close

What is a Firewall?

Firewall’s can be either hardware or software and will filter network traffic based on various criteria, called security policies, setup by the user.  Firewalls, when properly configured, can reduce the likelihood of your computer being attacked or hacked by other people.

A firewall’s basic task is to control traffic between computer network segments with different “zones” of trust. Examples of typical zones would be an internal network (you) which is a zone with high trust and the Internet (everyone else) which is a zone with no trust. The ultimate goal is to provide controlled interfaces between zones of differing trust levels through the enforcement of security policies.

Proper configuration of your firewall usually will require considerable understanding of network protocols and of computer security. However, many personal firewalls can be installed and configured easily with little knowledge of network security.

Packets are allowed to pass through the firewall filter based on pre-configured rules.  A common permissioning method used to setup rules is to alow all packets to pass, unless they match sources setup in the “deny-rules”.

Two types of firewalls:

  • Hardware-based firewalls
    Hardware-based firewalls are firewalls that exist in network devices and do not rely on software to run on any particular computers, other than software that may be used to upload configuration information into the hardware-based firewall.

Hardware-based firewalls are usually called network firewalls.  These firewalls run on a dedicated network device, or computer, positioned on the boundary of two or more networks.  Such a firewall filters all traffic entering or leaving the connected networks.

  • Software-based firewalls
    Software-based firewalls are software applications that are installed on individual computers and normally protect only the PC that the software is installed on.

Software-based firewall are sometimes referred to as personal firewalls.  They are typically used by home, or small-office, users because they’re inexpensive, easy to install, and usually only needed for a single computer.

In reference to the layers where the traffic can be intercepted, three main categories of firewalls exist:

Network layer

Network layer firewalls operate at a low level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules, or default built-in rules may apply.  Traffic rules are commonly setup to filter packets based on the source IP address, source port, source domain name, or various criteria of the destination of those packets.

Application-layer

Application-layer firewalls work on the application level of the TCP/IP stack (such as browser traffic), and intercept all packets traveling to or from an application. These application firewalls are made to prevent all unwanted outside traffic from reaching protected machines.

By inspecting all packets for improper content, firewalls can even prevent the spread of viruses. However, given the variety of applications and the diversity of content each may allow in its packet traffic, some manual configuration or periodic updates are usually necessary.

Proxies

A proxy device, running either on dedicated hardware or as software on a general-purpose machine, may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets.

Network address translation

Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the “private address range”. Firewalls often have such functionality to hide the true address of protected hosts.  Using NAT, or a proxy servers, all outgoing connections may appear to be coming from one person, but actually generated by several computers (or people) within the internal network (inside the firewall).

Buying a firewall

The best firewall for your needs depends on how complex your network is.  If you’re just a single person hooked up to the internet using dial-up, it’s best to find a provider who can give you a firewall solution with your service (thrown in).  For most single nodes connected to the web, a software firewall solution is sufficient.  Software firewall’s can be either standalone, or packaged with other Internet Security Suite software.  More complex networks usually require a hardware-firewall solution.  One of the most economical products on the market today, for those wanting a hardware firewall solution, is wireless routers with a built-in firewall.  Prices have come down, and they are sophisticated enough to be used at home or in the office.