What is a Firewall? How Does It Work? 

LAD Enterprizes
About Us
Services
Seminars
Whitepapers/Articles
Tips, Tools and "What Is"
Computer Census
Contact		  



The most important function of a firewall is that it stops anyone on the outside from establishing a connection with a computer in your private network. 

At its most simple level a firewall provides a way to filter information moving through the network connection*. When present on an individual computer, it is called a personal firewall. Otherwise a firewall is used to protect computers on the “inside” network (your private network) from computers on the “outside”, usually the Internet. Because of this, firewalls are usually included Internet gateway devices which may also have a modem, router or switch functionality.

 

Firewalls allow or block communication between computers based upon rules. Each rule defines a specific network traffic pattern and the action to take when that pattern is detected. These rules are customizable. It is these customizable rules which provide control over the use of the network.

Note - A firewall can only operate on communications traffic that physically passes through it. A firewall has no impact on traffic between two computers on the same "side" of the firewall (i.e., both connected to the same firewall port).

A firewall can be either a program (software) or device (hardware) and filter either in-bound or out-bound network traffic. The Windows XP operating system firewall and Zone Alarm are examples of software firewalls. SonicWall and Cisco Pix are examples of hardware firewall product lines.

 

How does it work?

A firewall works by blocking unsolicited traffic – anything your computer didn’t specifically request.

 

There are several methods used to filter traffic, which may be used individually or combined into a firewall product:

  • Circuit level gateways

Here the firewall only allows communications to the protected network based on requests that come from computers inside that network. Anyone scanning the network from outside only “sees” the address of the firewall, not the inside network. Non-requested data from outside the firewall is not allowed in, period. All in-bound ports are closed and all out-bound ports are open. To allow for exceptions, this method is usually combined with another method.

  • Packet Filtering 

Packet filtering examines communication packets as they attempt to pass through the firewall, comparing them to the rules. The rules determine how the communication is handled. The rules are based on the source IP of the data and the port it is intended for. The limitation of packet filters is that ports and IP addresses are all they will filter. They don't evaluate the content of the data or the status of the connection, just where it's headed.

  • Stateful Inspection

    Stateful inspection combines elements of packet filtering with some of the elements of the gateway methods. Stateful inspection firewalls hold in memory attributes such as IP address, port number and TCP handshake status of each connection from start to finish. All outgoing packets pass through the firewall but only allow incoming packets if they are part of a TCP connection with an ESTABLISHED status. This ensures that hackers cannot start unsolicited connections. Established connections time out if no traffic has passed for a certain period of time and are removed from memory. Many cable/DSL SOHO gateway/routers use this method

     

  • Proxy service also called application level gateways

Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Rather than letting computers retrieve data directly,  a proxy service firewall runs proxy applications to view common types of data (like HTTP for web-pages or POP3 for email, etc.) before it is allowed through the firewall. This has at least two advantages. First, no direct communication is allowed between outside sources and computers behind the firewall and second, filtering can now be done using the actual content of the data, rather than just where it came from and where it's going. Because of the level of control they offer, these firewalls are considered very secure but can require significant technical expertise and effort to configure; are slower at passing information; and computers on the inside must be configured to use the proxy service. Microsoft's ISA (internet Security and Acceleration) server is an example.

What a firewall does not do:

  • Block or Disable viruses, worms or other malicious software.

  • Provide protection from viruses or programs you download or e-mail attachments you open.

  • Filter or block pop-up ads or junk e-mail

  • Stop users from malicious or unsafe activities.

  • Provide encrypted communications or computer (host-to-host) authentication

These functions require other technologies.

Final thoughts

 

First, firewalls are not free. The more sophisticated/functionally capable the firewall and its configuration the more expensive it is to acquire configure and maintain.

 

Second, effective firewall configuration requires technical expertise in network communication protocols. If you don’t understand TCP/IP, you shouldn’t try to configure a firewall.

 

Third, firewalls are an important component of any network but are not a security panacea. The most secure firewall is one that does not allow any traffic to pass – defeating the purpose of the network. Because firewalls can be a hindrance to effective use of technology, firewall rules must be realistic, permitting staff to use the network to fulfill business functions, and should reflect the level of security in the entire network.

 

Last,for a firewall to work effectively, it must be a part of a consistent overall organizational security architecture/structure. Such architecture would include measures such as physical security, password policies, and use policies that spell out what can and cannot be done with organizational data, sharing logon information, E-mail or surfing web sites.

* Additional information on how a network connection works

Additional information on Firewalls and TCP/IP

 

Firewalls

General Information: http://en.wikipedia.org/wiki/Firewall_(networking)

Select Product/Reseller List: http://www.thegild.com/firewall/

 

TCP/IP

General information http://en.wikipedia.org/wiki/Internet_protocol_suite

Microsoft specific information: http://technet.microsoft.com/en-us/library/bb726983.aspx

 

TCP General Information: http://en.wikipedia.org/wiki/Transmission_Control_Protocol

Port Numbers:

Background: http://en.wikipedia.org/wiki/Internet_protocol_suite

Official List: http://www.iana.org/assignments/port-numbers

 

IP General Information: http://en.wikipedia.org/wiki/Internet_Protocol

Official Address Numbers http://www.iana.org/numbers/

Issue 43, January 2009


 

 
 
 
 

Copyright © 2008 LAD Enterprizes