Fire my Wall

When discussing web security and privacy, an important aspect to consider would be the systems in place to protect users from security breaches. One of the key components to safety today would be firewalls.

Firewalls are used to protected a trusted network from an untrusted one, regulating the transmission of information between the two.

Despite the fact that there are many anti-virus softwares, thee are limitations. A safer way to ensure protection would be to include a firewall in the setting up of the network. This could be in the form of your own personal network at home, or an organization network like local area network, like Local Area Networks (LAN).

Firewalls are thus important to help prevent the intrusion of unwanted or malicious software into your system. At the same time, it prevents the transmission of confidential information.

Types of Firewall
Firewalls can be a hardware, or software. Both of them work on filters based on IP Addresses, Domain Names and Ports.

Hardwares are devices like routers. Using packet filtering, the firewall will screen all data (that are transmitted in packets) with preset rules determined by the administrator. During which, it will decide if it will drop or forward the packet to the user.

Softwares are common network protection tools. These softwares usually have defined controls to allow for safe file sharing and block unsafe applications from running.

Firewall application methods
There are different operation mechanisms for firewalls – packet filtering, proxy servers and stageful inspection.

Packet Filtering is one of the earlier forms of firewall, which has explicit rules on what to do with the packets of information that passes through it, based on a list of acceptable or blocked sources and destinations, also known as an Access Control List (ACL).

Network protocols like TCP, IP and UDP carry control information which can be used to restrict access to host within the organisational network. For example, the IP packet header contains network addresses of both sender and recipient of the information packet. Rules could therefore be set to block access to particular ports from IP addresses.

However, packet filtering offers an issue, as hackers could craft packets and disguise them under well-known or established port numbers, that could fit under the ACL rules.

Proxy Service is available when devices act like the proxy, becoming the intermediary between the user and the source. Requests for information are therefore sent to the proxy firewall, which then establishes a connection with the source content, which is then transmitted to the user. The proxy acts as a buffer between the two, which also causes it to be slower than packet filtering. Proxies prevents the remote computer hosting the web page from coming into direct contact with the private networks.

Operation Mechanism of Proxy Servers. Image Source: http://dirtcheapproxies.com/Bypass_proxy.jpg

Stateful inspection does not analyse the contents in each packet. It compares key aspects of each packet to a list of trusted sources. If the content and the sources yield a reasonable match, it is transmitted to the user or host.

Operation Mechanism of Stageful Inspection & Packet Filtering. Image Source:https://cs2024.files.wordpress.com/2015/03/992d3-8-6firewall1.gif

Developments in Firewall
The current developments mostly look at next-generation firewalls(NGFW), which is able to detect and block viruses with security at application, port and protocol level. These applications will feature intrusion prevention system and application control. Using Packet Filtering, Network Address Translation, URL Blocking and VPN. Other than the intrusion prevention ability, the firewall also has increased application awareness, controlling the content flow even in web-based applications.

The ability to have application, port and protocol level control is significant for NGFW, due to the prevalence of web based applications as well as mobile phone

Other uses
Of course, other than the usual protection and regulation, firewall has also been used for other purposes, most notably, the Great Firewall of China.

References

Beal, V. (2010, June 24). The Differences and Features of Hardware and Software Firewalls. Retrieved February 27, 2015, from http://www.webopedia.com/DidYouKnow/Hardware_Software/firewall_types.asp

Blair, R., & Durai, A. (2009, May 21). Chapter 1: Types of Firewalls. Retrieved February 27, 2015, from http://www.networkworld.com/article/2255950/lan-wan/chapter-1–types-of-firewalls.html

Tyson, J. (n.d.). How Firewalls Work: Lots More Information – HowStuffWorks. Retrieved February 26, 2015, from http://computer.howstuffworks.com/firewall5.htm

Rouse, M. (n.d.). What is next-generation firewall (NGFW)? – Definition from WhatIs.com. Retrieved February 26, 2015, from http://searchsecurity.techtarget.com/definition/next-generation-firewall-NGFW

Advertisements

One thought on “Fire my Wall

  1. Considering that hackers can easily intrude one’s computer if they intend to, perhaps Firewall is not that important as it used to be back in the easier days of the Internet age. Most of our private data has been keyed into sites such as Facebook, Paypal etc. There is only so much (or little) we can do to protect our data once it has been released into the World Wide Web.

    Firewall Program Companies such as ESET/Norton hire white hats to penetrate and test the capabilities of their security systems. To me, it is a never-ending cycle of infiltrating & patching. At the moment, it doesn’t seem like there will be a solution to the “perfect” Firewall. Really curious to see how effective the NGFWs will be.

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s