This is not a indepth article about firewalls but simple basic stuff.I've concentrated on windows based environment apart from the general case.In my next article I'll try my hand with GNU/Linux as the base OS after I have a handson experience with it.Raves & rants are welcome.:bowtie:
What is a firewall?
A firewall may be a standalone system,a software application or a hardware device that blocks/permits traffic,prevents unauthorized users or malicious traffic from accessing a network or a system.It acts as a barrier or a membrane between two or more networks.
The primary job of a firewall is to secure the inside network from the outside[it can be another network or more often the internet].Depending upon the policies or access control lists configured in the firewall,it can monitor inbound/outbound traffic & plus more.
Do I need a firewall?
Thats the question you should be asking yourself.With anyone who had been using a firewall with logging capabilities knows the amount of port scans you get on a day to day basis.Thus there is a need to block inbound traffic.The general tendency among home users with a single host or a small network is to use a software firewall on each host.One thing to consider here is if you are well versed with what goes at the OS level then you certainly dont need a separate freeware/commercial firewall,the windows firewall very well does the job for you.Oh yes I know it monitors inbound connections & not outbound but the fact remains if you have a knowledge of program control at the host then why do you need a separate firewall other than the windows firewall? After all its your computer/s,you should be knowing what is running & accessing the internet.
One program that I would like to strongly suggest is Fport.It shows you the mappings of the ports & IP addresses to their respective applications which are accessing the internet.
Fport
If you are getting paranoid then you are better off with a separate application based firewall.As most software firewalls ask for permission when a program is trying to access the internet.Where as if you only have a router acting as a firewall then it cant do much if malicious programs try to access the internet.For example if you already have a trojan in your system then it wont block or notify you of the happenings since its designed to consider everything that goes out of the system as legit.It does a very good job of blocking inbound traffic though.
There are different types of firewalls which serve nearly same purpose but for different audiences.The two most common types are:
1.Network level firewalls:These are standalone boxes & are much more sophiticated with loads of features.To mention a few,SPI[Stateful Packet Inspection],Deep Packet Inspection,Logging Capabilities etc.They usually run on proprietary Operating system such as the Cisco series,they run on the Cisco IOS[Internetwork Operating System]
2.Application level firewalls:Software firewalls,application level proxies come under this category.Apart from the regular huff & puff they offer a few nifty features such as content filtering,blocking unwanted hosts.
Proper Implementation:
Just placing the firewall without making full use of it doesnt serve its purpose very well.Deciding on what rules need to set for a single host or a network of computers,proper screening of the inbound/outbound policies is needed.Blocking all traffic through the firewall & then allowing traffic which is required as per the policies is considered to be a best practice.This implies for a application level firewall too.
Software V Hardware Firewall
A software firewall has to be installed on each host on the network & if the number of hosts are more then it becomes a cumbersome job.Also the amount of configuration needed for each hosts firewall setting is a pain in the neck.Even having a proxy server software installed to be a gateway has much to do,for example having a policy such as tunneling HTTP traffic through the proxy demands the network administrator to configure each clients browser settings.
A hardware firewall acts as a gateway to all the computers inside the LAN.Configuring & making changes applies to the gateway only.For example say the policy is to block all inbound connections to port 21,simply blocking port 21 at the firewall gateway will block all inbound traffic that is directed to the ftp port 21 inside the LAN.
Which firewall to choose from will depend on the network & the amount of resources you got.
But for a small SOHO network may I suggest some freebie Linux distros which will do the job of a firewall in a jiffy.But you will need a separate machine for that purpose,even a old 386/486 machine gathering dust will do.
1.Smoothwall: *www.smoothwall.org/
2.Clarkconnect: *www.clarkconnect.com/info/
3.IpCop: *www.ipcop.org/
The above are based on the GNU/Linux operating system & offer nifty feaures such as content filtering,web proxy,packet filtering.Much more than what a SOHO setup asks for.All the three have detailed documentation at their respective sites & also community forums for support & extra addons.They lack certain features like VPN which are only found in high class or commercial firewalls.
Although they cant be compared with the options available in the market but they offer valuable security to a single host or a small network.
Does having a firewall make me secure?
The answer is "no".Apart from having a well configured firewall the hosts in a network also need a equivalent & frequently updated anti-virus.Some NAT routers based firewalls also provide anti-virus scanning capabilities but that is like expecting too much of them.A standalone anti-virus application is designed for a single purpose only.Apart from the above it also takes some common sense on the part of the user to make use of the available resources in a proper manner keeping in mind the security aspect of the host/network.
Before I say good bye I will quote Duane Arnold: "The protection of the machine is a process and not a given".
What is a firewall?
A firewall may be a standalone system,a software application or a hardware device that blocks/permits traffic,prevents unauthorized users or malicious traffic from accessing a network or a system.It acts as a barrier or a membrane between two or more networks.
The primary job of a firewall is to secure the inside network from the outside[it can be another network or more often the internet].Depending upon the policies or access control lists configured in the firewall,it can monitor inbound/outbound traffic & plus more.
Do I need a firewall?
Thats the question you should be asking yourself.With anyone who had been using a firewall with logging capabilities knows the amount of port scans you get on a day to day basis.Thus there is a need to block inbound traffic.The general tendency among home users with a single host or a small network is to use a software firewall on each host.One thing to consider here is if you are well versed with what goes at the OS level then you certainly dont need a separate freeware/commercial firewall,the windows firewall very well does the job for you.Oh yes I know it monitors inbound connections & not outbound but the fact remains if you have a knowledge of program control at the host then why do you need a separate firewall other than the windows firewall? After all its your computer/s,you should be knowing what is running & accessing the internet.
One program that I would like to strongly suggest is Fport.It shows you the mappings of the ports & IP addresses to their respective applications which are accessing the internet.
Fport
If you are getting paranoid then you are better off with a separate application based firewall.As most software firewalls ask for permission when a program is trying to access the internet.Where as if you only have a router acting as a firewall then it cant do much if malicious programs try to access the internet.For example if you already have a trojan in your system then it wont block or notify you of the happenings since its designed to consider everything that goes out of the system as legit.It does a very good job of blocking inbound traffic though.
There are different types of firewalls which serve nearly same purpose but for different audiences.The two most common types are:
1.Network level firewalls:These are standalone boxes & are much more sophiticated with loads of features.To mention a few,SPI[Stateful Packet Inspection],Deep Packet Inspection,Logging Capabilities etc.They usually run on proprietary Operating system such as the Cisco series,they run on the Cisco IOS[Internetwork Operating System]
2.Application level firewalls:Software firewalls,application level proxies come under this category.Apart from the regular huff & puff they offer a few nifty features such as content filtering,blocking unwanted hosts.
Proper Implementation:
Just placing the firewall without making full use of it doesnt serve its purpose very well.Deciding on what rules need to set for a single host or a network of computers,proper screening of the inbound/outbound policies is needed.Blocking all traffic through the firewall & then allowing traffic which is required as per the policies is considered to be a best practice.This implies for a application level firewall too.
Software V Hardware Firewall
A software firewall has to be installed on each host on the network & if the number of hosts are more then it becomes a cumbersome job.Also the amount of configuration needed for each hosts firewall setting is a pain in the neck.Even having a proxy server software installed to be a gateway has much to do,for example having a policy such as tunneling HTTP traffic through the proxy demands the network administrator to configure each clients browser settings.
A hardware firewall acts as a gateway to all the computers inside the LAN.Configuring & making changes applies to the gateway only.For example say the policy is to block all inbound connections to port 21,simply blocking port 21 at the firewall gateway will block all inbound traffic that is directed to the ftp port 21 inside the LAN.
Which firewall to choose from will depend on the network & the amount of resources you got.
But for a small SOHO network may I suggest some freebie Linux distros which will do the job of a firewall in a jiffy.But you will need a separate machine for that purpose,even a old 386/486 machine gathering dust will do.
1.Smoothwall: *www.smoothwall.org/
2.Clarkconnect: *www.clarkconnect.com/info/
3.IpCop: *www.ipcop.org/
The above are based on the GNU/Linux operating system & offer nifty feaures such as content filtering,web proxy,packet filtering.Much more than what a SOHO setup asks for.All the three have detailed documentation at their respective sites & also community forums for support & extra addons.They lack certain features like VPN which are only found in high class or commercial firewalls.
Although they cant be compared with the options available in the market but they offer valuable security to a single host or a small network.
Does having a firewall make me secure?
The answer is "no".Apart from having a well configured firewall the hosts in a network also need a equivalent & frequently updated anti-virus.Some NAT routers based firewalls also provide anti-virus scanning capabilities but that is like expecting too much of them.A standalone anti-virus application is designed for a single purpose only.Apart from the above it also takes some common sense on the part of the user to make use of the available resources in a proper manner keeping in mind the security aspect of the host/network.
Before I say good bye I will quote Duane Arnold: "The protection of the machine is a process and not a given".
