This reports looks at what a firewall is, and how it works. It also looks at what security risks can be stopped by a firewall in a computer system.
Most people think that a firewall is where all data traffic on the internet has to go through between networks, as shown in Figure 1.1
What is a firewall?
In network security, firewall is considered a first line of defense in protecting private information. "A firewall sits at the junction point, or gateway, between the two networks, which are often a private network and a public network such as the Internet." (John V. Harrison, Hal Berghel, 2004, A Protocol Layer Survey of Network Security). It is a system designed to prevent certain access to or from another network. It has two mechanisms which are used for either blocking or permitting accesses.
Why do I need a firewall?
Nowadays, computers and the internet are becoming increasingly popular, as companies as well as the general public are using firewalls to secure their private data held in their computers.
The primary purpose of the firewall is to take a proactive and preventative measure approach to diminishing the numerous electronic security intrusions possible in today’s internet age. A firewall also provides the next level of protection by denying access to certain network services and ports based on policy and need. (Eugene H. Spafford, 2003, Cyber Terrorism: The New Asymmetric Threat).
What does the firewall protect against?
Different types of computer systems use different types of firewalls. It is important to understand the broad design perspective of a firewall – i.e. what a firewall can and cannot do, before discussing more about different types of firewall. All firewalls have some common traits and functionalities that help define what a firewall can do, so fundamentally a firewall performs the following tasks
1 – Manage a control network traffic
2 – Authenticate access
3 – Act as intermediary
4 – Protect resources
5 – Record and report on events
Objective of a firewall
A firewall must be able to manage and control the networks traffic that is allowed to access the protected network or host. It can do this by inspecting the packets and monitoring the connections that are being made, then filtering these connections based on the packet inspections results and connections that are observed.
What is packet inspection?
A packet inspection is a process where the data in the packets are intercepted and processed. This then determines whether this data should be permitted or denied in accordance to the defined access policy. A packet inspection looks at one or all of the following elements in making a filtering determination.
1 – Packet header information
2 – IP control
3 – Destination port
4 – Destination IP address
5 – Source port
6 – Source IP address
A packet inspection plays a vital role in the filtering decision. The firewall inspects every single packet.
When two TCP/IP hosts communicate with one another, they need to establish a connection with each other. There are two reasons for this connection.
1 - The two hosts can identify each other. Firewalls use this connection information to determine what kind of connection is made between the two hosts, and whether this connection is allowed by the access control policy. After this, the firewall determines whether to permit or deny the data transfer.
2 – These connections are used to define the manner how the two hosts will communicate with each other. E.g. TCP is known as a connection oriented session. These details define the structure of the connection. They are also used to determine the state of the communication between the two hosts.
This figure shows how host A connects with host B. Host B responds with host A once the connection request is received from host A. Host A then finalized connection with host B. On this stage it allows for passing...