Firewall Info

 

What is a Firewall?  |  Examples of Firewalls  |  Should I use a Firewall?
What do I do if my Firewall detects an "attack"?  |  What are common "attacks" ?



What is a Firewall ?
 

A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

There are several types of firewall techniques:

  • Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
  • Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
  • Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
  • Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
  • In practice, many firewalls use two or more of these techniques in concert.

    A firewall is considered a first line of defense in protecting private information. For greater security, data can be encrypted.

     

    Back to the top of the page.


     

     

     

     

     

     

     

     

     

     

     

     

     

    Examples of Firewalls:


    Software:

    Software firewalls are programs installed on your computer that create the firewall protection at your computer as shown in the diagram below.  They function by closing specific ports (internet access points on a computer) to the outside world and only opening certain ports to allow specific traffic to pass thru, such as e-mail.

      Allowed traffic passes   Disallowed traffic is blocked.

    Some examples of software firewalls are ZoneAlarm, Tiny Personal Firewall or Norton Internet Security.

    Hardware:

    Hardware firewalls exist on another piece of hardware on your internal network.  Most often this is a router that you are using to share your internet connection across multiple computers in your house.   The diagram below shows how the hardware firewall physically sits between your computer and the internet.  Opening only certain ports in and out keeps traffic you do not want from reaching your computer(s) or network.

      Allowed traffic passes   Disallowed traffic is blocked.

    Some examples of hardware that contain firewalls are routers, such as Linksys or Netgear and can also be another computer using a software firewall with internet connection sharing.

    Back to the top of the page.


     

     

     

     

     

     

     

     

     

     

     

     

     

     

    Should I use a Firewall ?


    If you are connecting to the internet via a dial-up modem there is really no need to use a firewall.  The majority of attacks that firewalls help defend against count on the computer having the same IP address for a long period of time.  When you dial into the internet you are given a new IP address each time.  So it's very difficult for an attacker to locate your system after you log in again.  Also since you can go offline by disconnecting there is no need for a firewall to be running at those times.

    If you are using a DSL or Cable connection (otherwise known as: Always-On Connections) you may want to run a firewall.  Since these connections are "Always-On" they normally always maintain the same IP address, so they are easily found again again by potential attackers.  However serious attackers will bypass the majority normal internet users, although there are attackers who will search for your private information or just generally cause trouble.  A firewall can help cut down on these types of threats but it cannot completely stop all external threats.

    Technical Support suggests that if you would like to use a firewall to explore a hardware based firewall, as software based firewalls can actually stop your complete access to the internet (hardware firewalls can do this as well, but are less likely to cause problems.)

    Back to the top of the page.


     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    What do I do if my Firewall detects an "attack"?


    A properly designed and configured firewall will normally only report activity that appears to be an attack.  However most firewall software will also report benign internet activity as an attack as well.

    A common "attack" is when a network broadcast or packet send that is unexpected is received, such as Windows broadcasting for shared computers on the network.  The majority of these can be blocked by the ISP to reduce the network clutter, but you still may see some.

    Knowing what is an attack and what isn't is a bit technical to diagnose.  We suggest if you are using a firewall and think you are being attacked to do research first.  Search the support area of the website for the company who created your firewall or search Google for more information.  If you believe you have found a valid attack, please follow the instructions provided with your firewall on how to properly report it.

    Back to the top of the page.


     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

    What are some common "attacks"?


    As stated before not all attacks reported by your firewall are actually attacks.  The majority of the time these are simple benign internet activity that caught the firewall's attention.

    To learn more about Firewalls in general, click here.

    Back to the top of the page.