What Is a Firewall? | Upgrading and Repairing Networks (5th Edition)

A firewall is a set of components that stands between your network and the Internet and acts as a gatekeeper, allowing in trusted friends and keeping out known or suspected enemies. A firewall can be a single device, such as a router, computer, or dedicated hardware appliance, which has software capable of making the decisions needed to monitor the flow of data to and from the corporate network and the outside world. A firewall also can be composed of more than one router, computer, or network appliance, each performing a specific function. For small offices/home offices (SOHO) ” especially those using a broadband, always-on connection ”a simple firewall appliance that you can purchase at the local computer store might be all you need. Just about every device that is called a broadband router/switch supports such basic functions as Network Address Translation (NAT), which is covered in this chapter. These inexpensive router/switches do provide some measure of security, but they do not prevent attacks that originate from emails or other locally executed viruses or exploits, especially prevalent in the Windows environment. If you are a home user with a broadband connection, you should install some kind of network appliance between your cable or DSL modem and your computer. Even so, the best protection for SOHO networks is to disconnect your network from your broadband connection when you are not using it. Additionally, as with every computer connected to the Internet, you should be using an antivirus software package on a regular basis, and using the service offered by the manufacturer to keep the virus database up-to-date.

Note

Although this chapter is targeted toward business entities that have valuable data to protect, the information here also can be useful to home users. If you have a broadband connection ”be it DSL (digital subscriber line) or a cable modem ”for your home computer, you might find yourself either the victim of an attack or an unwitting accomplice to an attack on another larger network. Most of the denial-of-service attacks that have been aimed at popular Web sites involve a multi-tiered attack method known as a distributed denial-of-service attack . This type of attack involves breaking into computers of home users and planting the attack program code that will be used later to attack the actual target site. Because many home users are not security conscious, they might have such a program on their computers and never know it. Yet, after infiltrating hundreds, if not thousands, of innocent home computers and installing the attack program, the attacker simply needs to send a command out to these systems to begin an attack on a third party.

Several kinds of firewall technologies are used, and they generally can be classified into the following categories:

Packet filters
Stateful inspection
Proxy servers
Hybrids

Although many vendors offer firewall products (implemented in both hardware and software products), the technology used is so diverse that it's difficult to make direct comparisons between products. The best you can do is carefully review each product and ask a lot of questions before deciding whether it will offer the protection you need for your network. Also remember that even though new security holes are always popping up for firewall products, networks, and computer operating systems (OSs), many times a security breach occurs simply because a particular router or computer is not properly configured from a security standpoint. This chapter covers the basic concepts used for firewall technology. However, as this field continues to adapt and grow, you should be careful when choosing a solution for your network. Evaluate products from many vendors before making a purchase.

Tip

As suggested in Chapter 47, "Auditing and Other Monitoring Measures," in a large network you need to dedicate staff members to exclusively handle firewall duties . A firewall in a SOHO environment is not the same as a firewall in an enterprise network. In larger networks where there are many connections to the Internet, a dedicated staff is required to monitor, update, and fix problems as they occur. In this environment you cannot simply set up a hardware or software firewall and expect that your LAN or network is now secured from the outside world. Just as firewall technology continues to adapt to new conditions, so do hackers and others who may cause harm to your network.