Week 12 - How a Firewall Works

Image Source:  https://images.idgesg.net/images/idge/imported/imageapi/2019/07/26/16/cyber2dsecurity2dpicture2did915612602-100804173-orig.jpg

    
     We use firewalls to set up a "wall" of defense or system that is designed to keep unauthorized access into or out of a private network.  Firewalls come in a software and hardware form, meaning you can buy programs to set up the firewall or buy a physical piece of hardware that will set up this task.  It is especially important for businesses to use in order to protect their data from within and coming into their intranet.  It works as a filter that only allows authorized packets to come through.  Without them, any hacker that knows what they are doing can access your data by way of FTP or telenet connections to access your data and do with it what they want.  You can set up rules to the connections through the firewall to only allow certain traffic thorough. 

     These firewalls use one or more of three methods to control traffic flowing in and out of the network:

• Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
• Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
• Stateful inspection - A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

      You can customize the firewall by adding different filters to set up different conditions.  You can let monitor for an IP address that is coming taking information out of your network.  If it is reading too many files on the server, it can block all traffic coming in from that IP address.  You can also have it allow or disallow certain domain names from getting access - i.e. Facebook, Twitter, Netflix, etc in order to keep your employees from socializing while on the clock.  In the same fashion, you can set up the firewall to search for certain "trigger" words that could be x-rated or NSFW (not safe for work).
     Some operating systems have a firewall already configured (Windows) or you can also purchase hardware like a Cable/DSL router that has a built-in Ethernet card and hub, setting any filters through the interface that you access through a browser to configure that device to suit your needs.  
     Whether or not you need a well-customized or simple firewall, all computers need them to help defend against different attacks.  These types of attacks could include: Remote logins, Application backdoors, SMTP session hijacking, Operating system bugs, Denial of service, Email bombs, Macros, Viruses (most common), Spam, Redirect bombs, or Source Routing.  The higher the security level set up, the less information that gets through.  Highest setting blocks everything.