Follow Us: Add us on Skype Visit our Google Plus +1 Page Find APACMS On Twitter Find APACMS On Facebook Find APACMS On LinkedIn


Understanding Firewalls

The Internet is a scary place. Criminals on the Internet have the ability to hide behind their computers, or even other peoples computers, while they attempt to break into your computer to steal personal information or to use it for their own purposes. To make matters worse, there always seems to be a security hole in your software or operating system that is not fixed fast enough that could potentially allow someone to hack into your computer. Where does this leave you? Are you supposed to cancel your Internet access, or is there something you can do to protect yourself?

The answer is that you can protect yourself with a firewall. In the past, firewalls were expensive pieces of hardware that only companies would use. Most people were not on the Internet, and if they were they were connected via a dial up which is not fast enough for most hacker's purposes. Therefore, hackers predominantly targeted companies who normally had larger pools of available bandwidth. Now with almost everyone being able to connect to the Internet, and many with extremely fast and cheap bandwidth, hackers tend to target the home user as they are more apt to not secure their computers properly thus becoming an easy target. With this in mind developers have created cheap but powerful home firewall solutions for the home users to protect themselves.

This tutorial will help to increase your knowledge on how to protect yourself with a firewall so you are not an easy target to hackers and viruses in the future.



What is a Firewall

A firewall is a hardware device or software application that sits between your computer and the Internet and blocks all Internet traffic from reaching your computer that you have not specifically requested. What this means is that if you browse to a web site, the firewall will allow the traffic from that web site to reach your computer and therefore yourself. On the other hand, if you did not request information from that web site, and the web site sent traffic to you, it would be denied from reaching your computer because you did not specifically ask for it. This behavior can be changed if you wish, and we will discuss that further in the document.

Firewalls for the home user can either be a piece of hardware or a piece of software. The differences will be discussed below.

A Hardware Firewall is a device that sits between your Internet connection and the rest of the computers plugged into it. These firewalls usually come with a built in hub that allows you to connect multiple computers to it in order for them all to be able to share one Internet connection. These firewalls provide protection to all the computers connected to it using a technology called Network Address Translation, or NAT. This protection is performed by all the protected machines using private IP addresses, such as 192.168.1.X, that can not be reached via the Internet. The firewall then convert these internal IP addresses to the single public IP address that is assigned to the firewall. This makes it so that your hardware firewall accepts all incoming requests you asked for and then forwards them on to the requesting internal computer. Using this method, outside machines are never able to connect directly to your computers.

A Personal Firewall is a piece of software installed on each computer that needs to be protected. This software then filters all incoming, and sometimes outgoing traffic, and only allows only data that has been requested or explicitly allowed to pass through. Personal firewalls tend to be more feature rich than hardware versions, but they do not have the ability to allow you to share your Internet connection with multiple computers on the network.

The decision as to which type of firewall to use depends on what you plan on using it for. If you would like to protect just one computer, then a personal software based firewall is more than adequate. If you would like to protect multiple computers, then a hardware based solution may be most cost effective. Some people even state that you should use both a hardware firewall to protect your network and a personal firewall that further protects your computer. Though this is not a bad idea, it may be cost prohibitive for many users. If money is not an option, then using both will add an extra level of security as well as provide you with the greater functionality found in personal firewalls.

For the rest of this tutorial we will predominantly focus on personal firewalls that are installed on your computer, though many of the topics discussed here apply to hardware firewalls as well.



General Firewall Features

When choosing your firewall it is important to pay attention to what features they offer you as these features can make a large difference in how your computer is protected. For some people certain features are more important than others, but in terms of security the most important are inbound and outbound filtering, application protection, notifications, and stealth mode. These features and others will be discussed below:

Inbound and Outbound Filtering

Filtering is when a firewall examines information passing through it and determines if that information is allowed to be transmitted and received or should be discarded based on rules or filters that have been created. This is the primary function of a firewall and how it handles these tasks is very important for your security. Most people feel inbound filtering, which is the processing of inbound data towards your computer, is the most important function of a firewall. Outbound filtering, though, plays just as an important role for securing your computer. You may have had malware installed on your computer without your knowledge, and suddenly when you install a firewall with outbound filtering, you will find that software on your computer is attempting to transmit data to a remote host somewhere on the Internet. Now, not only do you know that this software is installed, but the outbound filtering stopped it from passing on private information.

These filters can also be modified to allow certain computers on the Internet to reach your computer or for certain applications on your computer to transmit data to the Internet. How these rules should be modified is determined by your needs. For example if you would like remote users to be able to connect to you remotely using remote desktop you will need to open up the port associated with Remote Desktop, which is tcp port 3389, in order for your firewall to allow that traffic to flow through. An example of this can be seen below where a particular remote computer is given permission to access the computer behind the firewall.

How Firewalls work

Stealth Mode

It is important for your firewall to not only block requests to reach your computer, but to also make it appear as if your computer does not even exist on the Internet. When you are connected to the Internet and your computer can not be detected via probes to your computer, you are in what is called Stealth mode. Hackers have the ability to detect if you are on the Internet by probing your machine with special data and examining the results. When you are in Stealth mode the firewall does not send this information back making it seem like you are not even connected. Due to this hackers will not continue targeting your computer as they will think you are not online.

Privacy protection

Many firewalls now have the ability to block spyware, hijackers, and adware from reaching your computer. This allows you to protect your computer from being infected with software that is known to reveal private information about what you do on the Internet or other computing habits. These features are usually bundled into the commercial versions of the firewall software packages.

Application Integrity

Application Integrity is when the firewall monitors the files on your computer for modification in the file or how they are launched. When it detects such a change it will notify the user of this and not allow that application to run or transmit data to the Internet. Many times these modifications may have been part of an upgrade, but if it was modified by a malicious program you will now be made aware of it.

Intrusion detection

Intruders use various methods to penetrate the security of your computer. Intrusion detection scans incoming data for signatures of known methods and notifies you when such attacks are recognized. This allows you to see what means a hacker is trying to use to hack your computer.


Notifications allow you to see the activity of what is happening on your firewall and for the firewall to notify you in various ways about possible penetration attempts on your computer.



Firewall Monitoring and Good Practice


Regardless of the firewall you use it is good practice to monitor the firewall logs occasionally. With good monitoring of your logs you will increase your security immediately. Statistically most hacks could have been avoided if people monitored their logs as most hackers will probe a computer before they hack it. If an administrator of the computer had noticed these probes, they may have been able to determine if their computers were vulnerable to what was being probed for. When you first install your firewall and examine the logs you will be simply amazed as to the amount of people who are attempting to access your computer without your knowledge.

There are three main reasons for monitoring your log files and are discussed below:

Preventative Measures: By monitoring the logs of your firewall you can see what ports and services hackers are attempting to exploit. You can then use this information to make sure your computer is secure from these exploits. For example, if you notice on your logs that many people are scanning your computer for port 3127 and did some research, you will find that it could be that people or viruses are looking for backdoors into your computer left by an early variant of the MyDoom virus. You can then make sure your computers are not affected by this potential exploit.

Forensics: If your computer gets compromised by a remote computer, and you find the files placed on your computer by the hacker you can determine the date and time that they were placed there. Using this information you can check your log archives for activity during that time and date to determine how the hacker was able to penetrate your computer. This information can then be used to secure your computer.
Reporting to the authorities: Using the information found in the log files will allow you to present information to authorities in the case of a successful hack or an attempt. The logs will give you the IP address of the offending computer, the method used, and the time and date it was performed. This information can be given to the appropriate ISP or authorities in case of criminal activities.

Good Practice

It is good practice to occasionally examine any custom rules or filters that you have created for allowing incoming traffic or outbound traffic to or from your computer. You may at times allow certain protocols to connect to your computer for various reasons including file sharing, mail, ftp, or web. Many times these rules are created, and then they are forgotten and remain open. It is good practice to examine your firewalls configuration occasionally to make sure these rules are disabled if they are no longer needed. If you keep these rules open when you do not need them, you are creating a potential avenue for hackers to compromise your computer.



Common Issues with Firewalls

It is important to note that almost all Internet applications are created with the thought that there is no firewall in place that could change how these applications can communicate with the Internet. Sometimes using a firewall can make certain features of the applications no longer work properly. In the majority of cases, these services can be enabled to work by changing certain settings in your firewall to allow incoming traffic to be received by your computer. When this type of situation occurs you can create a custom rule that allows that particular application to work.

An example of this would be if you have Windows XP Professional and would like to be able to remotely connect to your Remote Desktop from another computer. Since firewalls by default block all incoming traffic to your computer when you attempt to connect to Remote Desktop the connection will be denied. If you search on Remote Desktop using Google you will find that Remote Desktop uses TCP port 3389 to accept incoming connections. You would then change your rules on your firewall to allow incoming connections to TCP port 3389, thus allowing you to connect to your computer remotely.

Therefore, when using applications with a firewall and you find that there are problems, you should search the Internet on how to use that program with a firewall and what ports should be opened. Then you would create a custom rule that would allow the specific traffic to reach your computer.



Popular Firewalls

There are many types of firewalls on the market, each with their own strengths and weaknesses. I have listed these personal software firewalls and hardware vendors as resources for you to research further. If a firewall is noted as free it is important to note that their commercial equivalents will probably contain more features that may be beneficial to you.

Free Personal Software Firewalls

Outpost Firewall
Zone Alarm Free

Commercial Personal Software Firewalls

Black Ice
McAfee Personal Firewall
Norton Person Firewall
Outpost Firewall Pro
Tiny Personal Firewall
Zone Alarm Pro/Plus

Hardware Router/Firewalls Vendors

Juniper Networks


As you can see having a firewall protecting your computer is a necessity in protecting your computer from hackers or viruses. With the proper monitoring and rules you will be able to use your applications on the Internet as you would like to with the added benefit of securing your computer. When you leave your house, you lock your doors to prevent robbery, why not use a firewall to put a lock on your computer.

Defragmenting VMware Virtual



What is Defragmentation?

Defragmentation moves blocks around the disk to bring together blocks belonging to the same file in an effort to make the file contiguous on disk. This means that sequential I/O operations should be faster after a defrag because the read/write heads inside the hard disk will not need to travel so far to gather all the data it requires.

Here's a view of the Disk Fragementer that is part of the System Tools within Windows:

Our Experienced IT Support Staff can Defrag your VMware Disks

Defragmenting a Guest OS in a Virtual Machine.

This is very different to running a defrag on a physical host with a local disk. Typically you are going to have multiple VMs running together on a VMFS or NFS volume. Therefore the overall I/O to the underlying LUN is going to be random so defragmenting individual Guest OS'es is not really going to help performance. However, there are other concerns that you need to keep in mind. The easiest way to explain the concerns is to give you some scenarios of what might happen to a VM which is defraged, and what impact it has on the various vSphere technologies. You can then make up you own mind about whether it is a good idea or not.

  1. Thin Provisioned VMs. If you defragment a Thin Provisioned VM, as file blocks are moved around, the TP VMDK bloats up, consuming much more disk space.
  2. Linked Clone VMs (vCloud Director, View). In the case of a VM running off of a linked clone, the defragmenter bloats up the linked clone redo logs.
  3. Replicated VMs (Site Recovery Manager, vSphere Replicator). If your VM was being replicated, and you defragemented the VM on the protected site, it could well cause a lot of data to be sent over the WAN to the replicated site.
  4. Snapshot'ed VMs. This is a similar use case to Linked Clones. Any VMs running off of a snapshot which ran a defrag would cause the snapshot to inflate considerably, depending on how many blocks were moved during the defrag operation.
  5. Change Block Tracking (VMware Data Recovery). The CBT feature is used heavily by backup products, including VMware Data Recovery (VDR). This feature tracks changes to a VM's disk blocks during a backup operation. If a defrag is run during a backup operation, the number of blocks that changes will increase, which means more data will have to be backed up, meaning a longer backup time.
  6. Storage vMotion. Storage vMotion also uses CBT in vSphere 4.0. If a VM was being Storage vMotion'ed when a defrag operation was initiated, it would also impact the time to complete the operation since the defrag is changing blocks during the migration.

Defragmentation also generates more I/O to the disk. This could be more of a concern to customers than any possible performance improvement that might be gained from the defrag. I should point out that I have read that, internally at VMware, we have not observed any noticeable improvement in performance after a defragmentation of Guest OSes residing on SAN or NAS based datastores.

I also want to highlight an additional scenario that uses an array based technology rather than a vSphere technology. If your storage array is capable of moving blocks of data between different storage tiers (SSD/SAS/SATA), e.g. EMC FAST, then defragmentation of the Guest OS doesn't really make much sense. If your VM has been running for some time on tiered storage, then in all likelihood the array has already learnt where the hot-blocks are, and has relocated these onto the SSD. If you now go ahead and defrag, and move all of the VM's blocks around again, the array is going to have to relearn where the hot-spots are.

Our Sydney IT Networking Support Staff can Defrag your VMware Hard Disks

If you automate the defrag to run regularly, I think this could cause a performance decrease rather than give you any sort of performance gain if the VM is deployed on a datastore backed by tiered storage. This may already be enabled on some Operating Systems.


What Storage Array vendors say.

NetApp have a very good vSphere/NetApp interoperability WP in which they briefly discuss this topic. Quoting directly from the paper - "VMs stored on NetApp storage arrays should not use disk defragmentation utilities because the WAFL file system is designed to optimally place and access data at a level below the guest operating system (GOS) file system. If a software vendor advises you to run disk defragmentation utilities inside of a VM, contact the NetApp Global Support Center before initiating this activity."

Cloud Storage Solutions

LISTEN - What the experts say about Cloud Storage services

Server & Computer Network

Maintenance Checklist

Over the many years, APACMS have established a very large and thorough Server and Computer Networking maintenance checklist. The types of things we go over within this checklist help our clients get the most out of their computer equipment.
By discovering and resolving issues on the spot and performing routine tasks on our client's IT equipment, we are able to help ensure our clients remain free from data corruption, security breaches, and poor network performance, just to name a few.

Just like a car or any type of automobile, you need to maintain it so that it will continue to work throughout the ages. This type of analogy is a good way to understand the requirements of your office's IT infrastructure. We usually perform this maintenance monthly however; some clients have very large networks and require maintenance on a fortnightly basis. The types of checks we perform include.


Physical Hardware Checks

  • Check hardware termination.
  • Check hardware Interoperability if any.
  • Identify any hardware faults on servers, printers, etc.
  • Check functionality of other peripherals.
  • Investigate any disconnected cables.
  • Check for any incorrectly connected cabling.
  • Check for error indicators or lights.


Backup & Restore

  • Check Backup logs for errors.
  • Verify Backup Job Consistency.
  • Perform Test Restore using recent Backup Media.
  • Ensure Backup is running as per Schedule.
  • Run a cleaning tape when required.


Software Updates & Licensing

  • Check for Microsoft Windows updates.
  • Check for Microsoft Office updates.
  • Check any third party applications for updates.
  • Ensure antivirus definition update scheduling.
  • Check for updated printer drivers.
  • Ensure product licensing is current & valid.


Event Logs and Services

  • Check System, Application, DNS, FRS & Security Logs.
  • Archive old events to files with appropriate dates.
  • Troubleshoot any found error events & warnings.
  • Check for services failing start up.
  • Check the correct services are starting up and disable any unnecessary services.


Disk Management

  • Check disks for data integrity & consistency.
  • Analyse disk performance and usage.
  • Check status of RAID configuration if applicable.
  • Perform & or schedule a chkdsk & defragment disks if required.
  • Check disk capacity.
  • Clear temp files.
  • Check network shares and disable any unnecessary shares.



  • Check event, history & virus logs.
  • Check scan schedule times.
  • Clear quarantined items.
  • Ensure anti-virus definition updates are occurring.



  • Enable and check firewall & router logs. Troubleshoot findings if required.
  • Perform penetration tests on network/servers.
  • Perform security checks on other applications & files if required.
  • Check wireless authentication, encryption, access control & logs.
  • Check for password strength policies.


Active Directory

  • Check Active Directory replication.
  • Check Active Directory using replmon, dcdiag & or netiq tools.
  • Check & monitor Active Directory performance.
  • Audit and disable and or remove unnecessary user accounts.


Microsoft Exchange Mail System

  • Check Exchange event logs.
  • Clear dead and or bad mail.
  • Check individual mailbox space usage and note down any large mailboxes.
  • Ensure replication & routing events are successful.
  • Schedule a database compact using either isinteg or eseutil tools.


Network Performance

  • Check Network Utilization rates.
  • Monitor any excessive broadcast traffic.
  • Identify any Network Bottlenecks.



  • Check server performance using perfmon.
  • Check DHCP, DNS & WINS configurations.
  • Check WSUS synchronisation logs.
  • Approve any necessary updates.
  • Confirm Group Policies settings.
  • Check the up-time of servers, switches and routers.
  • Test UPS battery performance.
  • Make a hardware profile in case you need to roll back to the last known working config.
  • Test your contingency remote access mechanism(s), Example are PCAnywhere, Terminal Services, VNC, HP iLO management port.

Fake Anti-virus and Trojan Infections


Fake virus alerts are usually generated by a Trojan. A Trojan is a program that takes control of your computer after you open an email attachment, click on a pop-up advertisement within your browser or by visiting particular websites usually Adult sites.

Fake antivirus products are designed to appear legitimate. They have names of brands which sound familiar. Names such as Virus Protector, Anti-Virus Shield, Malware Defence, Anti-Spyware Pro and Microsoft Security, the list goes on.

These cyber criminals use scare tactics designed at all those click happy computer users whom do not take time to read every pop-up which appears on their screen. This can be very dangerous for you and your computer network so it’s important that you read and become familiar with the way the legitimate anti-virus software on your computer looks and behaves. If you know what a real warning message looks like, it should be easier to spot a phony.

If you think you’ve been victimised by scare-ware or fake anti-virus, contact our Sydney support centre on 02 99871445 so we can take a quick look for you. We can quickly and easily help you to diagnose and repair any type of computer and or network infection and guide you back your normal day-to-day duties.