The most important
function of a firewall is that it stops anyone on the
outside from establishing a connection with a computer in
your private network.
At its most simple level a firewall provides a way to filter
information moving through the network connection*. When
present on an individual computer, it is called a personal
firewall. Otherwise a firewall is used to protect computers
on the “inside” network (your private network) from
computers on the “outside”, usually the Internet. Because of
this, firewalls are usually included Internet gateway
devices which may also have a modem, router or switch
Firewalls allow or block communication between computers
based upon rules. Each rule defines a specific network
traffic pattern and the action to take when that pattern is
detected. These rules are customizable. It is these
customizable rules which provide control over the use of the
Note - A firewall can only operate on communications
traffic that physically passes through it. A firewall has no
impact on traffic between two computers on the same "side"
of the firewall (i.e., both connected to the same firewall
A firewall can be either a program (software) or device
(hardware) and filter either in-bound or out-bound network
traffic. The Windows XP operating system firewall and Zone
Alarm are examples of software firewalls. SonicWall and
Cisco Pix are examples of hardware firewall product lines.
How does it work?
A firewall works by blocking unsolicited traffic – anything
your computer didn’t specifically request.
There are several methods used to filter traffic, which may
be used individually or combined into a firewall product:
Here the firewall only allows communications to the
protected network based on requests that come from computers
inside that network. Anyone scanning the network from
outside only “sees” the address of the firewall, not the
inside network. Non-requested data from outside the firewall
is not allowed in, period. All in-bound ports are closed and
all out-bound ports are open. To allow for exceptions, this
method is usually combined with another method.
Packet filtering examines communication packets as they
attempt to pass through the firewall, comparing them to the
rules. The rules determine how the communication is handled.
The rules are based on the source IP of the data and the
port it is intended for. The limitation of packet filters is
that ports and IP addresses are all they will filter. They
don't evaluate the content of the data or the status of the
connection, just where it's headed.
Stateful inspection combines elements of packet
filtering with some of the elements of the gateway
methods. Stateful inspection firewalls hold in memory
attributes such as IP address, port number and TCP
handshake status of each connection from start to
finish. All outgoing packets pass through the firewall
but only allow incoming packets if they are part of a
TCP connection with an ESTABLISHED status. This ensures
that hackers cannot start unsolicited connections.
Established connections time out if no traffic has
passed for a certain period of time and are removed from
memory. Many cable/DSL SOHO gateway/routers use this
Proxy service also called application level gateways
Information from the Internet is retrieved by the firewall
and then sent to the requesting system and vice versa.
Rather than letting computers retrieve data directly, a
proxy service firewall runs proxy applications to view
common types of data (like HTTP for web-pages or POP3 for
email, etc.) before it is allowed through the firewall. This
has at least two advantages. First, no direct communication
is allowed between outside sources and computers behind the
firewall and second, filtering can now be done using the
actual content of the data, rather than just where it came
from and where it's going. Because of the level of control
they offer, these firewalls are considered very secure but
can require significant technical expertise and effort to
configure; are slower at passing information; and computers
on the inside must be configured to use the proxy service.
Microsoft's ISA (internet Security and Acceleration) server
is an example.
What a firewall does not do:
Block or Disable viruses, worms or other malicious software.
Provide protection from viruses or programs you download or
e-mail attachments you open.
Filter or block pop-up ads or junk e-mail
Stop users from malicious or unsafe activities.
Provide encrypted communications or computer (host-to-host)
These functions require other technologies.
First, firewalls are not free. The more
sophisticated/functionally capable the firewall and its
configuration the more expensive it is to acquire configure
Second, effective firewall configuration requires technical
expertise in network communication protocols. If you don’t
understand TCP/IP, you shouldn’t try to configure a
Third, firewalls are an important component of any network
but are not a security panacea. The most secure firewall is
one that does not allow any traffic to pass – defeating the
purpose of the network. Because firewalls can be a hindrance
to effective use of technology, firewall rules must be
realistic, permitting staff to use the network to fulfill
business functions, and should reflect the level of security
in the entire network.
Last,for a firewall to work effectively,
it must be a part of a consistent overall organizational
security architecture/structure. Such architecture would
include measures such as physical security, password
policies, and use policies that spell out what can and
cannot be done with organizational data, sharing logon
information, E-mail or surfing web sites.
Additional information on
how a network connection works
Additional information on Firewalls and TCP/IP
Select Product/Reseller List:
Microsoft specific information:
TCP General Information:
IP General Information:
Official Address Numbers