Introducing Firewalls

Introducing Firewalls

In essence, a firewall is a device that blocks external users from

accessing your network. Typically, a firewall is a router -- a

standalone computer running special filtering software -- or a

proprietary device running such software ("firewall in a box"). A

firewall can provide a single access point, or a choke point, to a

site. Connection requests first arrive at the choke point. Only

requests from authorized hosts are processed; other requests are

discarded.

Modern firewalls perform additional tasks. For example, they can

disable certain protocols and content type. Just as you can disable

your Web browser's Java and JavaScript support, a firewall can screen

incoming content and disable Java applets, JavaScript code, cookies,

etc.... In fact, firewalls are more capable than that -- they allow you

to define rules to thwart attacks by specifying their signatures. We

will get to this shortly. Another common task that firewalls perform is

packet filtering and analysis. Because firewalls recognize many

protocols, they can read incoming packets' content and apply certain

restrictions and security measures to block malicious or illicit

content. Finally, firewalls support encryption and authentication

services. This enables them to verify users' identity and protect data

from eavesdropping.

Attack Signatures

Usually, hostile attacks have typical commands, ports and flags

associated with them. Consider the day and daytime denial-of-service

attacks. The day and daytime protocols run on ports 13 and 37

respectively. Linux 2.0.x crashes when attackers stealthily scan these

ports via half-open connections that don't resolve to live sessions.

Upgrading the kernel is the recommended remedy; however, if this is not

an option, you can still use the firewall's ability to disable

suspicious users from accessing these ports.

Firewall Types

Using a router as a firewall has two major advantages. First, it's

platform neutral. Therefore, attackers can't exploit certain OS

vulnerabilities. Second, since all the incoming network traffic must

pass through the router anyway, it's an ideal location for blocking

unwanted content and users from accessing a site. However, router-based

firewalls have their drawbacks, too. Applying rigorous filtering

policies can degrade routers' performance significantly. Furthermore,

many routers aren't immune to spoofing attacks. An application-proxy

firewall, or application gateway, is another type of a firewall.

Instead of running on a router, it operates on a computer. It replaces

the connection between external users and a local network, accepts the

original IP packets and substitutes them with corresponding data. In

other words, it serves as a conduit and interpreter between external

users and the local network.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies