What is a firewall
What is a firewall? I'm not talking about firewalls that you find in the building sector, I'm talking about computer firewalls.
We live in the digital age where everything from personal information to financial information is kept somewhere on a computer or database.
Some of this information is very sensitive. You don't want just anybody to be able to access a computer and change records on it.
So, how do we protect your computers? We use a device called a firewall. Great, but what is a firewall. A firewall is basically software that runs on top of a hardware device. The software is based on rules that allows or rejects access to a computer network. What is a firewall
It's difficult to explain whether a firewall is software or hardware, it's actually both. It consists of software for the rules, and hardware for the physical network connections to the network.
When you open a connection from one system to another, you connect using a port number. This is needed for the server system to open a connection with you. Once this connection is established through the port, then the server and your system can start to "talk" to each other. They start to transfer information.
This port connection is very important and all TCP based systems work like this. There are different port numbers for the different services. Here's a short list of the most common ports and services you get:
HTTP port 80
HTTPS port 443
telnet port 23
ftp port 20/21
ssh port 22
smtp port 25
So, every service has a port that you connect to on the other system based on what you would like to do. These are default port numbers.
When you connect to the server, your internet protocol address or ip address and the port you want to connect to is in the header of a packet. The server uses this information to then open the port and you get sent a number as well.
The server and the client then communicate via these ports. So, what does this have to do with a firewall? Well, a lot actually.
You can open and close these ports on a firewall. Let's say the telnet port 23 is closed on the firewall. This means that anybody that tries to connect using telnet will be rejected.
Telnet is an unsecured protocol in that all the information that you type with this tool, can be seen by people snooping on the network. For example, if you type in your username and password, bad people that snoop the network can see this information. Telnet information is sent over the network as normal text.
You can also use telnet to gain access directly to the servers command line interface or cli. This is bad cause people can do all kinds of damage on this level. Large organizations don't want this. They want their servers protected the best they can.
telnet port 23 is usually closed on firewalls in big financial institutions. Internally it might be open but definitely not for external traffic.
Below is a diagram of a simple firewall setup. Let's discuss a couple of scenarios on what could happen here.What is a firewall Rules
Firewalls have more than one network interfaces. The one interface is connected to the WAN or Wide Area Network, and the other to the internal network of the company or organization. Well, there's actually more to it than this, but I want to keep things simple here.
In the above diagram we have three clients on the external side of the firewall and a server on the internal or company side. The clients would then connect to the server but the firewall first need to check what is allowed and what's not.
Let's have a look at the rules. What is a firewall rule?. Firewalls have inbound and outbound rules. Inbound means into the firewall and outbound means from the company network to the outside world. I will only talk about the inbound rules. The outbound rules are handled the same.
Rules 1 and 2 says that all HTTP and HTTPS traffic is allowed. That's because ports 80 and 443 are open.
Rules 3 says that the ssh port 22 is open for a specific IP address, 126.96.36.199. Rule 4 closes all other ssh traffic.
Rule 5 and 6 says that users are not allowed to telnet or ftp to this site.
What does this mean?
Any of the clients, A, B or C can use a browser and open a HTTP or HTTPS connection to the server, if it's a webserver, of course. Rules 1 and 2 allows HTTP and HTTPS traffic. The ports are open.
Clients B and C cannot connect to the server using ssh, but client A can. If you look at client A's IP address it's.188.8.131.52. The firewall will allow ssh connection from a host if it's IP is 184.108.40.206. For all others it's denied.
Why would this rule be there? The company might have an administrator that works from home, and he might need access to the system to do maintenance on it.
Although this looks fairly secure, it's not really. This rule says that anyone with IP 220.127.116.11 can connect via ssh to this site. Bad people can change their IP's to this one and hack the system. These days people use VPN's or Virtual Private Networks to connect remotely to sites. It's like a secure tunnel from the client to the server.
None of the clients would be able to telnet or ftp to the server, cause rules 5 and 6 denies this.
This is a very simple example of how a firewall might be setup. Large companies probably have lot's of firewalls with hundreds of rules for incoming and outgoing traffic. It's a very specialized job and there are experts that spend their whole life on this. Security is big business, and people are being paid handsomely if they know their stuff.
What do firewalls look like?
They are usually boring black boxes somewhere in a datacenter. Just joking, below is a picture of a typical firewall device.What is a firewall cisco ASA
There are lot's of companies that produce these firewalls from big system to small businesses. Most OS vendors also ship a software firewall with their operating systems. Oracle Solaris 10 has a feature called IP filters built into the OS. You can then use a server with more than network interface as a firewall.
You might not know it, but Windows also ships with a firewall. All of this just to protect our systems. Looks like there's a lot of bad people out there.What is a firewall Windows 7 Click on image to enlarge (Opens in new Window)
The windows firewall gives you basic security on your PC. Be careful before you disable this feature. Hackers are very clever and will destroy our OS just for fun. Be ware.
I hope you have a better understanding of what is a firewall. This page serves only as an introduction, but you should have a good understanding of what firewalls do.
Return from What is a firewall to What is a Computer
Return to What is my Computer