Free Monthly Newsletter...and much more!

5 Star Support - Free Computer Help and Technical Support

 

.
 
Google

What is a Firewall?

Posted by Dave
5 Star Support Security Specialist

04.17.06
So what is a firewall, really? And why do I need one? This question has come up many times, and there are so many incorrect answers and misconceptions that I decided maybe I could help set things straight and explain it to you. I’ll warn you from the start that this is not a short easy answer. In principle, firewalls are simple and straightforward, but the increases in attacks and the sophistication of these attacks, as well as the improved technology in this area, has made the subject a bit more complex and more difficult to understand. I promise to keep it as simple as possible. That said, let's get started.

Basically, a firewall is a barrier to keep destructive forces away from your property. In fact, that's why it is called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next. In our computer case, a firewall is actually a ‘wall’ of code that is designed to inspect everything going into, or coming from the computer it is installed in. Data is transmitted in ‘packets’ and it is the firewall’s job to examine these packets and decide whether or not they are allowed to pass through. A properly designed firewall will do this very quickly and efficiently, and will be equally effective on both incoming and outgoing traffic. Why outgoing as well? You don’t want any personal or privileged information leaving without your explicit permission, do you?

So how does a firewall actually work? All communication between computers is accomplished by exchanging the ‘packets’ we described above. They are sent from one machine to the other, whether the machines are located in the same room, or around the globe does not matter. It is important that you remember these packets are the fundamental units of information flowing through the Internet or a local network. Even though we say two computers are “connected”, what actually happens is these packets of information are sent from one computer to another. Each packet must be able to find its way from the originating machine to the intended destination, or receiving computer. To accomplish this, each packet contains a destination address and port number. Each packet must also contain the address and port number of the sending machine. The receiving computer in turn sends a packet containing its address and port number back to the sender to indicate the packet has been received. When the addresses and port numbers match, the computers agree they are connected, and the transfer or flow of packets begins.

We need to stop for a minute here and explain the addresses mentioned in the above paragraph. Every computer has what is called an IP address. The IP stands for Internet Protocol. This address is unique to every computer. IP addresses are 32-bit numbers, normally expressed as four "octets" in a "dotted decimal number." A typical IP address looks like this: 225.27.61.157. Because it is hard to remember the string of numbers that make up an IP address, and because IP addresses sometimes need to change, all servers on the Internet also have human-readable names, called domain names. For example, it is easier for most of us to remember www.whereIwanttogo.com than it is to remember 225.27.61.157.

Remember we mentioned Internet protocol? The protocol is the pre-defined way that someone who wants to use a service talks with that service. The "someone" could be a person, but more often it is a computer program like a Web browser. Protocols are often text, and simply describe how the client and server will have their conversation. Here are the most common protocols you will encounter in regular computer use:

IP (Internet Protocol) - the main delivery system for information over the Internet
TCP (Transmission Control Protocol) - used to break apart and rebuild information that travels over the Internet
HTTP (Hyper Text Transfer Protocol) - used for Web pages
FTP (File Transfer Protocol) - used to download and upload files
UDP (User Datagram Protocol) - used for information that requires no response, such as streaming audio and video
ICMP (Internet Control Message Protocol) - used by a router to exchange the information with other routers
SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-mail)
SNMP (Simple Network Management Protocol) - used to collect system information from a remote computer
Telnet - used to perform commands on a remote computer

We also mentioned ports. There are actually thousands of ports on every computer. Each port is assigned a number, and each port number corresponds to a specific service communication. Any server machine makes its services available to the Internet using numbered ports, one for each service that is available on the server. For example, if a server machine is running a Web (HTTP) server and an FTP server, the Web server would typically be available on port 80, and the FTP server would be available on port 21.
Now to put it together, you know each packet contains the specific IP address and port number of the originating computer, as well as the specific IP address and port number of the intended destination computer, with the port numbers being determined by the type of communication and information being sent.

To use this information, a firewall is programmed to recognize all the ports and protocols in use today. It then determines whether or not to let the packets through, or drop them. This is done in accordance with a set of rules called filters that are also programmed into the software. Packets that make it through the filters are sent to the requesting system and all others are discarded. Once you understand this concept, the actual operation of a firewall becomes pretty simple. A firewall can help protect you from a whole lot of problems regularly encountered on the Internet. Some of them are listed below:

  • Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer.
  • Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.
  • SMTP session hijacking - SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. This is done quite often by redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace.
  • Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of.
  • Denial of service - You have probably heard this phrase used in news reports on the attacks on major Web sites. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.
  • E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages.
  • Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.
  • Viruses - Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data.
  • Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Spam can be dangerous though. Quite often it contains links to Web sites. Be careful of clicking on these because you may accidentally accept a cookie that provides a backdoor to your computer.
  • Redirect bombs - Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up.
  • Source routing - In most cases, the path a packet travels over the Internet (or any other network) is determined by the routers along that path. But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default.

Now, what about other information sneaking in while having this nice conversation between two computers. Couldn’t another computer join the conversation without your knowledge? Without a firewall in place, yes it can, and it happens all the time. This is how computers without firewall protection can and are attacked literally in minutes when connected to the Internet. Here’s how a firewall prevents that from happening. When you surf the web you need to connect to web servers that might have any IP address. You wouldn't want all those to be blocked just because you want to block everyone from getting into your machine. It turns out that this is easy for a firewall too. Since each end of an Internet connection is always acknowledging the other end's data, every packet that flows between the two machines has a bit set in it called the "ACK" bit. This bit says that the packet is acknowledging the receipt of all previous data. But this means that only the very first packet that initiates a new connection would NOT be acknowledging any previous data from the other machine. In other words, a firewall can easily determine whether an arriving packet is initiating a new connection, or continuing an existing conversation. Packets arriving as part of an established connection would be allowed to pass through the firewall, but packets representing new connection attempts would be discarded. Thus, a firewall can permit the establishment of outbound connections while blocking any new connection attempts from the outside.

Now you hopefully have a basic knowledge and understanding of firewalls and how they work. I strongly urge you to install a good firewall on any computer that will be networked in any way, or connected to the Internet. With the average personal firewall being available today at prices ranging from free to around $30, you have to admit that handling all this tricky stuff for you and keeping you well protected makes a firewall both a true bargain, and a must have for your computer.

Before departing, I strongly urge you to consider one other purchase for your protection if you intend to be on the Internet. This purchase recommendation is that of a router with firewall. This is not a piece of software, but rather a hardware devise. It is connected between your modem and your computer. A router will also have an IP address. When you connect to the Internet with a router equipped with a firewall, the outward appearing IP address will be that of the router instead of your computer. With this setup, you have very good protection indeed because the Internet will be communicating with the router, and you will be communicating with the router, keeping your true IP address secure. Your ports are not directly accessible from the Internet this way either. This is not to say that with a router in place you can surf the Web with reckless abandon. Although you will still need to be careful about what you click on and what you choose to open while surfing the Web, you will have a very good extra layer of protection from direct attacks.
I hope this has increased your knowledge and helped you understand firewalls and why you absolutely need to have one. Until we meet again here at 5 Star Support.

Dave

 
 

 

 
 

   Site Map  | About 5 Star Support  | Links | Comments
    Privacy Policy  | Terms of Use  | Newsletter Archive  | Awards
Usage of this site constitutes acceptance of our Terms of Use
Copyright © 2000-2014  5 Star Support All rights reserved.