ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel
  • »
  • Technology»
  • Internet & the Web

Computers' security - Firewalls

Updated on July 23, 2016

Introduction

Firewalls are devices that are used to filter traffic in or out of a secured internal network, also known as the intranet, from or to the unsecured external network, also known as the internet. Intranet in broader terms means the trusted and secure internal network of the organization while the internet is the entrusted and insecure global interconnection of networks. Firewalls are installed in a network by individuals or organizations to protect their computers that are connected to the internal network from external threats by permitting only selected secure communication with the outside or the internet in other terms.


A firewall sets a demarcation point in a network. It establishes the only point via which traffic can flow. It, therefore, knows all that is getting in and out of an internal network. It is due to this ability that it can guarantee that all insecure connections or traffic will be rejected while traffic termed as grant secure access to the internal network. Firewalls work on a knowledge base that helps them enforce access control to the internal network and by default, they grant access to all the traffic that has been permitted in the firewall policy and deny access to all other unpermitted traffic.

Firewalls can be put into two broad categories based on the number of machines they protect. The first category is host-based firewalls that are used to filter traffic flow in and out of a single computer that they have been installed in. The second category is network-based firewalls, which are installed on a system to filter the traffic flow of all the computers connected to that network. Firewalls come in two types; they can be hardware or software based. These two types will be discussed later on in the paper.

Computer protection

Source

Benefits of Firewalls

The internet is a dangerous place. It is dangerous because all sorts of people with different intentions are there. The list of the bad guys includes hackers, intruders, attackers, spies for industrial espionages and many others. Organizations can only praise firewalls for the protection they offer to networks to help keep the organization, its users, and its trade secrets among many other things secure. The benefits of firewalls are quite many. The following is just a sample from the lot:

1. Traffic monitoring

At the very least, firewalls monitor the traffic flowing into a given network. Most firewalls, however, monitor both ends; traffic entering and leaving a network. In networks, information flows in small chunks called packets. These packets are monitored by the firewalls. Typically, their addresses and contents are analyzed to ascertain that they do not contain hazardous contents or are from entrusted sources. Users in an internal network can also send harmful contents with or without their knowledge and therefore, traffic coming out of the network is also monitored. This ensures that the users outside the network pose no threat to the users inside the network and the same is true the other way round.

2. Blocking malware

Malware is the collective term that refers to all types of harmful and intrusive software. They include viruses, worms, Trojan horses, spyware, and ransomware among other malicious software. They can be in any form, from just lines of executable codes or scripts to entire software. When traffic is being sent both from outside or inside the network, these little malicious intruders can latch onto the contents being sent and that way they can get ‘catapulted’ to another host at the destination and infect it. Thanks to firewalls, their trips are cut short at the firewalls that have various techniques of weeding them out thus preventing any further spreading and infections.

3. Blocking intruders/hackers

Some bugs in operating systems can allow hackers gain remote access to computers within the network and use them to open files, email, delete contents or attack other computers within the network. Thankfully, firewalls have the capability to spot intruders and block them. Using intrusion signatures in their database, firewalls know virtually all the common ways used to intrude a network and thus can foil any attack based on such intrusion mechanisms.

Hardware versus Software Firewalls

Hardware Firewalls

Hardware firewalls can be acquired and installed as stand-alone products, but are found in broadband modems and routers. They act as the first line of defense to the internal network. Mostly, hardware firewalls use packet filtering to determine what to allow or reject into an internal network. They examine the header contents of a packet that contains the source and destination address. This information is passed to a knowledge base of the user predefined rules, and this helps determine whether the packet is to be accepted or rejected.

There have been some improvements in current hardware firewall technology. Today, it is not just the traditional packet filtering that is carried out. The modern hardware firewall has an inbuilt Intrusion Prevention Systems. These IPSs boost the security of the internal network by effectively detecting and countering any intrusive activities in the network. When there is a detection of malicious activity by IPS, it blocks the connection and blocks the specific internet protocol (IP) address that the connection came from.

Hardware firewalls are normally recommended for medium and large size businesses, which typically have many computers to secure. This is because of their cost effectiveness. Just a single hardware firewall can secure multiple computers; typically they can secure all the computers in a network they are installed on. There are some issues an individual needs to put into consideration before purchasing a hardware based firewall such as the number of VPN and users in a network. Underestimation of the number could exhaust the capacity of the firewall, affecting the internet connection speeds or jeopardizing the security of very many computers.


hardware firewalls

Source

Software Firewall

Software firewalls are traffic filtering programs installed on individual computers. In contrast with hardware firewalls, they do not secure more than one computer apart from the one they are installed on. They can be customized by the user giving them a level of control over their protective functions and features. Software firewalls, first of all, protect the machine they are installed on from attempts by attackers to intrude it or gain remote control. Secondly, software firewalls protect against malware such as Trojans and worms from entering or leaving the internal network. Thirdly, they can secure user files and printers by having the user define their access controls. Fourthly, they can block insecure individual applications from running on the computer. Many are the times users download harmful programs and run them without knowing the consequences. Software firewalls keep an open eye just to nab such kind of programs. Software firewalls can also incorporate website filtering and some other software-based protection functionalities.

When buying software firewalls, the main concern is the number of functionalities they offer. Typically, one should go for the ones that offer most features in anticipation of all threats that may be faced.There might be some differences between hardware and software firewalls, but both perform similar tasks. They act as the barrier between the computer and the insecure Internet.

software firewalls

Various Methods of Controlling Traffic

Firewalls use various methods to control traffic flow in and out of the network system. This include:

Packet Filtering

Packet filtering involves the use of Access Control Lists (ACLs). ACLs are typically rules that read the header contents of a packet. They then analyze and determine whether the IP address in the header is trusted, if it is not, that packet gets rejected and dropped. The advantage of ACLs is their scalability; one can add or remove IP addresses easily to or from the list respectfully. They are also very fast in performance because they only examine the packet header. The disadvantage of ACLs is that they only read the header of the packet to get the IP address and analyze it.However, there is technology that enables attackers to forge the IP address to appear as if it is from a trusted IP address.

Proxy Service

The firewall impersonates the destination address of the computer being secured and thus data from the internet is received by the firewall at first (Palo Alto Networks, 2015). It then analyzes and inspects it, and if it is found to be safe, the firewall sends it to the real destination. The same process is repeated for data from the computer being secured when it is sending a reply.The reply passes through the firewall then it is sent to the external destination. In this kind of firewall mechanism, there are two TCP connections that are established, the first one between the firewall and packet source, and the other one between the firewall and the packet destination.

Stateful Inspection

Stateful or dynamic packet inspection firewall technique works by the maintenance of a table of the active UDP and TCP sessions. Each entry into the table keeps a record of a session, source IP address, IP address destination, current TCP sequence number, and port numbers. Traffic is inspected by checking the destination port and tracking of the traffic state for each interaction of a given open connection. This ensures that the incoming traffic is a reply to a request by computers in the internal network. This prevents illegitimate traffic from just flowing into the network.


Firewalls Configuration

Firewalls are easily customizable. This shows that an individual can remove or add filters based on different circumstances such as:

Internet Protocol Address

Any computer connected to a network is manually or automatically given a distinctive address, an IP address. They are usually 32-bit numbers, which are displayed as four “dotted decimal numbers.” A normal IP address looks like this: 217.28.62.137. Firewalls may be configured to accept or deny traffic from given IP addresses that are associated with insecure traffic. For instance, if a given IP address outside a network tries to attack the server, the firewall is capable of blocking that specific IP address.

Domain Names

Since IP addresses are difficult to recall, and they change regularly, servers have human-readable names, known as the domain names. It is easier for an individual to remember www.bbc.com as compared to 217.28.62.137. Firewalls have the ability to block specific domain names and give access to certain names. Domain names can be added to the blacklist of firewalls and any traffic from that domain name is automatically rejected and dropped by the firewall.

Protocols

A protocol is a predefined way in which a computer program talks with a service it wants to use. For example, a web browser requesting for internet service. Protocols are mostly in the textual form, and they describe how the server and client will talk/communicate. The following are examples of protocols that can be set for firewall filters:

a. Transmission Control Protocol (TCP) – breaks apart and rebuilds information traveling over the Internet.

b. Internet Protocol (IP) - This is the main system used for data delivery.

c. File Transfer Protocol (FTP) – for uploading and downloading files.

d. Hyper Text Transfer Protocol (HTTP) - It is used more often for website pages.

e. User Datagram Protocol (UDP) - Its function is streaming videos and audio, mostly for data that needs no response.

f. Simple Mail Transport Protocol (SMTP) - Its main function is sending text-based data such as emails.

g. Internet Control Massage Protocol (ICMP) - ICMP main function is interchanging information between routers.

h. Simple Network Management Protocol (SNMP) - The main function is collecting system data from a remote PC.

i. Telnet - Telnet is used for the command performance on remote computers.

A company has the capability to set up single or two machines to handle given protocol and prohibit the protocol on all other PC.


Ports

Servers make their services available over specific ports. For example, the FTP port of a server might be port 81 while the web server is on port 80. A firewall might be set up to block access to port 81 and that makes it inaccessible for any other machine both inside and outside the internal network to access FTP services.Network administrators generally have the option of adding or removing to/from the firewall filters ports that are blocked from access.

Conclusion

It is necessary to ensure that computers are secured by using firewalls at all times. The question becomes, which is the best firewall, hardware or software. The answer is both; the safest option is to have both running. Hardware firewalls are costly but secure more computers; it is best to buy hardware firewalls that can accommodate all the computers in the organization (Rmay, 2014). All servers need to be secured using firewalls and if possible, they may be redundant. This assures of protection of vital services and files of an organization. Software firewalls on user computers should be configured as per their needs.

Comments

    0 of 8192 characters used
    Post Comment

    • vsajewel profile image

      vsajewel 5 months ago

      This article is excellent and so helpful...thank you!

      I have a few posts in HubPages but write primarily for my own websites which strive to provide helpful information on a variety of topics. My main theme is writing about security aspects of mobile devices...primarily Apple or ios devices.

      I'm so happy I have a few posts here and thought to search for firewall information within HubPages versus Google, or I never would have found this! I wish I understood HubPages better, and how you could get better Google recognition, because the information you've included here is really hard to find just using Google.

      I've searched for a week for something like this, and all I've found is marketing literature written by hardware firewall makers or highly technical content written for network gurus with far greater understanding than myself.

      Currently I'm in the process of upgrading our home firewall hardware and there are so many alternatives available today, the only way to effectively analyze and compare them is by understanding their published specs. But I haven't beeen able to find anything that explains what these specs really mean. For example, one confusing aspect for me is what the difference is between deep packet inspection and stateful packet inspection is...since 2 of the firewalls I'm considering each focus on one of these.

      I'm so appreciative of you taking the time to explain pretty much every single thing that was confusing to me! I'll be sharing your post with my husband and ultimately will include it in an article I'm writing for my website introducing the concept of hardware firewalls for home and small business networks.

      If I could make a few suggestions they would be to recast this information to include those applications of firewalls too...rather than just limiting you discussion to intranets. That may explain why I didn't come across this with Google searchs. The other would be just fixing a few small typos or grammatical errors...these are minor...but I think it would really polish your piece.

      Thank you for writing this...it's extremely unique, very well written and provides really helpful information which should be reaching a much larger audience! I wish I could help you in that regard, but HubPages inner workings, and how they decide what's important is something that continues to elude me. It's just one of many reasons I decided to strike out on my own instead :-)

      In just a few minutes of my time you've managed to educate me with information I was unable to find anywhere else!

      I'd love to share my final article on firewalls with you when it's finished, but don't know a good way to do that since we can't include links in comments. Maybe I should write a Hub linking to it? I've been working on it for a couple of days and I don't want to publish it on HubPages because I'm continually frustrated by what appears to me to be nonsensical editing actions which hurt my content.