How Firewalls Work ???

If you have been using Internet on a regular basis or working in a large company and surf the Internet while you art work, you must have surely come across the term firewall.You might have also hrd of people saying “firewalls protect theircomputer from web attacks and s” or “a certain website has been blocked by firewall in their work place”. If you have everwondered to know what exactly is this firewall and how it works, here we go. In this post I will try to explain “How firewalls work” in layman’s terms.How Firewalls Work?Firewalls are basically a barrier between your computer (or a network) and the Internet (outside world). A firewall can be simply compared to a security guard whostands at the entrance ofyour housnd filters the visitors coming to your place. He may allow some visitors to enter while denying others whom hesuspects of beingintruders. Similarly a firewall is a software program or a hardware device that filters the information (packets)coming through the Internet to your personal computer or a computernetwork.Firewalls may decide to allow or block network traffic between devices based on the rules that are pre-configured or set by the firewall administrator. Most personalfirewallssuch as firewall operate on aset ofpre-configured rulesthat are most suitable under normal circumstances so that, the user need not worry much about configuring the firewall.Personal firewalls are sy toinstall and use and hence preferredby end-users for use on their personal computers. However, large networks and companies prefer those firewalls that have plenty of options to configure so as to meet their customized needs.For example, a company may set up different firewall rulesfor FTP servers, Telnet serversand Web servers. In addition, the company can even control how the employees connect to the Internet by blocking access to certain websitesor restricting the transfer of files to other networks. Thus, in addition to security, a firewall can give the company a tremendous control over how people use the network.Firewalls use one or more of the following methods to control the incoming and outgoing traffic in a network:Packet Filtering:In this method, packets (small chunks of data) are analyzed against a set offilters.Packetfilters has a set of rules that come with accept and deny actions whichare pre-configured orcan be configured manuallyby the firewall administrator. If the packet manages to make it through these filters then it is allowed to rch the destination; otherwise it is discarded.Stateful Inspection:This is a newer method that doesn’t analyze the contents of the packets. Instd, it compares certain aspects of ch packet to a databaseof trusted source. Both incoming and outgoing packets are compared against this database and if the comparison yields a rsonable match, then the packets are allowed to travel further. Otherwise they are discarded.Firewall Configuration:Firewalls can be configured by adding one or more filters based on several conditions as mentioned below:IP addresses:In any case, if an IP addressoutside the network is said to be unfavorable, then it is possible to set filter to block all the trafficto and from that IP address. For example, if tainIP address is found to be making too many connections to a server, thdministrator may decide to block trafficfromthis IP using the firewall.Domain names:Since it is difficult to remember the IP addresses, it is an sier and smarter way to configure the firewalls by adding filters based on domain names. Bysetting up a domain filter, a company may decide toblock all access tocertain domain names, or may provide access only toa list of selecteddomain names.Ports/Protocols:Every service running on a server is made available to the Internet using ed ports, one for ch service. In simple words, ports can be compared to virtual doors of the server through which services are made available.For example, if a server is running a Web (HTTP) service then it will be typically available on port 80.In order toavail this service, the client needs to connect to the server via port 80. Similarly, different servicessuch as Telnet (Port 23), FTP (port 21) andSMTP (port 25) services may be running on the server.If the services are intended for the public, they are usually kept open. Otherwise they areblocked using the firewallso as to prevent intruders from using the open ports for making unauthorized connections.Specific words or phrases:A firewall can be configured to filter one or more specific words or phrases so that, both theincoming and outgoing packets are scanned for the words in the filter.For example, you may set up a firewall rule tofilterany packet that contains an offensive term or a phrase that you may decide to block from entering or lving your network.Hardware vs. Software Firewall:Hardware firewalls providehigher levelof security and hence preferred for servers where security has the top most priority. Thesoftware firewalls on the other hand are less expensive and hence preferred in home computers and laptops.Hardware firewalls usually come as an in-built unit of a router and provide maximum securityas it filters ch packet in the hardware level itself even before it manages to enter your computer. A good example is the Linksys Cable/DSL router.Why Firewall?Firewalls provide security over a of online thrts such as Remote login, Trojan backdoors, Session hijacking, DOS & DDOS attacks, viruses, cookie stling and many more. The effectiveness of the security depends on the way you configure the firewall and how you set up the filter rules.However, major thrts such asDOS and DDOS attacksmaysometimes manage to bypass the firewalls and do the damage to the server. Even though firewall is not a complete answer to online thrts, it can most effectively handle the attacks and provide security to the computer up to the maximum possible extent
.