A firewall is a system or network that is specially designed to block unauthorized access while allowing authorized communications. A firewall is a device or set of devices configured to allow, limit, encrypt, decrypt, traffic between different areas based on a set of rules and other criteria. Many of the antivirus software includes firewalls. For instance, Norton is great for trojan virus removal, but it also has other features such as a firewall, Anti-phishing protection and Privacy protection.
Firewalls can be implemented in Software or Hardware, or its a combination of both… They are very often used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially Intranets. All messages entering or leaving the intranet pass through the firewall, and the firewall examines each word and blocks those that do not meet the specified security criteria.
A properly configured firewall adds necessary protection to the network, but in no case should it be considered sufficient. The security covers more areas and levels of work and stability.
History Of Firewall
History The term “firewall / fireblock” originally meant a wall to confine a fire or potential fire hazard in a building. Firewall technology emerged in the late 1980s when the Internet was a relatively new technology in terms of its global use and connectivity.
The predecessors of the firewalls for network security were the routers used in the late 1980s, which kept the networks separate from each other.
The vision of the Internet as a relatively small community of users with compatible machines, which valued the predisposition for exchange and collaboration, ended with a series of critical Internet security violations that occurred in the late 1980s:
- Clifford Stoll, who discovered how to manipulate the German espionage system.
- Bill Cheswick, when in 1992 he installed a simple electronic jail to observe an attacker.
- In 1988, an employee of the Ames Research Center of NASA in California sent a memo by email to his colleagues saying:
“We are under attack from an Internet virus. It has reached Berkeley, UC San Diego, Lawrence Livermore, Stanford and NASA Ames.”
- The Morris worm, which spread through multiple vulnerabilities in the machines of the time. Although it was not malicious, the Morris worm was the first large-scale attack on Internet security; the network did not expect or be prepared to face its attack.
Types of Firewalls
Gateway Application Level
Gateway Application Level applies security mechanisms for specific applications, such as Telnet FTP servers. This is very effective, but it can impose a performance degradation.
Gateway Level Circuit
Gateway level circuits apply security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between hosts without further control. It allows the establishment of a session that originates from a zone of greater security towards an area of lower protection.
Network Layer or Packet Filtering Firewall
It works at the network level (level 3) of the protocol stack (TCP / IP) as an IP packet filter. At this level, filters can be made according to the different fields of the IP packets: source IP address, destination IP address, etc.
Often this type of firewall allows filtering according to transport-level fields (level 4) as the source and destination port, or data link level (level 2) as the MAC address. This is one of the main types of firewalls. It is considered quite effective and transparent but difficult to configure.
Application Layer Firewall
It works at the application level (level 7) so that the filters can be adapted to the characteristics of the protocols of this level. For example, if it is HTTP traffic, it can be filtered according to the URL you are trying to access.
A firewall at level 7 of HTTP traffic is usually called a proxy and allows computers in an organization to enter the Internet from a controlled form. A proxy effectively hides the correct network addresses.
It is a particular case of firewalls that are installed as software on a computer, filtering communications between that computer and the rest of the network. It is therefore used on a personal level.
Advantages Of A Firewall
- Set reliable perimeters.
- Protects from intrusions.- Access to specific segments of an organization’s network is only allowed from authorized machines in other parts of the organization or the Internet.
- Protection of private information.- It allows defining different levels of access to information so that in an organization, each defined user group has access only to the services and information that are strictly necessary.
- Access optimization.- Identify the elements of the internal network and optimize the communication between them is more direct.
- A firewall helps reconfigure the security parameters.
Limitations Of A Firewall
The limitations follow from the same definition of the firewall: traffic filter. Any computer attack that uses traffic accepted by the firewall (for using expressly opened TCP ports, for example) or that does not use the network, will continue to be a threat. The following list shows some of these risks:
- A firewall cannot protect against attacks whose traffic does not pass through it.
- The firewall cannot protect against threats to which it is subjected to internal attacks or negligent users. The firewall cannot defend corporate spies from copying sensitive data to physical storage media ( disks, memories, etc.) and subtracting them from the building.
- The firewall cannot protect against social engineering attacks.
- The firewall cannot protect against possible attacks to the internal network by computer viruses through files and software. The real solution is that the organization must be aware of installing antivirus software on each machine to protect itself from viruses that arrive through any storage medium or another source.
- The firewall does not protect against security failures of the services and protocols whose traffic is allowed. You have to configure correctly and take care of the security of the services that are published on the Internet.