Firewalls

From iGeek
Jump to: navigation, search
Firewall1.png

What is a FireWall? In a structure or a car, the firewall is something that protects one area from another - usually in case of a fire. The firewall stops or at least slows the fire from spreading by being a physical barrier. In computers and networking it basically does the same thing, but the "fire" that it is trying to slow/stop is an intruder or security leak.

The network administrator turns on or configures this network barrier (firewall) between one network (or area of the network) and another. The firewall blocks everything, except for what it is configured to let through. This can seriously hamper intruders and increase security. To understand this better, let's get a little geeky.

Details

Firewalls.jpeg

Each time your computer connects to the Internet (or your local network) it gets an address; this address is usually an IP (Internet Protocol) address. These are those catchy four values (that each range from 0-255) that you see like; 10.0.0.1. This address is how other computers that it can talk to your computer, or know where to send things; similar to what your home address does for you personally.

Now the address lets other computers' programs talk to your computer; but your computer has many different programs (network services) running, and so do other computers. So you need not only the address of the computer, but also the address of the program or service it wants to talk to. Think of an apartment building or hotel that has different rooms; you identify the hotel address and the room sub-address; or the phone number and extension.

In Internet addressing, you identify the address of the computer and the sub-address (called the port) of the program or service. The port is usually not visible to users; but can be expressed by a colon - so 10.0.0.1:80 would be an address of 10.0.0.1 and a port of 80.

Applications or services usually reside at the same sub-address (port), and they can't easily share a port that is being used by something else. So one port equals one program/service.

Now many Operating Systems (Windows and UNIX especially), are running many, many services; lots that you probably don't even know about. And there are little security holes in many of them, or ways to "exploit" your configurations to violate your machine. Or you might even have a virus, Trojan or worm that is running as a "service" to hackers, and letting them in.

Now what a computer firewall does is basically block all the ports (services or apps), except just the ones you specify. This "locks down" your computer, and can block everything except those things that you've decided are "secure" or safe. Intruders that scan your machine for all the ports (services) will only find ports (services) that you've deemed safe, so you've made it harder for them to get things that you don't want. Furthermore, the firewall also detects and remembers (logs) those scans; so that if you want, you can try to find out who was trying to access your machine.

A firewall is only one tool that contributes to network security. And it is only as effective a tool as you are using it. If you turn on remote network access, or other services, then the firewall is pretty indiscriminate; and if others can get your password, or know an exploit (bug that lets them in) on a service that you enabled, then you're back to square one. However, by separating machines and functions, and making sure that only certain services are running on certain machines, you are helping to prevent intrusion. And by logging attempted hacks, you can at least try to find those that try to get at your data.


More on Cyber Security and threats : Hack, Crack or PhreakCrackingEaster Eggs • Firewalls • Hacking • How Secure are you?PasswordsPhreaking • Privacy • Shopping • Virus, Worms, Trojans


2002.06.02