What is a Firewall and how do they protect your computer?

[The following information was taken from McAffe and Symantec's web site]

The Internet can be a dangerous place, with hackers using eavesdropping tools to monitor your computer, employing malicious code to initiate disabling attacks, or running remote control programs that seize control of your computer. See when someone is trying to hack your system and beat them at their own game.
Firewalls have the ability to block hackers from accessing your computer and allowing you to digitally 'fingerprint' trusted applications. Some firewalls have the unique ability to track the apparent source of an attack on a world map and obtain detailed identification information on the originating source IP address. Every time your computer is probed or attacked, with this ability, you can get detailed reports and clear follow-up options. Learn what happens to your computer and report hacker activity to conveniently assist law enforcement.

Firewalls monitor all of your ports and allows only solicited traffic into your computer. This 'filtering' is done right at the 'front door' of your system. This means that the firewall protects your computer from Internet-based attacks. Firewalls add a layer of defense to help prevent hackers from accessing your software, hardware or information in any way. Anyone using the Internet needs a firewall. If you store information on your computer, such as passwords or personal financial information, that you would not want others to see, you need a personal firewall. Firewalls provide protections against Internet hackers and vandals by preventing them from scanning or accessing information on a user's computer. Users are notified automatically when such an event is attempted. Firewalls can enable users to register these events to HackerWatch.org, and report the activity to their Internet Service Provider. For instance, McAfee's Personal Firewall Plus includes the same functionality. This Plus version incorporates the functionality of McAfee's Visual Trace technology, allowing users to trace an event to its apparent origin. This means that users will be able to trace the source of hack attempts and provide more information in reporting events.

McAfee, Symantec and PC-Cillin all have firewall protection software for you to download or purchase retail.

Introduction to Firewalls:
Overview of what is a firewall, the types of firewalls, and what do they do.

A firewall is a system, hardware- or software-based, mounted strategically at the edge of, or inside of, private or closed networks. It prevents unauthorized access into those networks or segments of those networks. This is why they are called perimeter defense mechanisms or security gateways. There are also desktop firewalls that function to protect an individual computer from malicious attacks. Depending on the needs of the business, firewalls can be software, hardware, or both. A good firewall will examine all traffic coming into the protected network or segment from the Internet or external network. It provides protection by analyzing network traffic and permitting entrance based on pre-established rules. It blocks any traffic that does not meet specified, rules-based security criteria.

Firewall Types and Functions
Most commercial firewalls mix characteristics from several firewall technologies, thus creating hybrid firewalls, but the five basic types are:

  • Packet filtering
  • Stateful inspection
  • Circuit-level gateway
  • Application gateway
  • Hybrid firewall

Packet filtering is often employed on simple routers. A packet-filtering firewall examines incoming and outgoing IP packets and decides to accept or deny access based on one or both of the following:
The source or destination of the IP address
The source or destination of the TCP/UDP port numbers

Remember that packet filtering only looks at the IP packet header, not the data contained within the packet, which limits the types of security decisions that can be made.

Stateful inspection provides a higher level of security and complexity than does simple packet filtering. A firewall implementing stateful inspection examines IP headers, as well as the flags and header IP options within the packet, to verify that the packet is part of an authorized connection. In addition, these types of firewalls can provide network address translation (NAT) services.

A circuit-level gateway looks at the TCP handshaking process. It allows the creation of authorized connections, but it does not monitor data traffic over those connections. It also keeps records of active, authorized connections and allows network traffic only over those connections.

An application gateway screens packets by looking at all of the information contained within the packet, including both the IP header and data portion. This ensures that not only is the connection permitted by security rules, but that it follows the proper commands and specifications of the application protocol. In addition, the application gateway acts as an application proxy, meaning that it allows no direct connection between the host and remote computers. This kind of firewall is considered by many to offer the most security.

Hybrid firewalls combine various functions from other firewalls, most often packet inspection and proxy capabilities.

Other Critical Capabilities

Today's firewalls have capabilities far beyond the filtering, inspection, gateway, and proxy functions that enterprises expect, including authentication, management, virtual private networking, encryption, high availability and load balancing, network address translation, logging and reporting, and backup.

Authentication: Authentication identifies individuals with user names and passwords. These sign-on capabilities strengthen a company's security posture to ensure that sensitive information gets to the right people. Many of today's firewalls support authentication either in-band or as authentication proxies acting as intermediary systems between the firewall and authentication servers.

Management: Management capabilities are critical to any significant network security component because of the many different security elements that need to work together in order to deliver the best protection. Security administrators need to be able to monitor and control all activity, including security elements.
Good firewalls supply a variety of tools and utilities to manage, monitor, and work with the firewall systems and security management frameworks. These tools could include the graphical management console, event notification, log file tools, configuration reports, and packet-sniffing utilities. Some even offer remote access to the system's operating environment for troubleshooting.

Virtual Private Networks (VPNs): VPN are becoming practical ways to extend business both large and small beyond the confines of a specific place. VPNs become important as businesses pursue business alliances or need connectivity between main and satellite offices. They also provide protected access to organizational resources for telecommuters or mobile workers.

Encryption: A method of scrambling or coding information that passes across public networks, is the most effective way to ensure the security of data. Firewalls can encrypt data from an authorized user and let that information pass through the firewall onto a public network. The firewall protecting the receiving network can then inspect the message, decrypt it, and deliver it to the correct authenticated user. By using encryption, most firewalls can now act as VPN gateways, sometimes doubling as VPN servers by protecting information passed from site-to-site over the Internet. VPN client support for individual remote PCs used by telecommuters or traveling workers is also an option, depending on the type of firewall.

High availability and load balancing (HA/LB): It is important to eliminate single points of failure in the network environment. Traditionally, firewalls have been a bottleneck and a single point of failure because all Internet traffic addressed to the business needed to pass through the firewall. The traditional approach was to use a stand-by firewall however, this could be quite expensive when used only for disasters or failures. The best approach to eliminate this problem and protect today's environments is to use a high-availability, load-balanced (HA/LB) solution. High-availability, load-balanced solutions designed into firewalls allow administrators to configure specific systems, all of which are already processing traffic, as part of the larger cluster. If one firewall host in the cluster fails, the high availability mechanism simply redirects traffic to the functioning firewall, with virtually no network interruption. Load balancing will ensure all systems are facilitating network traffic to make the most of your investment.

Network address translation (NAT): Hiding the actual network topology of protected networks is important for comprehensive network security. Enterprise firewalls can hide IP addresses on the networks they protect. Security administrators should have the freedom to customize how the firewall enables address translation especially when it is necessary to hide the identity of certain inside hosts while leaving other hosts accessible by their true IP address. Firewalls can also apply address translation to clients as they pass through the firewall to gain access to data at another location.

Logging and reporting: Successful security management includes monitoring. Today's firewalls often provide utilities to view log files directly by applying filters for customized searches through the logs and securely transferring them from the firewall system to a remote processing location. Firewalls can also be configured to notify security administrators of events logged at any message level. Look for reporting tools that detail the access controls configured, code versions, and licensed features.

Backup, because they are more functional than ever, this new generation of firewalls becomes almost self-managing by making backups, offering a restore option, and managing the underlying system routes directly, often through a browser.

Software or Appliance

Firewalls deliver a wide variety of capabilities in both software and appliance forms.

Appliances feature hardware integrated with software and firmware, plus their own hardened operating system kernel. Software firewalls can be hosted on workstations or servers already in your business's network, or that are purchased for this purpose. Firewall appliances are convenient and easy to install. Usually, they are designed to plug and protect, making them operational in minutes. They ensure security more effectively, because of their design, and are often the best choice for businesses without setup security-specific IT resources, because they lower the complexity of firewall security setup as well as total cost of ownership.PC magazine lists hardware firewalls, the pros and cons of each and recommendations. Click this PDF link to view. [11_2002]

Software firewalls can be installed on multiprocessor systems that offer better scalability than single-processor appliances. Large enterprises must examine their traffic requirements to determine whether a software or appliance firewall will meet their needs based on the amount of traffic they have to manage. Software firewalls often provide many more sophisticated functions. They can also be cost-effective, because they can be installed on existing hardware. PC magazine lists software firewalls, the pros and cons of each and recommendations. Click this PDF link to view. [11_2002]

Additional information can be obtained from downloading this 13 page PDF.

<Site Map for "On the War Path Against virus creators">
<What Ports are being scanned?>