All those who have Windows XP/Vista/7 installed in their machine, would have seen the adjoining icon. This is the icon of FIREWALL. We all listen thisterm quite often, but actually what is Firewall? Is it hardware or software? Do we need it in personal computer/laptop or is it only needed in organizations? Is it different from anti-virus? So let us have a closer and deeper look at this very essential needed thing.
BUSTING THE MYTHS
First of all we need to have an open mind and clear certain myths we have regarding Firewall.
Myth 1: Firewall is software
Answer: No, it can be software as well as hardware. In large business organizations the functionality is met by hardware and software Firewall. But in small scale organizations or Personal computers/laptops software solves the functionality.
Myth 2: Personal Computers/Laptops don’t need Firewall
Answer: If you are connected to a network, it might be local or internet; then you definitely need a firewall. What is need of the firewall will be discussed later.
Myth 3: Antivirus and firewall are same
Answer: The answer is BIG NO. They both are entirely different thing. Firewall is for protection from threats from network, whereas anti-virus works against virus on the local machine where it is installed by scanning everything which is installed or running. But these days firewall is integrated inside Antivirus (these days antivirus provides real time scanning which solve purpose of firewall as well), so the need of having a firewall separately on personal computer/laptop is optional. But in organizations they are quite essential. We will explore it further later.
Basics of Firewall
Before taking a leap into world of firewall, we need to have little knowledge about network.
Whenever a person clicks on a link or a website then he or she asks the server associated with the website to send the data to his or her computer. In a organization there is router whose task is traffic directing. In simple terms whenever a computer asks for resources from a network, router looks at the address and sends the needed data. The data might be from internet or from local network of the organization. If data/resources are needed from internet it goes to modem (modulator demodulator). For sake of simplicity just consider that modem is a device needed to transmit and receive the digital data easily. This modem then connects to internet or any other network (which is not local to system) and fetches the data needed and sends back. It should be noted that we have considered that data is needed by system, it might be the case that data is sent by system example attachment in mail or uploaded file.
We also need to understand one more thing. How router/modem does knows that from where data should be fetched/sent. There needs to be some kind of address. And that is defined by IP address and port number. IP address is the address of the machine on internet; this means all the machines connected to internet have IP address which is their address. A server has a static address. The port number is 16 bit binary number (hence range is 0-65535) and is part of addressing information. They are type of doors and they are divided into:
· Well Known ports. (0-1024; example 20 for FTP data, 80 for HTTP)
· Registered Ports. ( 1024-49151; can be used for proprietary server processors or client process)
· Dynamic Ports/Ephemeral ports( 49152-65535; can be frequently used, are used by clients temporarily)
So consider an example that if a machine is running FTP server then most probably it will be on port 20. So if any client wants to connect to it then it will do so at specific IP address and on a port.
So now we have learnt how connection is established and how data is sent or fetched from a network, we can now understand the concept of firewall.
A firewall is a hardware device or software that lies between computer and a network and its task is to analyze the data entering the exiting the network based on the configuration (set of rules defined to firewall). A firewall acts as a barrier between the computer and Big Bad World.
In simpler terms consider that internet ports are doors, just like the door to houses; and the data needed to be present in a house. So now we can say that there are 65535 doors in the world of internet. Suppose a user wants to download a song say iloveu.mp3. A website has a link which says that the song is at present at this link. The link is just like signboard on a road telling the direction of the house we are looking for.
Now when a user clicks on a link then it means it knocks on the door of the house. A user doesn’t know what is beside the door. It might be house of iloveu.mp3 or it might be house of virus with nameplate of iloveu.mp3. So the firewall job is to check the rules defined and see if the data from that house/door is allowed or not permitted to enter the system. So if not permitted then firewall job is to block the door; that is it will lock the door to that link and will not allow the process.
This is just one the task performed by firewall. In business organizations firewall is not only used to prevent intrusions by a hacker/virus/ malware but also to restrict the members of the organization from accessing the unwanted websites. For example if I want that people of my company should not be able to use torrents (obviously because it will burden the network) or facebook (nobody pays for doing facebook) then I will define certain rules in firewall which will prevent the users from accessing the restricted sites.
How Firewall works
WHAT HAPPENS BEHIND THE SCENES?
Now we understand what is the role of firewall, but how does is work. So let us find the missing piece.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
Packet Filtering: Whenever data is sent through internet then it is first broken into small chunks known as packets, then this packet is sent. Every packet is having a header which contains the information associated with packet eg. Its source and destination etc. We know in firewall (whether hardware or software) the super-user defines some rules/guidelines which should be followed. So whenever the packet enters or leaves the filter checks whether it meets the rules defined. If it meets then it passes otherwise deny it the permission.
Proxy Service: One can think of this as a intermediate stage between the network and computer. They are specialized application or programs (servers) which run on firewall. They disallow a connection between internet/network and a computer directly. These programs take user request for services (services might be downloading, sending mail etc.) and forward them to actual server which connects to internet. They forward the request only if it meets the rules and regulations defined to firewall. So we can say they act as a Gateway to services. It should be noted that they are different from filters because they provide an additional layer which forwards request to actual server, whereas it checks the package receive or sent and not the request.
Stateful inspection: The two methods described above are being replaced by this method which increases protection and also reduces the overhead. It doesn’t examine the content of each packet (because it consumes time and also header information is can’t be the basis for verification always) but contains certain important integral parts of the packet to a database of trusted information. Whenever a request is made either for sending or receiving, information associated with the request is monitored. So when the incoming information comes, the characteristics of information associated with request are compared. If it matches it allows otherwise disallows.
So simply we can say that a firewall prevents users of a organization to access few websites (torrents, social networking etc.) and keep anonymous users away from the resources/data associated with a system connected to a network; but we still need ANTIVIRUS because at time virus may enter as an attachment from email – which might be a trusted source. So be safe and keep safe…