flashing on the bottom left of the cFos status display.
Arguably, every firewall's primary task is to close all NetBIOS ports, which provide the "bad guys" with a virtual "barn door" through which they can access your shared files and directories. Those ports are numbered 137-139. Ports 135 and 445 are blocked, too, which are used by a multitude of intrusions.
Therefore, if you're not running a server that needs to be accessible from the Internet, the default settings are a good choice. If you do run such a server, it should still be ok. If not, you can adjust the firewall to your needs or you can switch to a full-featured firewall product.
More technical background on the cFos Firewall Experience shows you should expect the first port scans from potential attackers seeking to take a look at your computer after spending just minutes online. This holds almost equally true for ADSL and ISDN even if you are taking full advantage of having your IP address dynamically assigned. There are simply too many programs available on the Net that are designed to scan computers online for potential security gaps.
To complicate matters further, each operating system comes with its own bag of security gaps:
For instance, NetBIOS ports present one big problem under Windows 9x/ME and NT/2000/XP, as attackers can not only use NetBIOS to check user and computer names but also to find out if file sharing has been activated. If that is the case, certain programs can be used to try all standard passwords within a matter of seconds (especially on ADSL). Chances of gaining access to local directories in this fashion are in fact so high that security experts refer to NetBIOS ports as a "barn door." But the default setting of the cFos Firewall bars access to these ports.
Another major risk when using ADSL arises from the fact that data can be downloaded faster from the Net than a local computer can send it back (i.e., upload). This transfer-rate differential can be abused to launch so-called Denial-of-Service attacks by preventing a local computer from returning echo requests (wake-up packets), which Telekom broadband nodes require to maintain a connection. This will eventually result in complete connection breakdown. For this reason, cFos blocks all potentially dangerous ICMP packets.
On top of that, the firewall continues to keep track of the TCP connection status, thereby allowing cFos to perform dynamic "port stealthing." This means that if someone was trying to connect to your computer, but the targeted port was not in listen mode, the remote party would not receive an RST segment. In other words, the attacker would not even know your computer existed. Only if the targeted port was in listen mode (e.g., because you are running a Net server), would such incoming connections be accepted and reciprocated.
The same principle applies for UDP ports. If a remote party tried to connect to one of your UDP ports not currently in listen mode, it would receive no feedback whatsoever rendering the targeted port effectively "invisible."
The main advantage of this approach is that hackers won't be able to tell whether the address is in use or if you are just not answering. At the very least, your PC will no longer be easy prey for malicious attackers.
To activate the cFos Firewall, the "S89" modem register needs to be set. Its value (-x89=...) can also be entered during cFos startup as a global parameter, which then applies to all your COM ports and cFos Modems.
The firewall provides users with some protection against attacks from the outside. However, there are a number of threats to data integrity and system security our firewall cannot cover. So-called Trojan horse programs, for instance, install themselves surreptitiously on a target computer, then try to uncover personal data and relay it to a remote party. Employers may also wish to prevent employees from sending sensitive corporate data to third parties. Anyone with such high security needs would be well-advised to have a full-fledged professional firewall installed. However, the firewall does not help at all against all exploits of your web-browser or other high-level software.
Still, our firewall offers good protection against most external attacks without forcing users to install more expensive software or dwell excessively on intricately complicated security questions. This added security is included for free with each delivery of cFos, which is particularly handy seeing how flat rates are growing more and more popular all the time. cFos is furthermore fully capable of complementing other firewall software as part of a multi-layered security protection system for your PC.