Basic Firewall Security Filters

We have all heard about malicious software being transferred throughout the Internet. Generally, these attacks happen when a user unknowingly downloads and then transfers it without intent.  These attacks happen when the user has given the program permission to install.  The user thinks this program has good intentions, when in reality these programs are usually a scam to force people into buying a product.

firewall

But there are other methods by which malicious code can get on a computer.  The most common method is by opening contents of web email.  Generally, web-based email blocks picture content and asks the user if it is okay to display those images.  In the past, viruses have been able to infiltrate a system using these images.  These infections can then spread over a network.

The objective is to deter these attacks.  If that’s not possible, make the security strong enough so that the system can catch the hack while it is happening.

In order to understand a very basic tool to network security, one has to know a little about the protocols being used on the Internet.  The protocols used on the Internet are the TCP/IP protocol stack.  The word “stack” entails there are many different kinds of protocols being used, such as, Simple Network Management Protocol (SNMP), File Transfer Protocol (FTP), to the infamous Hypertext Transfer Protocol (HTTP).  All of these protocols, or set of rules used by which computers communicate, are designated a port number.  This port number is just a logical number.  This way, when a port number comes into a computer, the computer knows what protocol to use for that connection.  A very basic principle of security uses the idea of IP addresses, protocols, and ports.  That is, to constrict the traffic flow into your network with information that you are going to use.  All other ports be closed completely, or open to specific IP addresses.

In other words, a firewall.

A firewall is literally a digital filter.  It filters out all the information that you need to use, and blocks any communication on ports that are not needed.  This is more secure because there is less ports to make a connection with, and hopefully the ports are opened because the information can be trusted.  Can hackers still infiltrate a network with a tightly configured firewall?  Yes.  It just takes more time and resources.  People don’t realize that the world of hacking is an ever-evolving community.  Computers and computer networks are all man made.  Therefore, almost anything can be exploited.

Firewalls are at the front lines to these breaches.  Usually in a business environment, the IT team will implement a hardware firewall right behind the router.  The firewall has a built in switch, so other switches or computers can be plugged in.  That hardware firewall is the first filter the data goes through.  Then, once the data reaches the client computers, the software firewall on the Operating System re-filters the information before the data is used.

Client-side firewalls are becoming more and more powerful with the customization one has with making a rule.  They are starting to resemble that of hardware firewalls, but hardware firewalls have greater power with what they can do.

A hardware firewall has inbound and outbound rules.  Inbound means traffic coming into the firewall; outbound is traffic coming from behind the firewall out to the Internet.  Hardware firewalls allow a person to specify inbound traffic from an IP address, going to a specific IP address, on which port and on which protocol.  It is possible to open a port to the world as well.  (For an example, port 80 would be open to the world because that is the port HTTP uses.)  While seemingly redundant, specifying ports allow administrators to manually configure applications to listen for a specific port with a certain protocol.  The outbound rules are similar.  The specific ports that are going to be used to send information from the network need to be opened, but only the ones that are being used.  The concept behind a firewall is to constrict the traffic coming in and out to only data that is being used.  Any accessibility can only be through those ports. A firewall provides added security and creates another layer of configuration and complexity to thwart attackers.