Basics of Firewall and Firewall Security

What is firewalls?

It is a computer security systems that protect your office/home PCs or your network from intruders, hackers & malicious code. Firewalls protect you from offensive software that may come to reside on your systems or from prying hackers. In a day and age when online security concerns are the top priority of the computer users, Firewalls provide you with the necessary safety and protection.

Definition of firewalls?

Firewalls are software programs or hardware devices that filter the traffic that flows into you PC or your network through a internet connection. They sift through the data flow & block that which they deem (based on how & for what you have tuned the firewall) harmful to your network or computer system.

When connected to the internet, even a standalone PC or a network of interconnected computers make easy targets for malicious software & unscrupulous hackers. A firewall can offer the security that makes you less vulnerable and also protect your data from being compromised or your computers being taken hostage.

How do they work?

Firewalls are setup at every connection to the Internet, therefore subjecting all data flow to careful monitoring. Firewalls can also be tuned to follow "rules". These Rules are simply security rules that can be set up by yourself or by the network administrators to allow traffic to their web servers, FTP servers, Telnet servers, thereby giving the computer owners/administrators immense control over the traffic that flows in & out of their systems or networks.

Rules will decide who can connect to the internet, what kind of connections can be made, which or what kind of files can be transmitted in out. Basically all traffic in & out can be watched and controlled thus giving the firewall installer a high level of security & protection.

Firewall logic

Firewalls use 3 types of filtering mechanisms:

• Packet filtering or packet purity
  
  Data flow consists of packets of information and firewalls analyze these packets to sniff out offensive or unwanted packets depending on what you have defined as unwanted packets.
   
• Proxy
  
  Firewalls in this case assume the role of a recipient & in turn sends it to the node that has requested the information & vice versa.
   
• Inspection
  
  In this case Firewalls instead of sifting through all of the information in the packets, mark key features in all outgoing requests & check for the same matching characteristics in the inflow to decide if it relevant information that is coming through.
   

Firewall Rules

Firewalls rules can be customized as per your needs, requirements & security threat levels. You can create or disable firewall filter rules based on such conditions as:

• IP Addresses
  
  Blocking off a certain IP address or a range of IP addresses, which you think are predatory.
   
• Domain names
  
  You can only allow certain specific domain names to access your systems/servers or allow access to only some specified types of domain names or domain name extension like .edu or .mil.
   
• Protocols
  
  A firewall can decide which of the systems can allow or have access to common protocols like IP, SMTP, FTP, UDP,ICMP,Telnet or SNMP.
   
• Ports
  
  Blocking or disabling ports of servers that are connected to the internet will help maintain the kind of data flow you want to see it used for & also close down possible entry points for hackers or malignant software.
   
• Keywords
  
  Firewalls also can sift through the data flow for a match of the keywords or phrases to block out offensive or unwanted data from flowing in.
   

Types of Firewall

• Software firewalls
  
  New generation Operating systems come with built in firewalls or you can buy a firewall software for the computer that accesses the internet or acts as the gateway to your home network.
   
• Hardware firewalls
  
  Hardware firewalls are usually routers with a built in Ethernet card and hub. Your computer or computers on your network connect to this router & access the web.

 What is Firewall Security

Hackers utilize several exploits to penetrate firewalls and undermine firewall security. The most common of these include:
Brute force – sending an extremely large number of different password combinations to the firewall.
Backdoor passwords – some firewalls have backdoor maintenance passwords to provide the manufacturer diagnostic access.
Service provider passwords – some service providers configure firewalls with passwords that allow them to login and change settings remotely.
Improper configuration – studies show that up to 50% of firewalls are not configured properly, weakening the firewall’s security. Many users simply leave the default settings, without determining what it is they need to protect with the firewall.
Firmware bugs – hackers can exploit flaws in the firewall’s firmware to gain access.
Telnet/web access – some firewalls respond to telnet queries, from which hackers can deduce the model and then hack using known weaknesses or firmware bugs.

Alone, firewalls stand no chance of giving your network the protection it needs. They are better deployed as part of a comprehensive network security strategy, along with other tools such as IPCopper, a network activity recorder (also known as a packet capture appliance), to protect your network and give you insight into the actual IP traffic that routinely traverses it. Firewalls and packet capture appliance are complementary tools that every organization should deploy together in order to gain the most out of their firewall security and best protect their network and crucial computer systems.