Ever since the idea for networking computers together came to be, transferring data directly between computers (as opposed to a sneaker-net) posed a lot of problems, including security breaches. A very simple explanation would be to associate the notion of a firewall with a gate keeper or a club bouncer. A firewall is essentially a piece of software that scans incoming and outgoing traffic (data packets) for tell-tale signs of malevolent actions.
Before allowing another computer to connect to yours (or the opposite), the firewall compares different information it has about the type of communication (e.g. protocol, network/application layer, source IP) being received and compares it to a list of rules it has in its programming. If the rules are met, the communication continues and the transfer between the two computer occurs. Both computers need to accept each others transmissions for an exchange to occur.
There are types of rule enforcement depending on the level at which the firewall operates. Higher level firewalls are more secure and flexible but have a downside of using more CPU cycles and slowing down traffic considerably.
The first type is the packet filter. This method only looks at individual packets of data, and analyses their header information. This type of filtering only works effectively for TCP and UDP traffic, which use standard ports. The second type recognizes types of applications, and can detect abusive use of protocols or protocols sneaked on non-standard ports. The third type is called “stateful packet inspection” and can distinguish series of packets. A packet can be a new connection request, part of an existing connection or an invalid packet. DDoS exploits are more manageable using stateful packet inspection.
Firewalls are widely used on the internet, because different levels of trust exist between networks. For example, you might set the firewall in your home router to block WAN traffic to your network shares. You would want to do this because it protects the files you share on you home network from being discovered and viewed on the wide area network (WAN), most commonly represented by the local ISP network hub. The golden rule of firewalls is that “nothing bad comes in, nothing private goes out”.
Most SOHO (small office home office) firewalls have graphical interfaces and are fairly easy to configure. However, most of them are never customised to the particular requirements of the network and rely on the default rulesets. Hackers exploit this oversight, by probing for vulnerabilities in the ruleset or programming. Firewalls are present in all major operating systems (Windows, Mac, Linux) by default. A large proportion of networking equipment also integrates some sort of firewall software, most notably routers. For more important assets, external “hardware firewalls” can provide better security and reduce the performance loss by using dedicated memory and processing power.
More articles about: