Firewalls

How a firewall works

To understand how a firewall works, imagine that your network is a building to which you want to control access. Your building has a lobby as the only entry point. In this lobby, you have receptionists to welcome visitors, security guards to watch visitors, video cameras to record visitor actions, and badge readers to authenticate visitors who enter the building.

These measures might work well to control access to your building. But, if an unauthorized person succeeds in entering your building, you have no way to protect the building against this intruder's actions. If you monitor the intruder's movements, however, you have a chance to detect any suspicious activity from the intruder.

Firewall components

A firewall is a collection of hardware and software that, when used together, prevent unauthorized access to a portion of a network. A firewall consists of the following components:

• Hardware

  Firewall hardware typically consists of a separate computer or device dedicated to running the firewall software functions.

• Software

  Firewall software provides a variety of applications. In terms of network security, a firewall provides these security controls through a variety of technologies:

  • Internet Protocol (IP) packet filtering
  • Network address translation (NAT) services
  • SOCKS server
  • Proxy servers for a variety of services such as HTTP, Telnet, FTP, and so forth
  • Mail relay services
  • Split Domain Name System (DNS)
  • Logging
  • Real-time monitoring
  Note: Some firewalls provide virtual private network (VPN) services so that you can set up encrypted sessions between your firewall and other compatible firewalls.

Using firewall technologies

You can use the firewall proxy servers, SOCKS server, or NAT rules to provide internal users with safe access to services on the Internet. The proxy and SOCKS servers break TCP/IP connections at the firewall to hide internal network information from the untrusted network. The servers also provide additional logging capabilities.

You can use NAT to provide Internet users with easy access to a public system behind the firewall. The firewall still protects your network because NAT hides your internal IP addresses.

A firewall also can protect internal information by providing a DNS server for use by the firewall. In effect, you have two DNS servers: one that you use for data about the internal network, and one on the firewall for data about external networks and the firewall itself. This allows you to control outside access to information about your internal systems.

When you define your firewall strategy, you might think it is sufficient to prohibit everything that presents a risk for the organization and allow everything else. However, because computer criminals constantly create new attack methods, you must anticipate ways to prevent these attacks. As in the example of the building, you also need to monitor for signs that, somehow, someone has breached your defenses. Generally, it is much more damaging and costly to recover from a break-in than to prevent one.

In the case of a firewall, your best strategy is to permit only those applications that you have tested and have confidence in. If you follow this strategy, you must exhaustively define the list of services you must run on your firewall. You can characterize each service by the direction of the connection (from inside to outside, or outside to inside). You should also list users who you will authorize to use each service and the machines that can issue a connection for it.

What a firewall can do to protect your network

You install a firewall between your network and your connection point to the Internet (or other untrusted network). Then you can limit the points of entry into your network. A firewall provides a single point of contact (called a chokepoint) between your network and the Internet. Because you have a single point of contact, you have more control over which traffic to allow into and out of your network.

A firewall appears as a single address to the public. The firewall provides access to the untrusted network through proxy or SOCKS servers or network address translation (NAT) while hiding your internal network addresses. Consequently, the firewall maintains the privacy of your internal network. Keeping information about your network private is one way in which the firewall makes an impersonation attack (spoofing) less likely.

A firewall allows you to control traffic into and out of your network to minimize the risk of attack to your network. A firewall securely filters all traffic that enters your network so that only specific types of traffic for specific destinations can enter. This minimizes the risk that someone might use Telnet or File Transfer Protocol (FTP) to gain access to your internal systems.

What a firewall cannot do to protect your network

Though a firewall provides a tremendous amount of protection from certain kinds of attack, it is only part of your total security solution. For instance, a firewall cannot necessarily protect data that you send over the Internet through applications, such as Simple Mail Transfer Protocol (SMTP) mail, FTP, and Telnet. Unless you choose to encrypt this data, anyone on the Internet can access it when it travels to its destination.