Firewalls are one of the most basic security measures that you must have in place to protect your systems. We’ve gathered some of the most frequently asked questions regarding firewalls here and invited our expert, David M. Davis, to answer them and provide some additional resources.
The FAQ list will be constantly evolving, so you’re invited to send us other questions you may have. Just e-mail them to us or post them in the discussion area at the end of this FAQ article.
Table of Contents
In its most basic terms, a firewall is a system designed to control access between two networks.
There are many different kinds of firewalls—packet filters, application gateways, or proxy servers. These firewalls can be delivered in the form of software that runs on an operating system, like Windows or Linux. Or, these firewalls could be dedicated hardware devices that were designed solely as firewalls.
This TechRepublic article explains the evolution, and differences, between these types of firewalls: “Understand the Evolution of Firewalls.” For more information, see “Members answer members’ firewall questions .”
Why would you want a firewall?
Firewalls will protect your network from unwanted traffic. Many times, the unwanted traffic is harmful traffic from hackers trying to exploit your network. You want a firewall to protect your network, just as you want locks on your door and windows at your home.
A proxy server is a form of a firewall. In legal terms, a proxy is someone who goes and performs some action on your behalf. A proxy server performs network transactions on your behalf. The most common use for this is a Web-proxy server. A Web-proxy will take requests from users’ Web browsers, get the Web pages from the Internet, and return them to the user’s browser. Many times, a proxy server also performs authentication to see who is requesting the Web pages and also logs the pages that are requested and the user they are from.
NAT is Network Address Translation. NAT is usually used to translate from real/global/public Internet addresses to inside/local/private addresses. These private addresses are usually RFC1918 IP addresses (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16).
NAT provides some security for your network as you do not have a real Internet IP address and your network, usually, cannot be accessed from the Internet without some outbound connection first being created from your private/inside network.
However, you still need a firewall to protect your network as NAT only hides your network but doesn’t really stop any packets from entering your network.
No, in general, firewalls do not stop viruses, Trojans, adware, or spyware. Firewalls, usually, only protect your network from inbound traffic from an outside (Internet) network. You still need antivirus software, anti-adware and anti-spyware software applications to protect your system when it does go out on the Internet.
Just like any security system, a firewall should, periodically, be tested. To test a firewall, you could have a professional security-consulting company do a security vulnerability scan. However, this is usually something you can do yourself. To do this, you could use a port-scanner or a more advanced tool like a vulnerability assessment tool (such as Retina, Saint, or ISS).
The different types of firewalls are:
Packet filter – A packet filter looks at each packet entering the network and, based on its policies, permits or denies these packets. A Cisco IOS Access Control List (ACL) is a basic firewall that works in this way.
Stateful packet filter – A stateful packet filter also has rules; however, it keeps track of the TCP connection state so it is able to monitor the “conversations” as they happen on the network. It knows the normal flow of the conversations and knows when the conversations are over. Thus, it more intelligently is able to permit and deny packets entering the network. Because of this, a stateful packet filter (stateful firewall) is much more secure than a regular packet filter.
Application gateway – An application gateway is a system that works for certain applications only. It knows the “language” that that application/protocol uses and it monitors all communications. An example would be a SMTP gateway.
Proxy Server – A proxy server performs network transactions on your behalf. The most common use for this is a Web-proxy server. A Web-proxy will take requests from users’ Web browsers, get the Web pages from the Internet, and return them to the user’s browser.
Virtual Private Networks (VPN) are used to encrypt traffic from a private network and send it over a public network. Typically, this is used to protect sensitive traffic as it goes over the Internet. Many times, you will have a VPN encryption device combined with a firewall as the private network traffic that is being encrypted also needs to be protected from hackers on the public network.
No, you do not necessarily have a DMZ if you have a firewall. A DMZ is a network that is semi-protected (not on the public network but also not on the fully-protected private network). Many hardware firewalls create a DMZ for public mail servers and Web servers. Most small networks or homes do not have DMZ networks. Most medium-to-large corporate networks would have a DMZ.
An Intrusion Detection System (IDS) monitors for harmful traffic and alerts you when it enters your network. This is much like a burglar alarm.
An Intrusion Prevention System (IPS) goes farther and prevents the harmful traffic from entering your network.
IDS/IPS systems recognize more that just Layer 3 or Layer 4 traffic. They fully understand how hackers use traffic to exploit networks and detect or prevent that harmful traffic on your network.
Today, many IDS/IPS systems are integrated with firewalls and routers.
A Denial of Service (DoS) attack is something that renders servers, routers, or networks incapable of responding to network requests in a timely manner.
Firewalls can protect your network and its servers from being barraged by DoS traffic and allow them to respond to legitimate requests, thus, allowing your company to continue its business over the network.
As there are many different types of firewalls, there are also many different types of firewall interfaces. You could have a command line interface (CLI), a Web-based interface, or some other proprietary program that is used to configure the firewall.
For example, with Cisco PIX firewalls, you can configure them with the CLI interface (called PixOs), or the PIX Device Manager (PDM), a Java-based interface that works with a Web browser.
The size of the firewall you choose is usually based on the volume of traffic your network links receive or the bandwidth of your network links. You also must take into consideration other things for which you might be using the firewall, such as VPN, IDS, and logging.
Firewalls, today, are offering more and more features built into the firewall. Some of them are: intrusion prevention, hardware-based acceleration, and greater recognition of applications (moving up the OSI model towards layer 7).
There are a wide variety of firewalls available today. Perhaps the most basic firewall is the personal PC firewall, such as that built into Windows XP. Next come more advanced PC software firewalls, like ZoneAlarm Pro or BlackICE. There are midrange firewall solutions like Microsoft ISA or hardware firewalls. Next on the scale are large Cisco PIX or Checkpoint firewalls used for large businesses or Internet Service Providers.
You may also choose to create your own firewall, for next to nothing, using Linux and a PC with two NIC cards.
Copyright ©2004 CNET Networks, Inc. All rights reserved. To see more downloads and get your free TechRepublic membership, please visit http://techrepublic.com