What is firewall?
Security has become one of the primary concerns when an organization connects its private network to the Internet. Regardless of the business, an increasing number of users on private networks are demanding access to Internet services such as the World Wide Web (WWW), Internet mail, Telnet, and File Transfer Protocol (FTP). In addition, corporations want to offer WWW home pages and FTP servers for public access on the Internet. Network administrators have increasing concerns about the security of their networks when they expose their organization's private data and networking infrastructure to Internet crackers. To provide the required level of protection, an organization needs a security policy to prevent unauthorized users from accessing resources on the private network and to protect against the unauthorized export of private information. Even if an organization is not connected to the Internet, it may still want to establish an internal security policy to manage user access to portions of the network and protect sensitive or secret information. Network security is so vast a subject that it's almost impossible to understand completely. Hackers are always looking for new ways to intrude or wreak havoc on corporate networks, and it seems as if every time one problem is solved several more pop up. Firewalls are probably the first products that come to mind when you think of Internet security, but if you intend to makefull use of the Net, firewalls are only a first step.
A firewall is one way of protecting a computer network against the outside world. (6, p.1) A firewall is any one of several ways of protecting one network from another untrusted network. The actual mechanism whereby this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic.
An Internet firewall is a system or group of systems that enforces a security policy between an organization's network and the Internet. The firewall determines which inside services may be accessed from the outside, which outsiders are permitted access to the permitted inside services, and which outside services may be accessed by insiders. For a firewall to be effective, all traffic to and from the Internet must pass through the firewall, where it can be inspected. The firewall must permit only authorized traffic to pass, and the firewall itself must be immune to penetration. Unfortunately, a firewall system cannot offer any protection once an attacker has gotten through or around the firewall. A firewall system can be a router, a personal computer, a host, or a collection of hosts, set up specifically to shield a site or subnet from protocols and services that can be abused from hosts outside the subnet.
The primary components (or aspects) of a firewall are:
- Advanced authentication mechanisms,
- Packet filtering, and
- Application gateways. (7, p.1)
There are three essentials that an effective firewall should do:
2.Permit only authorized traffic to pass
3.Be immune to unauthorized manipulation
The cost that a company can incur for a firewall can range from $10,000 to $100,000. (10, p.1) It is important, though, to consider not only the original price but also the cost of maintaining the system. The cost of a system depends on the wants of the company and the number of system protected.
Generally, firewalls are configured to protect against unauthenticated interactive logins from the "outside" world. This, more than anything, helps prevent vandals from logging into machines on your network. A firewall blocks all unauthorized communication between computers in an organization and computers outside that organization. The firewall can protect you against any type of network borne attack if you unplug it. Firewalls are also important since they can provide a single "choke point" where security and audit can be imposed.
Though firewalls are a good means of security, they cannot protect against everything. Firewalls cannot protect against attacks that do not go through the firewall. They cannot protect against viruses because there are too many ways of encoding binary files for transfer over networks and too many different architectures and viruses to try to search for them all. Firewalls cannot protect against a data-driven attack, in which something is mailed or copied to an internal host where it is then executed. There are other ways firewalls can fail or be compromised.
A firewall can greatly improve network security and reduce risks to hosts on the subnet by filtering inherently insecure services and by providing the capability to restrict the types of access to subnet hosts. As a result, the subnet network environment poses fewer risks to hosts, since only selected protocols will be able to pass through the firewall and only selected systems will be able to be accessed from the rest of the network.
It is not a good thing if a firewall is compromised without any trace of how the attack took place. No security system is 100% secure; however, firewalls enhance host security by funneling attackers through a narrow gap where there is a chance of catching or detecting them first.
Karanjit, Ph.D. Siyan (1995). Internet Firewalls and Network Security.
New York: Specialized
Systems Consultants, Inc.
World Wide Web sites: