What is a firewall?
Basically, a firewall is a barrier to keep malicious forces away from your property. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.
In the technical jargon, it is a software program or a piece of hardware that is frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. The most important thing to recognize about a firewall is that it implements an access control policy.
Windows comes inbuilt with a default firewall, Linux also has its inbuilt iptables firewall. Most web servers run a firewall and every company that has network administrators have a big responsibility to manage and maintain the access control policies of their company firewall. So why are firewalls so important?
Why would you want a firewall?
The Internet today, like any other society is full of good people and malicious people. It allows you to block or permit network traffic.
As seen in the figure above, with the right access control policies and a firewall you can block unwanted or malicious traffic and allow only legitimate traffic to flow in and out of your device.
In a corporate environment without a firewall and internet security in place, all the computers connected to the Internet will be directly accessible and prone to malicious hackers. If even one employee in the network makes mistake and opens a security hole, malicious hackers will get in the machine and exploit the device as well as all the other connected machines on the network incurring damages to the company not just in terms of money but a lot more. Many corporations and data centers have computing security policies and practices that must be adhered to. In a case where a company’s policies dictate how data must be protected, it is very important.
It provides not only real security, it often plays an important role as a security blanket for management.
What kind of a protection do firewalls provide?
“A firewall doesn’t make your system or your network hacker-proof, but they certainly make it almost impossible for amateur hackers to gain access to your machine or private network.”
Some firewalls permit only a specific kind of traffic through them, thereby protecting the network against any attacks other than attacks against the traffic allowed. Other firewalls provide less strict protections, and block services that are known to be problems.Firewall with well written policies can protect you against denial-of-service attacks, Spam attacks, network fingerprinting attacks, SMTP server hijacking attacks to name a few.
Firewalls provide you a single choke point where security and auditing can be interwoven. So it not just filters network traffic but also provides summaries to you about what kind of traffic passed through it with what amount.
Note: A firewall is not a replacement for your antivirus or anti-malware program. Both have their specific uses and should not be intermixed.
How does a firewall work?
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
- Packet Filtering: Packets are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
- Proxy Service: Information from the Internet is retrieved by it and then sent to the requesting system and vice versa.
- Stateful Inspection: Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
Based on your needs you need to set your firewall control policies. Firewalls are customizable. This means that you can add or remove filters based on several following conditions:
- IP Addresses: Each Internet connected machine has an IP address. Firewalls allow packets to be rejected based on IP addresses. For example, if a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
- Domain Names: A company might block all access to certain domain names, or allow access only to specific domain names.
- Protocols: A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines.
- Ports: A company or a home user may allow or reject traffic on only a few ports based on need.
- Specific words and phrases: The firewall will search through each packet of information for an exact match of the text listed in the filter and decide whether to allow or drop it.
I’m sure you understand the strengths and capabilities provided by a firewall now. In the next series of this article we will look at some trustworthy firewall products for Windows, Linux and Android operating systems and how to use them.
Let me know your views in the comments section below.