What is a firewall? Since firewalls have been in the news recently, this is a question you may be asking. While your data lies on a server somewhere up in the cloud, what exactly is protecting it from ruthless marauders? What is this great beacon of security? Well, you can think of a firewall as the security guard in a controlled building. Like the security guard checking names against a list, the firewall protects information by determining what data is allowed in based on a set of rules. If a visitor meets all the requirements, that individual can step on in. If the visitor doesn’t fit the bill, the individual gets booted instantly. In a data environment, a firewall generally controls access to resources of a network through a positive control model. In other words, only the traffic that meets a firewall policy is allowed onto the network. All other traffic is denied.
What Is a Firewall and What Is the Origin
If you are wondering if the word “firewall” has a relation to firefighting. You’re absolutely right. That term was pinched from the fire prevention biz where a barrier is needed to prevent a fire from spreading. In our case, that fire could be anything from a computer worm to spyware. When computers evolved from the simple mainframe to the client-server model, control of access became a higher priority. With the computer systems becoming smaller in size and more interconnected, there was more opportunity for those outside of the military and research world to get their hands on personal computing systems. As the user base grew, the greater the need became to protect both commercial and personal data from malicious outside forces.
What is a firewall and how does it defend our information? A firewall is the first line of defense in protecting computer systems. It can either be a piece of software or a hardware-based computer appliance filtering traffic between two or more networks. Software firewalls are well suited to individual users and small businesses. They can be easily installed on a piece of hardware (ie, a desktop or a laptop) and are often much cheaper than a hardware solution. Software firewalls can be easily upgraded, as well. Software firewalls generally provide features like hiding your PC from other systems, alerting a user of all unauthorized inbound and outbound connection attempts, tracking events to see who’s accessed or tried to access a computer, and blocking or preventing hacking attempts.
With the surge of e-mail and web-borne attacks a hardware firewall is essential in a large company environment. A hardware firewall is a specialized box that contains customized hardware and software. When properly configured that box will provide a barrier that can hide an organization’s collection of computers from the outside world. They can also divide departments within the organization from one another. For example, sectioning off the data of your HR department from the accounting department would prevent an accounting employee from seeing something they are not privileged to in HR. A hardware firewall will provide features like network address translation, port management, stateful packet inspection, virtual private networking, activity logging, and content/URL filtering.
NAT, Port Management, SPI, VPN, Activity Logging & URL Filtering
Network address translation (NAT) gives computers behind a firewall a set of private addresses, but presents only a single address to the outside world. This translation prevents unauthorized connections to those internal systems.
A modern hardware firewall will close all uninvited access to ports on your connected personal computer by default. A port is a like a tiny entryway that is either closed or open. If some malicious software tries to form a connection with a port that is blocked, the firewall would deny the request via this port management.
Stateful packet inspection (SPI) is a security feature that takes a hard look at network packets. A packet is a block that contains identifying information that is used to direct it to its destination. The packet also contains actual data that is the cargo of the data transmission. An SPI firewall can tell if an incoming packet is unwanted or if it was actually requested from an internal computer. In other words, the firewall keeps track of the state of all network connections traveling across it.
A VPN or Virtual Private Network gives employees access to information behind a firewall. A firewall with VPN support allows a connection via an encrypted tunnel. So someone outside the network on their work laptop can still access data inside the firewall securely.
A hardware firewall will provide you with intricate detail regarding network activity. A good one will track, record, and report the activity collected by the device, alerting you when there is a problem. A hardware firewall will also provide features like blocking access to suspicious URLS or sites that are on a black-list.
What is a firewall? In summary, a firewall is one of the resources an individual or larger enterprise should use to filter traffic and prevent unauthorized access of precious internal data. Whether it be via a software firewall, hardware firewall, or both you will be one step closer to a far more secure network employing this security measure. Just remember, you can’t just rely on a firewall for defending the information castle, but that’s a story for another time.