If you have been using
Internet on a regular basis or working in a large company and surf the Internet
while you are at work, you must have surely come across the term firewall.
You might have also heard of people
saying firewalls“
protect their computer from web attacks and hackers” or “ certain website has been blocked by firewall in their
work .place”
If you have ever wondered to know what exactly is this firewall and how it
works, here we go. In this post I will try to explain How“ firewalls work” in a layman’ terms.
How Firewalls Work?
Firewalls are basically a
barrier between your computer (or a network) and the Internet (outside world).
A firewall can be simply compared to a security guard who stands at the
entrance of your house and filters the visitors coming to your place. He may
allow some visitors to enter while denying others whom he suspects of being
intruders. Similarly a firewall is a software program or a hardware device that
filters the information (packets) coming through the Internet to your personal
computer or a computer network.
The working of a Firewall
Firewalls may decide to allow or block network traffic between devices based on
the rules that are pre-configured or set by the firewall administrator. Most
personal firewalls such as Windows firewall operate on a set of pre-configured
rules that are most suitable under normal circumstances so that, the user need
not worry much about configuring the firewall.
Personal firewalls are easy
to install and use and hence preferred by end-users for use on their personal
computers. However, large networks and companies prefer those firewalls that
have plenty of options to configure so as to meet their customized needs. For
example, a company may set up different firewall rules for FTP servers, Telnet
servers and Web servers. In addition, the company can even control how the
employees connect to the Internet by blocking access to certain websites or
restricting the transfer of files to other networks. Thus, in addition to security,
a firewall can give the company a tremendous control over how people use the
network. Firewalls use one or more of the following methods to control the
incoming and outgoing traffic in a network:
Packet Filtering: In this
method, packets (small chunks of data) are analyzed against a set of filters.
Packet filters has a set of rules that come with accept and deny actions which
are pre-configured or can be configured manually by the firewall administrator.
If the packet manages to make it through these filters then it is allowed to
reach the destination; otherwise it is discarded.
Stateful Inspection: This is
a newer method that doesn’t
analyze the contents of the packets. Instead, it compares certain key aspects
of each packet to a database of trusted source. Both incoming and outgoing
packets are compared against this database and if the comparison yields a
reasonable match, then the packets are allowed to travel further. Otherwise
they are discarded.
Firewall Configuration:
Firewalls can be configured
by adding one or more filters based on several conditions as mentioned below:
--IP addresses: In any case,
if an IP address outside the network is said to be unfavorable, then it is
possible to set filter to block all the traffic to and from that IP address.
For example, if a certain IP address is found to be making too many connections
to a server, the administrator may decide to block traffic from this IP using
the firewall.
--Domain names: Since it is
difficult to remember the IP addresses, it is an easier and smarter way to
configure the firewalls by adding filters based on domain names. By setting up
a domain filter, a company may decide to block all access to certain domain
names, or may provide access only to a list of selected domain names.
--Ports/Protocols: Every
service running on a server is made available to the Internet using numbered
ports, one for each service. In simple words, ports can be compared to virtual
doors of the server through which services are made available.
--For example, if a server is
running a Web (HTTP) service then it will be typically available on port 80. In
order to avail this service, the client needs to connect to the server via port
80. Similarly, different services such as Telnet (Port 23), FTP (port 21) and
SMTP (port 25) services may be running on the server.
--If the services are
intended for the public, they are usually kept open. Otherwise they are blocked
using the firewall so as to prevent intruders from using the open ports for
making unauthorized connections.
--Specific words or phrases:
A firewall can be configured to filter one or more specific words or phrases so
that, both the incoming and outgoing packets are scanned for the words in the
filter. For example, you may set up a firewall rule to filter any packet that
contains an offensive term or a phrase that you may decide to block from
entering or leaving your network.
Hardware vs. Software
Firewall:
Hardware firewalls provide
higher level of security and hence preferred for servers where security has the
top most priority. The software firewalls on the other hand are less expensive
and hence preferred in home computers and laptops.
Hardware firewalls usually
come as an in-built unit of a router and provide maximum security as it filters
each packet in the hardware level itself even before it manages to enter your
computer.
A good example is the Linksys
Cable/DSL router.
Why Firewall?
Firewalls provide security
over a number of online threats such as Remote login, Trojan backdoors, Session
hijacking, DOS & DDOS attacks, viruses, cookie stealing and many more. The
effectiveness of the security depends on the way you configure the firewall and
how you set up the filter rules.
However, major threats such
as DOS and DDOS attacks may sometimes manage to bypass the firewalls and do the
damage to the server. Even though firewall is not a complete answer to online
threats, it can most effectively handle the attacks and provide security to the
computer up to the maximum possible extent.
No comments:
Post a Comment