You've probably heard of firewalls before, and know that they are used to protect your computer from certain threats. But what exactly are firewalls and how does a firewall work? This article explores the issue.
A Wall Against the Elements
Outside of the world of computers, a firewall is a solid wall built to contain a fire. A chemical plant might have one surrounding an area where flammable chemicals are handled, for example. The concept is based off containment. If anything bad were ever to happen, the firewall would prevent the destruction from spreading.
A computer firewall is similar, but more porous. It protects your computer from the wild of the Internet by erecting a virtual barrier between your network or computer and the Internet. This is important in the prevention of infection from computer worms, for example, which spread themselves by attempting to infect computers that are unprotected at random.
How Does a Firewall Work?
A firewall examines the traffic that is being sent between two networks. In home use, this means that the firewall examines the traffic being sent between your home network and the Internet. The data is examined to see if it appears legitimate, and if so the data is allowed to pass through. If it doesn't appear legitimate, this information is stopped.
The most common way a firewall filters information is by examining I.P. address and port information. The firewall can determine which ports and I.P. address are normal and keeps a list of situations that are suspicious. If something looks suspicious, it will stop the information. Firewalls usually don't intervene in normal web browsing, but they can be strict otherwise. For example, if you have a firewall installed on your computer it will probably generate a warning the first time you play an online game because the firewall is not familiar with the program that is requesting access to the Internet and because the information the program wants to send doesn't look like standard web traffic.
Firewalls can also filter traffic based on protocol, although this option is not usually enabled by default. For example, a business might have a firewall block HTTP traffic to prevent employees from accessing the Internet while at work.
What Can't a Firewall Do?
The purpose of a firewall is simply to monitor traffic and stop traffic that appears dangerous, but it can do no more than that. A firewall cannot stop or remove malware that is already on your computer or network. It also cannot deal with security threats that are outside of the realm of software, such as poor password protection. This is why a firewall is usually not considered sufficient for full PC security and why most internet security suites ship with both antivirus and firewall software.
What Types of Firewalls Are There?
There are many types of firewalls, but the two of the most concern to consumers are software firewalls and router firewalls.
Software firewalls are firewalls that are installed on a computer. They protect only the computer on which they are installed. A good software firewall, like those provided by Zone Alarm and Norton, provides excellent protection against threats. These firewalls can prevent worms from infected your computer through a network security flaw. They can also greatly reduce the damage caused by Trojan horse programs, keyloggers and other malware that must communicate with a remote computer to function. Software firewalls have a user-friendly interface and are flexible in how they can be configured.
Router firewalls are firewalls that protect your entire home network and are, as you might expect, located on your router. The router firewalls protects the entire network and network hardware which cannot have a software firewall installed on it. The router firewall also allows the creation of network-wide rules that govern all computers on the network.
Do You Need a Firewall?
Absolutely. Firewalls are a critical part of Internet Security. It is recommened that all computers have a software firewall. As mentioned, firewalls can be found in virtually all Internet security suites. Alternatively you can use a free firewall such as Zone Alarm.