132 CHAPTER 9 HOW TO SECURE YOUR (Web host music)
132 CHAPTER 9 HOW TO SECURE YOUR COMPUTER Figure 9-4. Firestarter includes a wizard to walk you through the basics of firewall configuration. 6. Put a check in the IP address is assigned via DHCP box, unless you re using a modem. 7. You re asked if you want to enable Internet connection sharing. This allows you to turn your computer into an Internet router and can be very useful in certain circumstances. You can activate this later on by running the wizard again (to rerun the wizard, simply click Firewall on Firestarter s main window, and then click Run Wizard). 8. Save your settings. The Firestarter main window then opens. Configuring Firestarter Firestarter works by controlling the data that goes in and out of your computer via your Internet or network connection. By default, it blocks every type of uninvited inbound connection but allows every type of outbound connection. This needs some explanation. Whenever you click a link on a web page, your computer sends a request for data to the web server hosting the web page. Within a few milliseconds, that data will be sent to your computer. This is an inbound data connection. The Linux firewall is clever enough to realize that the data was requested by you, so it is allowed through. However, any uninvited connections are turned away. If, out of the blue, someone attempts to connect to your computer via the popular Secure Shell (SSH) tool, as just one example, he won t be allowed to make that connection. This is a good thing because it makes your computer secure. Crackers are turned away whenever they try to connect, no matter how they try to connect. But in some circumstances, allowing uninvited connections is useful. For example, if you create a shared folder for other computers in your office to connect to, they will frequently make uninvited inbound connections to your computer. And if you want to make use of SSH to connect to your computer remotely, you will need to allow such incoming connections. Therefore, Firestarter lets you allow through certain types of inbound connections.