The concept of firewalls can be perplexing for some, especially as the term is applied to different things in and out of the IT arena. It refers to several types of hardware and software, and it encompasses multiple different technical approaches. On top of this, firewalls are available as enterprise-grade products, consumer desktop versions, freeware, and are even built into most standard operating systems.
What is a firewall?
A firewall is simply a gatekeeper between different zones of trust. Systems inside an organization have a high degree of trustworthiness. External partners, suppliers, and customers exist in different zones of lower trust. And, of course, the least trusted zone is the "untamed frontier" of the Internet. Connecting to any outside systems means risking exposure to viruses, hackers, and a multitude of other threats. The firewall is the first line of defense against these threats.
A company's firewall enforces defined security policies regarding whether, how, and which computers and networks can communicate with their internal systems. When a firewall is installed on a network or computer, all data sent to and from it is monitored and compared with a set of user-defined security criteria. Any traffic that doesn't meet those rules is blocked. The personal firewall software on a PC erects a similar barrier around that computer's resources.
Filters
Administrators can configure firewalls to filter content based on:
- IP address ?Firewalls can block traffic based on a machine's unique IP address. For instance, it can ignore requests from a computer that attempts several incorrect logins.
- Protocol ?Policies can define whether and how different types of network communications are handled. They can, for example, block all telnet requests originating from the outside.
- Domain name ?Filtering out requests for ESPN.com or EBay data could help discourage leisure and private web surfing while on the job.
- Key words ?Similarly, some firewalls can filter out content that contains specific words and phrases.
- Ports ?Rules tighten access to server ports.
Firewall approaches
Most firewalls employ one or more of the following methods to enforce security policies:
Packet Filtering ?Examines packet attributes such as originating IP address or destination service to screen out all traffic that doesn't conform to the rules.
Application Layer Gateways ?Also known as proxy servers, these act as middlemen between internal client machines and external systems. They pass authorized packets along while shielding clients from unauthorized traffic. Proxies are often specific to a network service (HTTP, FTP, telnet).
Stateful Inspection ?This approach examines packet contents and makes decisions based on its context. It uses a table of connection states and knowledge of how types of communication typically operate to differentiate authorized from unauthorized traffic. For example, it could block a mysterious application from opening an FTP connection, thus preventing a hidden keystroke logger program from "phoning home" with its purloined information.
Limitations
A firewall, however, is only as strong as the security policies it enforces. Read this HP How-To Guide for tips on defining effective security policies for a strong firewall.
And like door locks, a firewall is a necessary first step, but it's no cure-all. A determined attacker can find ways around it, and it does nothing to protect against attacks and mistakes that originate inside of its perimeter.
For higher security, firewalls should be used in conjunction with anti-virus software, spyware scanning software, intrusion detection systems, and other safeguards. Most commercial firewall products are available as part of an integrated suite of security software. This Information Week article reviews several recent firewall applications.
For in-depth introduction to firewalls, take the free Firewall Basics course from the HP Learning Center.
