.png)
What is Firewall in Networking? – Understanding the concepts of a Firewall
Firewall
You
probably don’t realize it, but even your home cable or DSL router uses a
firewall. Firewalls are one of the most integral parts of security for any
network. Whether you have a small or large network, you need a firewall.
Firewalls can be software such as the Windows firewall for the operating system
or hardware such as filtering set on a router. To better secure your network,
it’s best to understand the functionality of a firewall in networking and
computing.
What
Does a Firewall Do?
Firewalls
and security are a technical topic that even some experts have a hard time
grasping. That doesn’t mean you can’t work with a firewall as a user and
understand security basics. Firewalls and antivirus work hand-in-hand to
protect your computer and other computers on the network. Antivirus detects any
malware running on the computer, and a firewall blocks malicious connections. To
understand the importance of a firewall, consider your internal network and the
trust between each computer. You probably have little security between
computers if it’s a home network. Enterprise networks have more security
between machines, but there is still some innate trust that each computer on
the network will not attempt to hack the other. But can you say the same for
any computer on the Internet? Of course not, so a firewall blocks any incoming
requests from the Internet to your internal network. You probably don’t want
any random person browsing your network, so you block them with a router
firewall. Firewalls aren’t useful for just incoming requests. Viruses and other
types of malware sometimes attempt to connect to the Internet to send private
data from your computer to the hacker’s private web server. Hackers steal
passwords, financial information and other data to sell on the black market.
Instead of gaining access to your computer, the hacker writes software that you
install and this software uploads data to the hacker’s server. If your
antivirus does not detect the software as malicious, your next level of
protection is the firewall application. Your computers firewall detects that an
application is attempting to access the Internet and sends you an alert. You
then have the option to allow the connection (if the application is legit) or
deny it. If you deny it, then you know that malicious software could be an
issue on your computer.
How
Does a Firewall Work?
Routers
and firewalls use several methods to block unwanted traffic. The first one is
packet filtering. Every message you send back and forth from your computer to
the Internet uses packets. The message is segmented into a certain number of
packets, and each packet is packaged with certain information including the
destination and source IP, the destination and source port, the number that
indicates the sequence for the packet for the destination computer to put the
entire message back together and the data.
Packet
filtering reviews these packets for any identifiable malicious content. Mainly,
a packet filtering technique looks at the port. Most common applications use a
specific port. For instance, websites run on port 80, outgoing SMTP email uses
port 25 and DNS requests work on port 53. When you use a standard router, the
firewall block all incoming traffic based on packet analysis unless you allow a
specific port to forward to a specific server. For instance, if you run a web
server, you then use the router’s port forwarding capabilities to send the
packets to the web server. With incoming traffic, you want to white list any
traffic. In other words, block all traffic except any traffic on a specific
list. In this case, port 80 is allowed so port 80 requests are sent to the web
server. Sometimes, you want traffic to enter the network such as a VPN or
private network with connections over the Internet. In this case, you can use a
firewall as a proxy. Proxy servers let you connect to the server and then your
messages are forwarded to the intended recipient. The recipient then uses the
same proxy server to send you a return message. The security in this technique
is that the recipient and sender never see the technical detail such as local
IP addresses. When you allow transfer of data from one computer to another over
the Internet, the source IP and port are included in the packet. When you use a
firewall proxy, that information is eliminated from the packet and the proxy’s
IP address is shown instead. The result is that an attacker does not see the
internal computers local IP address, which is one piece of information needed
to send a calculated attack to a specific server on a corporate network. The
final common firewall technique is stateful inspection or “dynamic packet
filtering.” This is a newer technology that is slowly replacing the old static
packet filtering described previously. With static filtering, only header
information is analyzed. With stateful inspection, the packets are analyzed
down to the application layer, which means more of the actual data is reviewed.
Packets are compared with outgoing packets from the source internal computer.
If packet information matches the data from outgoing packets, the firewall
generally lets the packets flow. If a reply doesn’t match the intended request
from the source computer, the firewall then drops the packet and rejects the
connection.
Port
forwarding is a technique used to allow traffic to enter the internal network.
Normally, you have a “demilitarized zone” or a “DMZ” in the network. The DMZ is
a group of computers that are accessible from the Internet and the internal
network. However, the internal network is still segmented using a secondary
firewall from the DMZ and Internet traffic.
Other
common firewall applications include PC Tools, Comodo, Ashampoor and Online
Armor. Each service comes with its own cost and advantages and disadvantages.
If you’re new to computer networking, you’ll need to know how to work with a
firewall at some point. Whether it’s to protect your personal computers or you
want a job in networking, understanding firewall basics are a requirement to
protect the network.
0 Comments