If you are in a regular exposure of the internet or any kind of network, chances are that you have come across the term “Firewall”. What does a firewall mean? The term firewall in computing has been taken from actual firefighting process in which a firewall is a physical wall that is established to prevent the fire from spreading and hence avoiding further damage. Similarly, in the computing world, a firewall is either software or hardware that monitors and controls the data flow between the Internet and an internal network. A firewall can be a piece of software which is installed on your computer and can be manipulated with a different set of rules.
A firewall can also be a piece of hardware that is directly installed with our routers. So every kind of data which comes from the Internet to the private network first goes through the firewall installed in the middle of the internet and the intranet. The firewall analyses and checks if the data matches any set of defined rules and accordingly flags them for rejection or approval. Today, most of the operating systems come pre-installed with a firewall.
At our homes, we use the firewall to secure our personal computer from hackers gaining access to our private data. Similarly, in an enterprise, the firewalls with more customized rules are used to control the flow of data between the Internet and the intranet of the organization. Let us assume that a company has 1000 employees working in a facility with computer systems interconnected via a network interface card. The hub which connects these computers is connected to the internet by some sort. Now the hub has to have some security measure that will check the data that flows from the Internet to the intranet.
In the absence of this security measure, anybody connected to the internet outside of the organization might exploit the systems inside the organization by establishing a connection of some means and hence might have access to the organization’s confidential data. If a firewall is established, however, the outside networks will not be allowed through the firewall. On the funny side, most of the people who are unable to access their favorite websites from the office have this firewall thing to blame.
Some Common Firewall Techniques
The firewall uses one or more of the following techniques to filter the inbound/outbound data:
1. Packet Filter:
Each packet is analyzed and is accepted or rejected based on the user-defined set of rules. It is very effective but is difficult to configure. It is also vulnerable to IP Spoofing.
2. Application Gateway:
Only some specific applications, like FT and TELNET, are equipped with the security mechanism. This is also an effective method but can degrade the network performance.
3. Circuit Level Gateway:
4. Proxy Server:
All messages entering and exiting the network are intercepted. It helps to hide the actual network address.
5. Stateful Inspection:
In this method, all the packets are not checked. The method keeps a track of the state of the connection. Certain key parts of the packet are compared with a trustworthy database for setting the flags.
If there isn’t a Firewall ?
If a system has not been installed with a firewall, it is vulnerable to the following issues:
1. Denial of Service
This is one of the most popular and dangerous security issues. In this, a hacker sends a server, a request to connect to it. When the server responds with an acknowledgment it is unable to find the requesting machine. This can slow the network down severely and eventually might result in a crash.
It is a very well know security issue. A virus can duplicate itself from one place in the computer to multiple locations, hence causing a system slowdown.
Span is an electronic equivalent of junk mail. It is typically harmless but incisively annoying. It usually contains the link to various websites some of which might expose the system to network threats.
4. Source Routing
The source router usually determines the path the packet will be traveling in its lifetime. So hackers exploit this to fake a packet of data coming from a trusted source.
5. Application Backdoors
Certain applications have a hidden feature that allows remote access of the application computers by the service providers. This feature can also be exploited by the hackers to enter your system.
Macros are small scripts that are used to automate some pre-defined tasks on the computer. Hackers can send automated macros to your computers to crash your data.
An e-bomb is a personal attack. A hacker can send you he same email multiple times which prevents you from receiving other emails which might be of high importance.
8. Remote Logging
This means that someone on a remote system can connect to your computer and take control of it.
9. Operating System Bugs
Like application backdoors, some operating systems have bugs that might work as backdoors allowing the hackers to have access to your core component files.
10. SMTP Session Highjacking
SMTP is the most commonly used protocol for emails. By gaining a list of addresses of emails, a user can send thousands of junk files by redirecting the mail through the SMTP servers.
We can avoid all of these by setting up an effective firewall system.
Setting Rules in a Firewall
The good thing about firewalls is that they are customizable. We can add or remove filters for data filtering through the firewall. Some components which are involved are as follows:
1. IP Address
Specific IP addresses can be blocked. If a certain IP address is reading too many files from the intranet of an enterprise, that particular IP can be blocked using a firewall.
2. Domain Names
It is difficult to remember IP addresses and hence they are masked by domain names which are easy to remember. So, the firewall can also be used to block certain domain names which should not be allowed to be accessed.
The firewall filters can also be used to include some specific protocols. Some of these protocols are IP, TCP, UDP, HTTP, FTP, ICMP, SMTP, SNMP and Telnet.
Ports are numbered locations on a system, which allow the services to connect to the system through them to outer services like the internet. So a firewall can block access to specific ports accordingly.
5. Specific Words/Phrases
The firewall can detect specific words or phrases by looking through each packet before allowing them through itself.
In some organizations, some computers are intended to be remotely accessed for specific business purposes. So, this computer can be placed in a Demilitarised Zone or DMZ. It is just an area outside of the firewall. So this technique is often used by large enterprises.
Firewalls make the digital life whole lot secure by filtering the data, your computer receives. It is considered a best practice to setup a firewall alongside an anti-virus system before getting yourself connected to the internet.
Thank You for reading this article. We hope you enjoyed it.
This can be useful information for someone in your circle. Share with them on Facebook, Google+, Linkedin etc.