You probably don’t realize it, but even your home cable or DSL router uses a firewall. Firewalls are one of the most integral parts of security for any network. Whether you have a small or large network, you need a firewall. Firewalls can be software such as the Windows firewall for the operating system or hardware such as filtering set on a router. To better secure your network, it’s best to understand the functionality of a firewall in networking and computing.
What Does a Firewall Do?
Firewalls and security are a technical topic that even some experts have a hard time grasping. That doesn’t mean you can’t work with a firewall as a user and understand security basics. Firewalls and antivirus work hand-in-hand to protect your computer and other computers on the network. Antivirus detects any malware running on the computer, and a firewall blocks malicious connections.
To understand the importance of a firewall, consider your internal network and the trust between each computer. You probably have little security between computers if it’s a home network. Enterprise networks have more security between machines, but there is still some innate trust that each computer on the network will not attempt to hack the other. But can you say the same for any computer on the Internet? Of course not, so a firewall blocks any incoming requests from the Internet to your internal network. You probably don’t want any random person browsing your network, so you block them with a router firewall.
Firewalls aren’t useful for just incoming requests. Viruses and other types of malware sometimes attempt to connect to the Internet to send private data from your computer to the hacker’s private web server. Hackers steal passwords, financial information and other data to sell on the black market. Instead of gaining access to your computer, the hacker writes software that you install and this software uploads data to the hacker’s server. If your antivirus does not detect the software as malicious, your next level of protection is the firewall application. Your computers firewall detects that an application is attempting to access the Internet and sends you an alert. You then have the option to allow the connection (if the application is legit) or deny it. If you deny it, then you know that malicious software could be an issue on your computer.
How Does a Firewall Work?
Routers and firewalls use several methods to block unwanted traffic. The first one is packet filtering. Every message you send back and forth from your computer to the Internet uses packets. The message is segmented into a certain number of packets, and each packet is packaged with certain information including the destination and source IP, the destination and source port, the number that indicates the sequence for the packet for the destination computer to put the entire message back together and the data.
Packet filtering reviews these packets for any identifiable malicious content. Mainly, a packet filtering technique looks at the port. Most common applications use a specific port. For instance, websites run on port 80, outgoing SMTP email uses port 25 and DNS requests work on port 53. When you use a standard router, the firewall block all incoming traffic based on packet analysis unless you allow a specific port to forward to a specific server. For instance, if you run a web server, you then use the router’s port forwarding capabilities to send the packets to the web server. With incoming traffic, you want to white list any traffic. In other words, block all traffic except any traffic on a specific list. In this case, port 80 is allowed so port 80 requests are sent to the web server.
Sometimes, you want traffic to enter the network such as a VPN or private network with connections over the Internet. In this case, you can use a firewall as a proxy. Proxy servers let you connect to the server and then your messages are forwarded to the intended recipient. The recipient then uses the same proxy server to send you a return message. The security in this technique is that the recipient and sender never see the technical detail such as local IP addresses. When you allow transfer of data from one computer to another over the Internet, the source IP and port are included in the packet. When you use a firewall proxy, that information is eliminated from the packet and the proxy’s IP address is shown instead. The result is that an attacker does not see the internal computers local IP address, which is one piece of information needed to send a calculated attack to a specific server on a corporate network.
The final common firewall technique is stateful inspection or “dynamic packet filtering.” This is a newer technology that is slowly replacing the old static packet filtering described previously. With static filtering, only header information is analyzed. With stateful inspection, the packets are analyzed down to the application layer, which means more of the actual data is reviewed. Packets are compared with outgoing packets from the source internal computer. If packet information matches the data from outgoing packets, the firewall generally lets the packets flow. If a reply doesn’t match the intended request from the source computer, the firewall then drops the packet and rejects the connection.
Port forwarding is a technique used to allow traffic to enter the internal network. Normally, you have a “demilitarized zone” or a “DMZ” in the network. The DMZ is a group of computers that are accessible from the Internet and the internal network. However, the internal network is still segmented using a secondary firewall from the DMZ and Internet traffic.
You use port forwarding on the router between the DMZ and the Internet. Port forwarding lets certain traffic through using a white list mentioned in this article’s static packet filtering section. The most common port forward is port 80, which is a web server port. When users want to browse your website, they enter your URL into a browser. A DNS lookup is done and then the IP request is sent to your web server. By default, users would never reach your web server, because the firewall on the network will reject the packets. However, when you have port forwarding set up on your router, the router identifies the request and sends the user’s browser request to the web server. A connection is made and then the user can freely browse your web pages.
Port forwarding is common for several types of applications. You can also use it for personal reasons. For instance, you can port forward to a gaming server and play games on your own network with friends or host a server with an application that you created. However, when you open ports, remember that you are opening up traffic from the Internet to your internal network. When you do this, it makes your internal network a little more vulnerable to attacks. For this reason, always make sure that you have antivirus running on your machines and add security to any shared folders. This doesn’t guarantee you won’t be hacked, but it will improve your chances of protection against any rogue packet requests.
Common Firewall Software to Protect Your Network
Now that you know how firewalls work, you probably want to enable one on your computer. Again, if you have a personal or office network, you have firewall capabilities on the router. If you use port forwarding or want to defend against outgoing malicious requests, you would then want to run a personal firewall on your computer.
Windows has an internal firewall installed. Windows personal firewall was introduced in Windows XP. Windows also has internal antivirus software. Definition files are updated every time you run the Windows Update program. This makes the Windows firewall and antivirus software very effective. You can access the Windows firewall software using the Control Panel. It’s turned on by default, but some users turn it off since it interferes with some applications and network connectivity. For instance, you might have issues accessing shared folders if the Windows firewall is turned on.
Another common personal firewall application is ZoneAlarm. This software has been around for ages, and it lets you block incoming requests as well as outgoing. It’s a little more versatile than the default Windows firewall.
Other common firewall applications include PC Tools, Comodo, Ashampoor and Online Armor. Each service comes with its own cost and advantages and disadvantages.
If you’re new to computer networking, you’ll need to know how to work with a firewall at some point. Whether it’s to protect your personal computers or you want a job in networking, understanding firewall basics are a requirement to protect the network. Udemy has several classes to get you started even if you’re new to the industry. You can even learn how to build a computer from scratch to understand how hardware works.