There are a few key things to understand about home networks that will make managing personal firewalls much easier.  The first is the difference between home networks and public networks.

The internet is a public network because all computers on the internet can see each other. Literally, the internet is public; it belongs to everyone who uses it. Computers on the internet all see each other because they have public network addresses.

Typical home networks use private network addresses rather than public ones. “Typical” means a home network that has one or more computers and a network printer which are all connected (wired or wirelessly) through a home router (also called a residential gateway or firewall).  The home router separates the public internet from the private local network in the home, generally providing several types of protection so that bad guys on the internet can't initiate connections to the private network. Home routers are not subject to the criticisms of personal firewalls described in http://en.wikipedia.org/wiki/Personal_firewall, so anyone with a home network connected to the internet should have one or should consider getting one. (The rest of this posting assumes the presence of a home router.)

OK, so the internet is public and home networks are private; that is pretty simple. However, this gets more complicated due to wireless hotspots used in hotels, airports, coffee-shops, college dorms, etc. (http://en.wikipedia.org/wiki/Hotspot_(Wi-Fi))  Although such hotspots are technically private networks, from a practical point of view they are public because generally anyone can access them. A bunch of strangers share these “private networks” so the potential to encounter bad guys wanting to do bad things is just about as high as on the public internet. That means these hotspots should really be treated as public networks even though from a technical networking point of view they are private. To avoid confusion, I'll just call these public hotspots. Just keep in mind that a public hotspot is actually a private network but shouldn't be trusted to be safe.

Using a public hotspot is a good reason to use a personal firewall. Since this type of firewall runs on the computer itself and therefore is carried around with the computer, it is available for protection from other computers sharing the same public hotspot.  (Carrying around a residential gateway with a laptop would be pretty inconvenient!)

The ability to use a personal firewall for protection in a public hotspot is the good news. The bad news is that personal firewalls can't tell the difference between a home network and a hotspot network; they both look identical to the firewall. The problem is that the personal firewall can't tell whether  private addresses belong to computers on a home network or a public wireless hotspot; the all look the same to it.

So what happens if the personal firewall is told that the local network is a private home network when it is really a public hotspot?  That is probably pretty clear. It won't provide sufficient protection against maliciousness from bad guys on the same public hotspot.

Then one might be tempted to tell the personal firewall to treat the local network as a public hotspot all the time, just to be safe. Unfortunately, if this is done then it will block communication to printers, shared network storage, network media players, and all the cool gadgets that make a home network such a great thing. It is possible to add a bunch of rules to the firewall policy to keep a high level of security but that is a lot of work and is generally unnecessary.

Here is the key thing to remember from all this. The first step in managing a personal firewall is to be sure to tell the firewall what type of network is being used – a private home network or a public hotspot. Unfortunately, different personal firewalls use different names and provide different user interface controls for selecting between them, so it isn't possible to provide specific instructions that will work for all firewalls but here is some general guidance that works over a broad range of personal firewalls:

-         When first installed, a firewall will almost always ask what type of network it is connected to. Be sure to tell it the right type of network.

-         To distinguish between a private home network and a public hotspot, the firewall will use names like

-         “secure” and “restricted” (where “secure” means private and “restricted” means hotspot), or

-         “safe” and “restricted” (where “safe” means private and “restricted” means hotspot), or

-         “trusted” and “internet” (where “trusted” means private and “internet” means hotspot), or

-         “local” and “internet” (where “local” means private and “internet” means hotspot). 

-         If the personal firewall has already been installed or the type of network has been changed (e.g., if it was installed when at home and now the laptop is being taken on the road and used on a public hotspot), then change the network type in the firewall settings. Look for the words above (trusted, restricted, safe, etc.) in the firewall settings. Somewhere there is probably a way to change the network type.

Taking care to select the correct network type in the personal firewall might be all one ever needs to know. That's not so hard, is it?  However, depending on the firewall and its default security rules, this by itself might not be enough to avoid problems. In the next posting, I'll talk about the second easiest way to help manage personal firewalls.