Firewalls are designed to sit between your network and the Internet and protect the internal network from outside attack. A firewall will examine data leaving and entering the internal network and can actually filter the data traveling in both directions. If data packets do not meet a particular rule that has been configured, the data is not allowed to enter the internal network or leave the internal network. This means that firewalls not only protect a network from outside attack, but they can also control the type of connections made by users on the internal network to the outside (meaning that employees can be restricted from connecting to certain Web sites).
Firewalls are typically a combination of hardware and software, and they really don't look that much different from other connectivity hardware, such as hubs and routers. Firewalls are manufactured by a number of companies, including Cisco, 3Com, and Ascend Communications. Firewalls come in a variety of models that have been designed to protect different size networks. For example, 3Com manufactures the OfficeConnect firewall line as a security tool for small companies. For larger enterprise networks, 3Com offers the SuperStack 3 firewall. The SuperStack 3 firewall is designed to control large numbers of VPN connections (we discuss VPN, or Virtual Private Networking, in Chapter 17). This firewall also provides support for IPSec.
Software-only firewalls do exist. For example, a very popular personal software firewall is ZoneAlarm. Figure 20.9 shows a ZoneAlarm window and an alert that a computer attempted to connect to my computer using port 1026 (scary isn't it?).
Figure 20.9. Software firewalls can protect computers with a persistent connection to the Internet.
The software-only firewalls are primarily designed for personal use to protect a PC that has a persistent connection to the Internet through a DSL line or a cable modem. Windows XP actually includes a basic software firewall that you can use to protect your computer from attacks over the Internet.
I think that you will agree that Figure 20.9 helps make a fairly compelling argument that firewalls are an important addition to network security. I briefly mentioned in the previous section that TCP/IP ports provide avenues used by hackers to break into networks and computers. Now, depending on the size of your business and company network, you may think, "Why would anyone waste his time trying to break into my network?" But thinking that crackers only go after big networks such as Microsoft and the Department of Defense is a very wrong assumption.
I'm not sure why anyone would waste his time trying to crack into networks, but there are a lot of people out there who do try to crack into networks and even personal computers connected to the Internet. Figure 20.9 provides fairly convincing evidence that even the lone PC may be in danger of attack.
Plenty of people out there are looking for computers and networks they can probe and then connect to. As a sort of hands-on epiphany of your own related to the importance of firewalls, check out https ://grc.com/default.htm. This site is maintained by Gibson Research Corporation and provides a link to a special site that it has created called Shields Up. The Shields Up site shows how vulnerable computers running the Windows operating system are to outside attack.
Make sure you click the link for Shields Up on the GRC home page. If you are not running a personal firewall on the computer, you will be surprised to find that the Shields Up Web site will greet you using the NetBIOS name of your computer. To make things even more scary, scroll down on the Shields Up page and click the Test My Shields button.
When I ran the shield test on a Windows computer configured for file and print sharing, the output screen from the shield test provided a list of all the folders and printers being shared on the computer. When I ran the probe port test, which is also accessed from the Shields Up page, a number of ports, such as HTTP, Telnet, and NetBIOS, were also shown to be wide open .
Then I installed ZoneAlarm on the computer and reran the tests. The shield test showed that the computer was now operating in "stealth" mode and no information about the computer, such as the NetBIOS name and shared resources, was available. When I ran the port probe test, all the ports had been closed to the outside by the firewall. Figure 20.10 provides the results of the port probe. All ports are now unavailable as a potential route for someone trying to access data on the computer over the Internet.
Figure 20.10. Firewalls protect TCP/IP ports.
So, firewalls really do work. Let's take a look at the different types of firewalls available for protecting corporate networks.