Firewalls - what they are, what they do and why you need one!

What is a Firewall?

When a computer is connected to the internet it can be 'seen' by anybody else who is also connected to the internet. This makes it potentially vulnerable to unauthorised access to the information and services on that computer.

There are many threats on the internet that regularly scan millions of computers on the internet to try to find ones that are vulnerable.

A firewall is a piece of equipment, or a software application running on your computer, that protects it from this unauthorised access.

Single Computer connected to the internet

If you have just one computer connected to the internet you should make sure that you have either a hardware or software firewall between your computer and the internet connection.

Multiple computers, or network, connected to the internet

If you have more than one computer connected to the internet they will usually be connected together as a local network. All the computers on this network then share the internet connection. The network will normally access the internet through equipment such as a combined modem and router.

Software Firewalls

With this setup your computer is likely to be connected to the internet via either a broadband modem or a more traditional (and slower!) dial-up modem.

Hardware Firewalls

A hardware firewall is a piece of equipment that is physically located between your computer and your internet connection.

In this scenario your modem will be plugged into one connection on the firewall and your computer (or network) into another. Any traffic to and from the internet passes through the firewall, and is filtered, before reaching your computer.

This type of setup is rarely implemented when there is just one computer involved and is the usual setup when multiple computers are connected to an internal network which is then connected to the internet.

If you have a setup like this at home, and you have broadband, you will probably have a combined modem, router and firewall. You should check that your router has a firewall built in.

Your router may be wireless, which again should have a built-in firewall.

In the unlikely event that your router does not have firewall functionality you should make sure that each computer attached to it also has a software firewall. If your router does have an inbuilt firewall you do not need to have software firewalls on the computers.

This scenario, implementing a firewall between the internet and a local network, is also most common in business environments. However, for small businesses with only one computer connecting to the internet you should check your setup and ensure that you have a firewall in place.

How a Firewall filters information

There are three basic methods that a firewall can use to filter information traffic:

• Packet filtering
• Proxy service
• Stateful Inspection

How many of these are used by a specific firewall will depend on it's abilities.

Packet Filtering

Information is broken down and sent across the internet as packets (for more information on this read So what is this internet thing?)

A packet filtering firewall will examine the contents of a packet and accept or reject that packet based on rules that have been defined.

Proxy Firewalls

A proxy firewall controls all access to the internet. In many cases a computer will have to authenticate with a proxy firewall using a separate user ID and password in order to access the internet.

All information is received by the proxy service which compares it to specific rules, such as which programs are allowed to access the internet. If the information is allowed it will be forwarded to it's intended destination, otherwise it will be blocked.

Stateful Inspection

This is similar to packet filtering, but only examines certain elements of a packet. It compares these elements with a database of trusted information. If the comparison is successful the packet is allowed through; if not it is blocked.

How does a Firewall know what should be blocked?

A firewall contains a set of rules which it compares all traffic against. Traffic that meets the rules is allowed through and traffic that doesn't is blocked.

Some of the more common criteria that can be configured on most firewalls are:

• IP Addresses
• Domain Names
• Protocols
• Ports
• Words and Phrases

IP Addresses

This is the unique address assigned to equipment connected to a network (for more information read IP Addressing - how computers communicate across the Internet).

A firewall can be set to block information to or from specific IP Addresses or ranges of addresses.

Domain Names

A domain name is a text description of an IP Address (for example the domain name of this site is pc-help-online.co.uk which is mapped to the IP address 194.154.164.100).

Firewalls can usually be configured to block all traffic to and from specific domains.

Protocols

A network protocol is the definition of how services talk to each other over a network.

This sounds more complicated than it is - think of protocols as being different ways to communicate, which are specific to different tasks.

To view information on a website your computer needs to use the Hyper Text Transfer Protocol (HTTP). To talk across the internet your computer needs to use two protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP).

A firewall can be set to block specific protocols, effectively stopping certain services (for example if a firewall was set to block HTTP, no computers communicating through the firewall would be able to access any web pages).

Ports

When a program on your computer needs to communicate over the internet it will do so via one or more ports.

A firewall can be set to block all communication based on specific ports, preventing specific programs from accessing the network.

Most firewalls will block any unused ports. This prevents a hacker or malicious software being able to access your computer through a port that isn't being used by a program.

Words and Phrases

Some firewalls will allow information to be filtered based on specific words or phrases. Each packet will be examined for these and accepted or blocked based on whether any disallowed phrases appear.

What a Firewall Protects you from

A firewall will provide protection from:

• Hackers - people who try to access you computer and it's information. For a hacker to bypass a firewall requires a lot more effort and time. A consumer firewall will provide enough protection to deter all but the most persistent hackers - and they are very unlikely to waste their time on home or small business networks.
• Worms - these are a type of virus that spread by searching for computers on a network and infecting them. A firewall will help prevent infection from this sort of virus.

What a Firewall won't protect you against

Generally, a firewall will not protect you from:

• Spam - locking your front door doesn't prevent the postman delivering that annoying junk mail.

• Most Viruses - Most viruses infect your computer through you opening an infected email attachment or other file.

  A firewall will not protect you against these viruses. You should have good anti-virus software and be careful about the files you open.

• People being able to access your computer because they know your password.

• Spyware - like viruses, Spyware is something that installs because you (unknowingly) allow it.

  A firewall will not protect you from Spyware and you should ensure that you have a good anti-Spyware program installed.

• Access to unwanted sites (for example, porn) - it is often possible to block individual sites. However, with the thousands of such sites on the internet it is impractical to find and block all of them.

Related Documents

Resources