Page 158 - DCAP516_COMPUTER_SECURITY
P. 158
Computer Security
Notes 13.1 Meaning of Firewall
A firewall is a dedicated appliance, or software running on another computer, which inspects
network traffic passing through it, and denies or permits passage based on a set of rules.
Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls
are frequently used to prevent unauthorized Internet users from accessing private networks
connected to the Internet, especially intranets. All messages entering or leaving the intranet
pass through the firewall, which examines each message and blocks those that do not meet the
specified security criteria.
Basically, a firewall is a barrier to keep destructive forces away from your property. In fact,
that’s why it’s called a firewall. Its job is similar to a physical firewall that keeps a fire from
spreading from one area to the next.
A firewall is simply a program or hardware device that filters the information coming through
the Internet connection into your private network or computer system. If an incoming packet of
information is flagged by the filters, it is not allowed through. Let’s say that you work at a
company with 500 employees. The company will therefore have hundreds of computers that all
have network cards connecting them together.
In addition, the company will have one or more connections to the Internet through something
like T1 or T3 lines. Without a firewall in place, all of those hundreds of computers are directly
accessible to anyone on the Internet. A person who knows what he or she is doing can probe
those computers, try to make FTP connections to them, try to make telnet connections to them
and so on. If one employee makes a mistake and leaves a security hole, hackers can get to the
machine and exploit the hole.
With a firewall in place, the landscape is much different. A company will place a firewall at
every connection to the Internet (for example, at every T1 line coming into the company). The
firewall can implement security rules. For example, one of the security rules inside the company
might be:
Out of the 500 computers inside this company, only one of them is permitted to receive public
FTP traffic. Allow FTP connections only to that one computer and prevent them on all others.
A company can set up rules like this for FTP servers, Web servers, Telnet servers and so on. In
addition, the company can control how employees connect to Web sites, whether files are
allowed to leave the company over the network and so on. A firewall gives a company
tremendous control over how people use the network.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
Packet filtering: Packets (small chunks of data) are analyzed against a set of filters. Packets
that make it through the filters are sent to the requesting system and all others are discarded.
Proxy service: Information from the Internet is retrieved by the firewall and then sent to
the requesting system and vice versa.
Stateful inspection: A newer method that doesn’t examine the contents of each packet but
instead compares certain key parts of the packet to a database of trusted information.
Information traveling from inside the firewall to the outside is monitored for specific defining
characteristics, then incoming information is compared to these characteristics. If the comparison
yields a reasonable match, the information is allowed through. Otherwise it is discarded. There
are many creative ways that unscrupulous people use to access or abuse unprotected computers:
152 LOVELY PROFESSIONAL UNIVERSITY
