Understanding the Role of a Firewall

At the most basic level, a firewall is a software program that acts as a security intermediary between your computer and a network like the Internet. The job of the firewall is to inspect all packets sent and received by your PC, and then decide whether to allow or disallow them based on its configured rules. When the firewall allows a certain type of traffic (for example, packets sent and received by an instant messaging program), communication occurs in the same manner as if no firewall were in place at all. However, if the firewall denies another type of traffic, communication attempts using that method will fail-the firewall intercepts the packets, compares them to configured rules, and then determines that the communication attempt should not be allowed, discarding the packets in the process.

Ultimately, a firewall puts you in control over which traffic is allowed to enter your PC, and which traffic is allowed to leave. In their default configuration, most firewalls allow all communication attempts originating from your PC to go on their way unencumbered-assuming that because the request came from your computer, it's good traffic and should be allowed to proceed. Conversely, almost all firewalls are configured to deny all connection attempts to your PC originating from the Internet by default-in other words, the firewall protects your computer from being connected to by Internet users unless you tell it to do otherwise. This default setup ensures that you can access the Internet in whatever way you choose, while stopping all outside users from connecting to your PC.

Although this firewall setup appears perfectly reasonable at first glance, the security risks associated with the Internet today actually make it less than optimal. In the following sections you learn more about how firewalls control inbound and outbound traffic, and why you need to carefully consider each of these traffic directions when it comes to ensuring that your firewall provides adequate security.

Inbound Filtering

Inbound filtering is the term that describes how a firewall deals with unsolicited traffic that it receives from the Internet. Unsolicited traffic is a connection attempt that does not correspond to any request that originated from your computer. In other words, if you fire up your web browser and make a request to view a certain web page, the information that the web server sends back to your system is not unsolicited-you made the request, and the web server simply replied. In the eyes of a firewall, an unsolicited connection attempt is where an Internet user or computer tries to connect to your PC without you doing a thing. A remote user attempting to connect to FTP server software installed on your PC is an example of an unsolicited request. In its default configuration, a firewall will typically deny these types of requests.

Of course, there may be times when you actually want Internet users to connect to your computer. For example, you may want to play an online multiplayer game, or exchange files over an instant messaging session. For times where you do want another user to be able to connect to your PC for these reasons, you can configure a firewall to allow the action. Doing this is sometimes referred to as opening a port, acting as a server, or configuring an exception. In the case of an online game, you may need to configure your firewall to open the ports that the game uses in order to allow your competitor to connect to your PC. As part of doing this, you tell the firewall to continue blocking all incoming connection attempts, except those required to play the game.

Inbound filtering is as close to a universal firewall feature as you'll find. With no additional configuration necessary, a firewall blocks all incoming connection attempts by default, and then only allows certain types of traffic through based on the rules you configure. Ultimately, inbound filtering is what stops any user on the Internet from connecting to your PC without your permission. When a firewall is not installed and enabled, no inbound filtering takes place, meaning that Internet users can connect to available services on your PC without any intermediary keeping an eye on things.

Outbound Filtering

Where inbound filtering is designed to control which traffic originating from the Internet can enter your PC, outbound filtering controls which traffic can leave your computer destined for the Internet. By default, most firewalls are configured to allow all traffic leaving your computer to access the Internet without restriction-the basic assumption being that you made the request, and know what you're doing.

The capability to access anything on the Internet may seem great at first glance, but filtering outbound traffic is important for a number of reasons. First, you may actually want to restrict what users of your computer have access to online. For example, perhaps you want to allow all users to surf the web and send and receive e-mail messages, but block them from using the computer to connect to file sharing services. If your firewall supports outbound filtering, you can control and restrict the types of traffic that leave your PC.

Although controlling inbound traffic is imperative, implementing a firewall that includes outbound filtering capabilities has become particularly important from a system security perspective. If a virus infects your computer, it may try to use your PC and Internet connection to infect other systems. Similarly, many spyware programs are designed to collect information (like files, personal details, and even credit card numbers) from your computer and then send it off to a server on the Internet. Unless you have a firewall installed that is capable of outbound filtering, these pests can use your Internet connection without restriction, silently connecting to the Internet without your knowledge.

Firewalls that support outbound filtering implement the feature in a few key ways. Some work at the port level, allowing or denying traffic based on its type. For example, you can configure this type of firewall to disallow outbound FTP connections. Other firewalls function at a program or service level, enabling you to specify exactly which programs should be granted access to the Internet. With this type of firewall, you could allow a program like Windows Mail to access the Internet, but deny a file-sharing program from connecting online.

Ultimately, a firewall that supports both inbound and outbound filtering capabilities offers the best protection for your PC. As with any security feature, however, the ability of a firewall to protect your system is dependent upon it being configured correctly.