Perhaps some people find firewalls perplexing because the term is applied to so many of different things. It refers to several types of hardware and software, and it encompasses multiple different technical approaches. On top of this, firewalls are available as enterprise-grade products, consumer desktop versions, freeware, and are even built into most standard operating systems.
A firewall is simply a gatekeeper between different zones of trust. Systems inside an organisation have a high degree of trustworthiness. External partners, suppliers, and customers exist in different zone of lower trust. And, of course, the least trusted zone is the free-for-all of the Internet. Connecting to any outside systems means risking exposure to viruses, hackers, and a multitude of other threats. The firewall is the first line of defence against them.
A company’s firewall enforces defined security policies regarding whether, how, and which computers and networks can communicate with their internal systems. When a firewall is installed on a network or computer, all data sent to and from it is monitored and compared with a set of user-defined security criteria. Any traffic that doesn’t meet those rules is blocked. The personal firewall software on a PC erects a similar barrier around that computer’s resources.
Filters
Administrators can configure firewalls to filter content based on:
- IP address – Firewalls can block traffic based on a machine’s unique IP address. For instance, it can ignore requests from a computer that attempts several incorrect logins.
- Protocol – Policies can define whether and how different types of network communications are handled. They can, for example, block all telnet requests originating from the outside.
- Domain name – Filtering out requests for ESPN.com or EBay data could help discourage inappropriate Web browsing on the job.
- Key words – Similarly, some firewalls can filter out content that contains specific words and phrases.
- Ports – Rules tighten access to server ports.
Firewall approaches
Most firewalls employ one or more of the following methods to enforce security policies:
Packet Filtering – Examines packet attributes such as originating IP address or destination service to screen out all traffic that doesn’t conform to the rules.
Application Layer Gateways – Also known as proxy servers, these act as middlemen between internal client machines and external systems. They pass authorised packets along while shielding clients from unauthorised traffic. Proxies are often specific to a network service (i.e. HTTP, FTP, telnet).
Stateful Inspection – This approach examines packet contents and makes decisions based on its context. It uses a table of connection states and knowledge of how types of communication typically operate to differentiate authorised from unauthorised traffic. For example, it could block a mysterious application from opening an FTP connection, thus preventing a hidden keystroke logger program from "phoning home" with its purloined information.
Limitations
A firewall, however, is only as strong as the security policies it enforces.
And like door locks, a firewall is a necessary first step, but it’s no cure-all. A determined attacker can find ways around it, and it does nothing to protect against attacks and mistakes that originate inside of its perimeter.
For higher security, firewalls should be used in conjunction with anti-virus software, spyware scanning software, intrusion detection systems, and other safeguards. Most commercial firewall products are available as part of an integrated suite of security software.
For more a more in-depth introduction to firewalls, take the free Firewall Basics course from the HP Learning Center.
|
Printable version
