Custom Search

Cyber Security:

Firewall

In a building, a firewall is a reinforced masonry wall that is designed to prevent a fire spreading through the structure, allowing people time to escape.

In a computer network, a firewall is a barrier that blocks dangerous communications from spreading right across a network, either from the outside world into a local network, or from one part of a local network to another - allowing you time to contain the problem before too much damage is done.

Firewalls can be supplied as a:

dedicated network device

part of a network router

part of a computer’s operating system

History

The internet existed for a long time before firewalls were invented.

The first discussion of the necessary technologies took place late 1988, and came about after several attacks from organised groups of hackers and the very first malicious software.

What does a firewall do?

At their simplest, firewalls block network communications by looking at the addressing and protocol information in the data packet’s header.

As a data packet (datagram) arrives at the firewall’s interface, the addressing (usually IP) and protocol information (usually TCP or UDP) is compared to rules programmed into the firewall’s software.

These rules can be supplied by the firewall’s manufacturer, or more often they are created by an administrator or sometimes the user.

So if a packet originating from a hacker conducting a scan of your network or computer arrives at a firewall, it will inspect its addressing and protocol information and then compare this against its set of rules.

If the set of rules say that packets from an unknown address (the hacker) are to be blocked, then the firewall may either discard the packet ‘silently’ or ‘close’ the connection with the hacker.

Most firewalls store the state of connections to determine if they represent new or existing connections.

They will only allow packets belonging to a known, active connection to pass (provided the rule set allows this).

More advanced firewalls can identify the applications responsible for sending and receiving packets, allowing network managers to block applications that use excessive bandwidth – such as media players, or those widely used for distributing copyright infringing content – such as BitTorrent applications, as well as protecting from application attacks.

Personal Firewalls

A firewall that is installed as part of an operating system is called a personal firewall - most operating systems come with one of these.

This firewall is only able to protect the computer it is installed on (and any devices attached to it) from an attack, so it is called a personal firewall. It is not intended to replace a network firewall which prevents attacks from outside of the network (such as from the internet).

Personal firewalls are especially useful for people with portable computers which will inevitably be connected to a wide range of computer networks.

While we all hope and, to some extent, trust the people responsible for maintaining these networks to maintain a safe system, we cannot be sure that these networks are not compromised. The personal firewall on our own computers therefore adds a layer of protection between our personal data and a potentially untrustworthy (but useful) network.

Personal firewalls are the responsibility of individual computer users.

If you have complete access to your computer’s settings then it is entirely possible to turn off the personal firewall and leave your computer vulnerable.

Check your own computer to see how well protected it is

To do this you can visit a website that is designed to probe your computer to see what it can access and what is blocked. I got this information from the Open University - so I trust it. However, by the time you read this things may have changed - so do a check on the site before you use it.

The site you can use to do this is https://www.grc.com/shieldsup

Read the information on the opening page before proceeding.

Start with the instant UpnP Exposure test probe. The response you want to see is: THE EQUIPMENT AT THE TARGET IP ADDRESS DID NOT RESPOND TO OUR UPnP PROBES!

Next, the file sharing probe. The response you want is: Your Internet port 139 does not appear to exist! One or more ports on this system are operating in FULL STEALTH MODE! Unable to connect with NetBIOS to your computer. All attempts to get any information from your computer have FAILED.

Common ports: You want to see a green ‘Stealth’ for the status of all ports.

All service ports: you want to see a complete green ‘Stealth’ grid of all ports

Click here to learn how to configure your Firewall