Essential Concepts - Firewall

We have covered most of the concepts of networking. But still some of the concepts are left over. They include Firewall and Proxies. Generally, we may face situations where some site is blocked, or sometimes we require authentication (username and password) to use internet. Also sometimes, some of the apps or software installed on our are blocked to use our internet connection. All these things are done via Firewall and its set of rules.

A firewall is a network security system, either hardware- or software-based, that uses rules to control incoming and outgoing network traffic. Firewalls are basically a barrier between your computer (or a network) and the Internet (outside world). A firewall can be simply compared to a security guard who stands at the entrance of your house and filters the visitors coming to your place. He may allow some visitors to enter while deny others whom he suspects of being intruders. Similarly a firewall is a software program or a hardware device that filters the information (packets) coming through the Internet to your personal computer or a computer network.

How a Firewall works?

Firewalls may decide to allow or block network traffic between devices based on the rules that are pre-configured or set by the firewall administrator. Most personal firewalls such as Windows firewall operate on a set of pre-configured rules which are most suitable under normal circumstances, so that the user need not worry much about configuring the firewall.

Personal firewalls are easy to install and use and hence preferred by end-users to secure their personal computers. However, in order to meet customized needs large networks and companies prefer those firewalls that have plenty of options to configure.

For example, a company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In addition, the company can control how employees connect to Web sites, whether files are allowed to leave the company over the network and so on. Thus, in addition to security, a firewall gives a company tremendous control over how people use the network.

Firewalls use one or more of three methods to control traffic flowing in and out of the network:

• Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packet filters has a set of rules that come with accept and deny actions which are pre-configured or can be configured manually by the firewall administrator. Packets that make it through the filters are sent to the requesting system and all others are discarded.
• Stateful inspection - A newer method that doesn't examine the contents of each packet. Instead compares certain key parts of the packet to a database of trusted information. Both incoming and outgoing packets are compared against this database. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

Firewall configuration :

Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are:

• IP addresses - Each machine on the Internet is assigned a unique address called an IP address. In any case, if an IP address outside the network is said to be unfavourable, then it is possible to set filter to block all the traffic to and from that IP address. For example, If a certain IP address outside the company is reading too many files from a server, the firewall can block all traffic to or from that IP address.
• Domain names - Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.libraryofhacks.blogspot.in than it is to remember 156.17.41.157. Since it is difficult to remember the IP addresses, it is an easier and smarter way to configure the firewalls by adding filters based on domain names. By setting up a domain filter, a company may decide to block all access to certain domain names, or may provide access only to a list of selected domain names.
• Ports/Protocols - Open ports (which are online - can receive/send data) are like open door of our house which can lead to theft. If the services running on a given port is intended for the public or network users, they are usually kept open. Otherwise they are blocked using the firewall so as to prevent intruders from using the open ports for making unauthorized connections.
• Specific words and phrases - A firewall can be configured to filter one or more specific words or phrases so that both the incoming and outgoing packets are scanned for the words in the filter. This can be anything. The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it. The key here is that it has to be an exact match. The "X-rated" filter would not catch "X rated" (no hyphen). But you can include as many words, phrases and variations of them as you need.

Real-time examples :

• IP addresses/Domain names - Torrent websites blocked on our college internet network.
• Ports/Protocols - Internet connection which supports surfing, but does not support downloading. (Because the FTP port of the system in closed.)
• Specific words and phrases - Filter any packet that contains an offensive term or a phrase that you may decide to block from entering or leaving your network.

Hardware vs. Software Firewall :

Hardware firewalls provide higher level of security and hence preferred for servers where security has the top most priority. The software firewalls on the other hand are less expensive and hence preferred in home computers and laptops.

Hardware firewalls usually come as an in-built unit of a router and provide maximum security as it filters each packet at the hardware level itself even before it manages to enter your computer. A good example is the Linksys Cable/DSL router.

In hardware firewalls, the firewall system in managed in the router itself. Hence, when any computer with weak/no firewall system connects to the router, it can safely surf the internet. It is because the incoming packets are filtered at the router itself i.e. before entering your computer system.