71. About Firewalls
Firewalls are designed to sit between your network and the Internet and protect the internal network from outside attack. Firewalls can consist of hardware and softwaresuch as the firewall provided by your WiFi router. Firewalls can also consist of software onlysuch as the Windows XP Windows Firewall.
Firewall Software, hardware, or both software and hardware designed to prevent unauthorized access to a private network. A firewall can be used to block both incoming and outgoing data traffic.
Firewalls that are a combination of hardware and software (your WiFi router's firewall, for example) can examine data packets leaving and entering the internal network. This is why the firewall can be used to block access to web content and services, as discussed in About Content Filtering and Opening Ports. More importantly, the firewall is designed to negate intrusions and attacks from the outside, meaning the Internet. So, how does the firewall actually determine when data packets from the outside are an attack rather than normal data traffic?
A large number of firewall products are on the market. Software-only firewallssuch as the Windows Firewall (a free addition to the Windows XP OS) and ZoneAlarm (for more about ZoneAlarm, a really great personal firewall, see http://www.zonealarm.com)are designed as personal firewalls that protect only the computer on which they are installed. Higher-end firewalls designed to protect a small network are built in to many of the WiFi routers available from manufacturers such as Linksys and Netgear. Corporate networks employ even more sophisticated and complex firewalls that are designed to protect very large networks. These dedicated firewalls (they typically do not serve any other function, as does your multifunction WiFi router) provide more configuration options and provide a greater number of security settings compared to the simpler firewalls provided with a WiFi router designed for home and small office networking.
The firewall built in to your WiFi router inspects all the data traffic coming into and out of the local network. Each data packet is examined so that it can be matched to a specific Internet servicesuch as HTTP (the Web) or FTP (a file transfer). If a data packet can't be matched to an actual service connection (such as the web browsing service) that originated on the internal network, the firewall will dump that packet and any other packets that can't be associated with a particular connection. So, any data traffic (the actual packets) that doesn't originate from an internal service is blocked by the firewall.
This type of packet inspection is called Stateful Packet Inspection (SPI). This is why the firewall built in to your WiFi router is referred to as an SPI firewall in the router's documentation.
Steteful Packet Inspection (SPI) Data packets are inspected by the firewall and analyzed to determine their association with current network connections and service requests.
Firewalls use SPI to determine whether data packets entering the local area network from the Internet are the result of a potential attack or intrusion on the local network. One of the most common types of attacks used over the Internet is the denial-of-service attack: The attacker floods the local network (often a single computer) with so much data that the computer or network overloads and shuts down. This type of attack has been used repeatedly to take down websites on the Internet and can also be used to disrupt computers and services on a small home network. An SPI firewall can protect a network from a denial-of-service attack, so it makes sense to take advantage of the firewall provided by your WiFi router.