Protection tools: Firewalls [active & passive]

Firewall is a very colorful term however in real IT life it has very little to do with a strong image of a wall wrapped in a flaming inferno. The meaning of this IT concept is nothing fancy; in fact it`s a monotonous, relentless filter for the data (packets) that a computer exchanges with the Internet. Let us illustrate what a firewall does through a real-life analogy. Imagine a post-office worker who is assigned a tedious task of permitting mail for certain city addresses and denying everything else - everything that is not specifically allowed. In principle this job would constitute the vast majority of all firewalls out there in the world. Here`s what transpires: our postman looks at a letter which normally carries the addresses of a sender and a recipient. First he checks if the recipient is living on a street that is allowed to receive mail from the outside world and if the sender is banned to send mail to this particular street (or even the whole town), if it`s a "green light" our guy would then check if this very building is allowed to receive mail from this type of senders. If it`s cleared again our package goes through the city wall, or should we say: through the firewall.

Look at the example below which translates the common street address into the Internet language.

From:

Prosperous Client

777 Dreamworld St

Heavensburgh

NC

27272

 

Source:

 

port = 46055

IP = 77.44.222.111

 

(77.44.222.111:46055)

 

 

To:

Honored Provider

888 Solutions Ave

Techville

NC

25252

 

Destination:

 

Port = 25

IP = 208.107.99.3

 

(208.207.99.3:25)

IP address is an analogy to a street address and the Port is analogy to a building carrying a designated function (it could be a police department, hospital, casino, post office, etc).

Aside from the most general properties the postman can also discriminate the delivery based on many other parameters such as

  • type of a package
  • time (date)
  • timing (the permission is triggered by the events that must precede the delivery)
  • content of the package
  • confirmation/clearance of the sender`s identity

It is safe to say that almost everybody is using a firewall in the US these days. The most common example exists in every home with a broadband connection. It is a very basic firewall with two simple rules defined for each home-computer behind the firewall:

  • it allows all Internet traffic sent from a home computer into the wild
  • it blocks everything that tries to enter the house except for replies to previous replicas transmitted from home

These days each Windows, Mac or Linux computer comes equipped with a Firewall that is activated by default.

These examples constitute the realm of Standard Firewalls (also called Passive). They are driven by a pre-written set of rules and have very modest capabilities to adjust in order to avert a crisis.

Active Firewalls provide much stronger security thus they are more sophisticated and expensive. They resemble an analytical division aka a group of FBI investigators rather than a postman who is not at liberty to introduce new rules on the fly or override the existing ones should an attack hit the computer (network). Active Firewalls are dynamic in nature because they

  • recognize certain hostile patterns of Internet traffic
  • obey real-time block lists for existing trouble-makers
  • analyze suspicious events

It is easy to see and appreciate all the good that a firewall brings in any scenario, be it a home computer or an E-commerce Web server. However before we end this article it must be mentioned (with much sadness) that firewalls have certain drawbacks:

  1. Any high-quality, versatile and intelligent firewall would not be free, it is usually a subscription service requiring maintenance and frequent updates to keep the system up-to-date with the new threats out there
  2. Heavy censorship provides more safety but also puts its toll on the system`s performance and the speed of Internet access. In all fairness we should note that basic firewalls do little harm to the Internet performance
  3. Many legitimate applications that spread its Internet usage outside the mainstream traffic might be crippled by a default rule-set of a Firewall or over-aggressive threat-detection mechanisms. This is why it might be necessary to deal with a bit of a frustration and invest some time to adapt the firewall for any uncommon Internet traffic.

At last, with regards to firewalls, we`d like to mention something that usually brings joy and relief to managers and some level of aggravation to office workers, especially fun loving office workers ;) Business firewalls are often used to limit potential distractions to employees. It`s a common practice to block Internet access to entertainment, chat websites and  social networks such as YouTube.com, Google Talk, Facebook.com

On the grand scale of things firewalls are frequently used by a lot of countries in order to control spreading of unwanted information. On the small scale firewalls can be very efficient for the purposes of guarding a child from unwanted Internet content.