VPN & Firewall: Still Need Both?

TL;DR

Yes, you still need a personal firewall even when connected to a trusted VPN. A VPN encrypts your internet connection and hides your IP address, but it doesn’t protect against all threats like malware or applications sending data without your knowledge. A firewall adds an extra layer of security by controlling network traffic in both directions.

Why You Need Both

1. VPN Limitations:
• Encryption, not Protection: VPNs primarily focus on encrypting your data and masking your location. They don’t actively scan for or block malicious software.
• Server-Side Risks: While reputable VPN providers are secure, there’s always a small risk associated with trusting a third party with your traffic.
• DNS Leaks: Sometimes, DNS requests can bypass the VPN tunnel, revealing your true location. (Check your VPN settings and use a leak test website).
2. Firewall Benefits:
• Application Control: Firewalls allow you to control which applications on your device are allowed to access the internet. This prevents rogue software from communicating with external servers.
• Inbound Protection: A firewall blocks unsolicited incoming connections, protecting against attacks that try to directly reach your computer. VPNs don’t typically offer this protection.
• Malware Prevention: Some firewalls include features to detect and block known malware.
• Alerting: Firewalls can alert you when an application attempts to access the internet for the first time, allowing you to make informed decisions.

Setting Up a Personal Firewall

1. Windows Firewall: Windows has a built-in firewall that is enabled by default. You can configure it through Control Panel → System and Security → Windows Defender Firewall.
   • Advanced Settings: For more control, use ‘Advanced settings’ to create inbound and outbound rules based on applications or ports.
   • Allow an app through firewall: This lets you specify which programs can access the network.
2. macOS Firewall: macOS also has a built-in firewall (System Preferences → Security & Privacy → Firewall).
   • Turn on Firewall: Enable the firewall and configure options for blocking incoming connections.
   • Firewall Options: Control which apps are allowed to accept incoming connections.
3. Third-Party Firewalls: Several third-party firewalls offer more advanced features (e.g., ZoneAlarm, Comodo Firewall).
   • Installation & Configuration: Follow the software’s instructions for installation and configuration. Pay attention to default settings and customize them based on your needs.

Example: Blocking an Application with Windows Firewall

To block a specific application from accessing the internet using Windows Firewall:

1. Open ‘Windows Defender Firewall’ (Control Panel → System and Security).
2. Click on ‘Advanced settings’.
3. In the left pane, click on ‘Outbound Rules’.
4. Click ‘New Rule…’ in the right pane.
5. Select ‘Program’ and click ‘Next’.
6. Browse to the application’s executable file (.exe) and select it. Click ‘Next’.
7. Select ‘Block the connection’ and click ‘Next’.
8. Choose when the rule applies (Domain, Private, Public) and click ‘Next’.
9. Give the rule a name and description, then click ‘Finish’.

Checking Your Firewall Status

Verify your firewall is enabled:

• Windows: Check Windows Defender Firewall status in Control Panel.
• macOS: Check the Firewall tab in System Preferences → Security & Privacy.