Movies and books, as well as video games will make us further believe that firewalls are some advanced technology, but again the truth is much simpler. Most firewalls are just software and these are actually very simple products that come in a variety of forms.
The first type is the hardware firewall, which is actually an application that is built into your DSL, cable or wireless router. In this case the firewall is the first line of defense, and works by a technique called packet filter, examining the header of a packet, and thus determining its source and destination address. This information is then compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped. An advanced system called Stateful Packet Inspection (SPI) even looks for other characteristics, including the origin and whether incoming traffic is actually a response to outgoing connections, such as a Web page request. The downside of hardware firewalls is that they can inadvertently treat any local network traffic as safe, which certainly won’t halt the spread of viruses or other threats if even one computer on the network is contaminated.
The alternative is a software firewall, which is essentially a program that screens the data as it arrives on the network. This time of firewall isn’t limited to a single type of application either. In fact, there are several variations of software firewalls available. These have evolved much as computer networks have evolved. But no matter which version is in place, all information passes through the firewall, and those that do not meet a specified security criteria are blocked. There are several types of methods that software firewalls use to block unauthorized connections to the computer. These include a packet filter – similar to the hardware firewall technique – that looks at each packet of data that enters or leaves the network, accepting or rejecting it based on the user-defined rules. It is effective, but susceptible to spoof IP addresses – that is where the sender’s IP address has been changed to appear to be an allowed address. A proxy server can intercept all data entering and leaving the network, and it effectively hides the true IP addresses, but this adds difficultly in allowing an authorized outside computer to access the protected computer. Additionally gateways can also be set up that allow specific connections, with approved access for specific programs – such as games – or from authorized outside IP addresses.
This post is part of the series: Firewall basics
This short series of articles provides an introduction to firewalls: what they are and how they work.