Firewalls

- A firewall is a barrier to protect destructive forces from your property, similarly a computers firewall is the same, although I prefer the idea that a firewall is a bouncer on the door of your exclusive nightclub keeping the riff raff out, and letting all your mates in. A firewall is either a program or a hardware device that filters information entering the private network or your computer system from the internet, it can also control what data goes out of the system. If an incoming packet of data is flagged by the filters it is not allowed through. If a large company is connected to the internet installing a firewall usually on their main gateway system, will protect all the computers behind this means that of course any of the other systems behind it will be protected so if a user were to accidentally enable something like an ftp server or a web server they would not be able to access, of course IP Masquerading is even better because the IP addresses are not even routable to machines not connected to the private network. Firewalls can use three methods to control traffic flowing in and out of the network.

  • Packet filtering

    • This is where each packet that enters the system is checked against the set of filters and then allowed through or discarded depending on this, so for instance a rule that prevents 10.0.1.3 from accessing machines would cause all these packets to be dropped.

  • Proxy Service
    • - this is basically where information from the internet is retrieved by the firewall and passed back to the system that requests the information, this is particularly useful where only access to webpages is required and so no gateway access is provided to these machines, this policy is adopted by a lot of companys and institutions that only require browser access for their users, but no actual IP access.

  • Stateful Inspection
    • - this is a somewhat different method, this examines the contents of each packet and compares it to a database of trusted information for instance it may accept things such as the http command GET. Information travelling out is also monitored against this database. If it does not match the database it is discarded.

    Firewall Conditions

    Firewalls of course have to have sets of rules to determine what it can and can't let in similar to my idea of a bouncer on the door of a club, hes not going to let people in who do not meet the dress code or appear to be under the age of 18 or 21. Below are some of the types of the things we can check to make these rules;

  • IP addresses

    • We can of course check the source IP of the machine making a request and discard it depending on this so for instance if we wanted to block all access to machines in the range 193.167.x.x.

  • Domain names

    • We can block by domain name as all internet IP's should have a name that they resolve to (using DNS) so for instance by blocking *.pingpong.net we block all information from machines resolving to have a name ending pingpong.net.

  • Protocols and Ports

    • This is where we allow certain services depending on what they are so for instance allowing port 80/http traffic or blocking port 21 ftp traffic, you can of course only allow this traffic to a particular set of machines but prevent it to the rest of the machines. We prevent access to specific ports this overlaps with the protocols idea as most protocols use specific ports, so for instance blocking port 23 would prevent telnet access.