Even people less familiar with the technology know that the the Internet is not a “territory” free of hazards. It is for this reason that it is important to know and use the tools protection for computers and networks. This text addresses one of the security options the most important of the computing environments: the firewall.
In the next lines, you will understand the concept firewalls, know their most common types and you’ll understand the reasons for these solutions to be considered essential.
What is firewall?
Firewall is a security solution based in hardware or software (most common) that, from a set of rules or instructions, analyzes the network traffic to determine which transmission operations or data reception can be performed. The “wall of fire”, the literal translation of the name already makes it clear that the firewall fits into a kind of defense barrier. Your mission, so to speak, consists basically of block traffic of unwanted data and free access welcome.
To understand it better, you can imagine a firewall as being a concierge in a condominium: to enter, is required to obey certain conditions, such as if you identify, be expected by a resident and does not carry any object that can bring security risks; to exit, not if you can take anything which belongs to tenants without proper authorization.
In this sense, a firewall can prevent a series of malicious actions: a malware that uses a particular port to install on a computer without the user know, a program that sends sensitive data to the Internet, an attempt to access the network from external computers are not allowed, etc.
How a firewall works?
You already know that a firewall acts as a kind barrier that checks to see what data may pass or not. This task can only be done through the establishment of policies, that is, of the rules, such as you also already know.
In a most restrictive mode, a firewall can be configured to block any and all traffic on the computer or on the network. The the problem is that this condition isolates this computer or this network, then you can create a rule for that, by example, the entire application wait for authorization the user or administrator to have your access unlocked. This the authorization could even be permanent: once given, subsequent accesses will be automatically allowed.
In a more versatile, a firewall can be configured to automatically allow traffic from certain types of data, like HTTP requests (an acronym for Hypertext Transfer Protocol – the protocol used to access the Web pages), and block others, such as connections to e-mail services.
Note, as these examples, that the policies of a firewall are based, initially, on two principles: all traffic is blocked, except what is explicitly authorized; all traffic is allowed, except that which is explicitly blocked.
Firewalls are more advanced can go further, directing determined type of traffic for security systems internal more specific, or providing an extra reinforcement in procedures of user authentication, by example.
You will have more details on the functioning of the firewalls on the following topic.
Types of firewall
The job of a firewall can be accomplished in several ways. The that defines a methodology or another are factors such as criteria of the developer, the specific needs of the that will be protected, the characteristics of the system operating that maintains the structure of the network, and so on.This is why we can find more than one type of firewall. The following are the most well-known.
Packet filtering (packet filtering)
The first firewall solutions have emerged in the the decade of 1980 and based on the packet filtering of data (packet filtering), a methodology that is simple and, therefore, more limited, although it offers a level of safety significant.
To understand, it is important to know that each package has a header with various information about you, as the source IP address, target IP address, type service, size, etc. The Firewall then analyzes these information in accordance with the rules established to release or not the packet is to exit or to get into the machine/network), and may also run some related task, such as register access (or attempt to) in a log file.
The transmission of the data is done based on the standard TCP/IP (Transmission Control Protocol/Internet Protocol), which is organized into layers, as explained in this text on IP addresses. Filtering is usually limited to the network layers and transport: the first is where occurs the addressing of equipment that are part of the network and processes routing, for example; the second is where are the protocols that allow the data traffic, such as TCP and UDP (User Datagram Protocol).
Based on this, a filtering firewall you can have, for example, a rule that allows all traffic from the local network that use the UDP port 123, so as to have a policy that blocks any access the local network through TCP port 25.
Filtering, static and dynamic
It is possible to find two types of filtering firewall packet. The first uses what is known as filters static, while the second is a little more evolved, using dynamic filters.
In static filtering, the data are blocked or released purposes based on the rules, no matter the connection that each package has with another. The principle, this approach is not a problem, but certain applications or services may depend on answers or requests specific to start and maintain the transmission. It is possible then that the filters contain rules that allow the traffic from these services, but at the same time blocking the responses/requests are necessary, preventing the execution of the task.
This situation is able to cause a serious the weakening of the security, an administrator could be forced to create less rigid rules to avoid the services are prevented from working, increasing the risks of the firewall does not filter packets that should be, in fact, blocked.
Dynamic filtering has emerged to overcome the limitations of static filters. In this category, the filters consider the context in which the packages are inserted to “create” rules that would adapt to the scenario, allowing certain packets trafeguem, but only when necessary, and during the corresponding period. In this way, the chances of responses from the services are barred, for example, drops considerably.
Application Firewall or proxy services (proxy services)
The application firewall, also known as proxy services (proxy services) or just proxy is a security solution that acts as an intermediary between a computer or an internal network and another network, external – typically, the Internet. Usually installed in powerful servers for having to deal with a large number of requests, firewalls of this type are interesting options of security because do not allow direct communication between source and target.
Note that all the data flow needs to pass through the proxy. This way, it is possible, for example, to establish rules that to prevent access from certain external addresses, as well as prohibiting the communication between internal computers and certain remote services.
This comprehensive control also enables the use of the proxy to complementary tasks: the equipment can register the traffic data in a log file; contents very used can be saved in a sort of cache (a Web page too accessed is stored temporarily at the proxy, making it is not necessary to order it in original address all the time, for example); certain resources can be released only upon authentication of the user; etc.
The implementation of a proxy is not a task easy, because of the huge amount of services and existing protocols on the Internet, causing, depending on the circumstances, this type of firewall is unable to or requires a lot of configuration to block or allow certain accesses.
With regard to limitations, it is convenient to to mention a solution called transparent proxy. The proxy “traditional”, not rarely, requires that certain settings are made in tools that use the network (for example, an Internet browser) so that the communication happens without errors. The problem it is, depending on the application, this adjustment work can be unfeasible or costly.
The transparent proxy appears as an alternative to these cases because the machines that are part of the network do not need to know their existence, eliminating any configuration specific. All access is usually done from the client to the external network and vice-versa, but the transparent proxy fails intercept it and respond accordingly, as if the communication, in fact, be direct.
It is worth stressing that the transparent proxy also they have their disadvantages, for example: a proxy for “normal” is able to thwart a malicious activity, such as a malware sending data from one machine to the Internet; the proxy transparent, in turn, can not block this traffic. It is not difficult to understand: for be able to communicate externally, the malware would have to be configured to use the proxy to “normal” and this is usually not it happens; in the transparent proxy there is this limitation, therefore, the access it would normally happen.
Stateful inspection (stateful inspection)
Considered by some experts on the subject as a evolution of dynamic filters, firewalls inspection of the state (stateful inspection) work making a sort of comparison between what is happening and what is expected to happen.
For both, the firewalls inspection analyze the entire traffic data to find states, that is, acceptable standards by their rules and that, the principle, will be used to maintain the communication. These information are then maintained by the firewall and used as a parameter for the subsequent traffic.
To better understand, assume that an application has initiated an access to transferring files between a client and a server. The packets of the initial data inform you which TCP ports will be used for this task. If suddenly the traffic begin to flow through a port that is not mentioned, the firewall you can then detect this occurrence as an abnormality and make the lock.
Architecture of firewalls
You certainly realized that, judging by the variety of types, firewalls can be implemented in several ways to meet the most diverse needs. This aspect leads to another important feature of the subject: the architecture of a firewall.
When we talk about architecture, we refer to the way the the firewall is designed and implemented. There are, basically, three types of architecture. We will see them the following.
Architecture Dual-Homed Host
In this mode, there is a computer called a dual-homed host that sits between an internal network and the external network – typically the Internet. The name is due to the fact this host has at least two interfaces of the network, one for each “side”.
Note that there is no other way of communication, therefore, all traffic passes through this firewall, and there is access from the internal network to the network the external (and vice versa) directly. The main advantage of this approach is that there is a great traffic control. The disadvantage more expressive, in turn, is that any problem with the dual-homed – an invasion, for example – can put at risk the security of the network or even paralyze the traffic. For this reason, the use of which may not be suitable in networks whose access to the Internet is essential.
This type of architecture is often used for firewalls type proxy.
In the architecture Screened Host, instead of having a single machine serving intermediadora between the internal network and the network outside, there are two: one that plays the role of router (screening router), and another call from the bastion host.
The bastion host acts between the router and the internal network, not allowing direct communication between both sides. Notice then that this is an extra layer of security: the communication occurs in the sense network internal bastion host screening router – external network and vice-versa.
The router normally works by filtering packets, being the filters are configured to redirect the traffic to the bastion host. This, in turn, can decide whether or not certain connections should be allowed or not, even if they have past by filters on the router.
Being the critical point of the structure, the bastion host needs to be well protected, otherwise, will put at risk the security of the internal network, or still be able to make it unreachable.
The architecture Screened Subnet also account with the figure of the bastion host, but this sits within a secluded area of the name interesting: a DMZ, short for Demilitarized Zone – ZoneDemilitarized.
The DMZ, in turn, is located between the internal network and the external network. It happens that, between the internal network and the DMZ is a router that typically working with packet filters. In addition, between the The DMZ and the external network there is another router of the type.
Note that this architecture shows to be very secure, since, if the attacker pass through the first router, you will still have to deal with the demilitarized zone. This can be configured in several forms, with the implementation of proxies or with the adding more bastion hosts to deal with requests specific, for example.
The level of security and flexibility configuration make the Screened Subnet architecture usually more complex and, consequently, more expensive.
The topic about architectures shows the options configuration of firewalls in networks. But, as you probably know, there are firewalls more simple intended for to protect your computer, be it a desktop, a laptop, a tablet, anyway. Are the firewalls personal (or household), that SHOULD be used by any person.
Fortunately, current operating systems for home use or in the office often contain internal firewall for standard, as is the case of distributions Linux, Windows 8, or Mac OS X. in addition, it is common to developers of anti-virus offer other options protection next to the software, including a firewall.
But, for those looking for a more efficient solution and that allow multiple types of adjustments, it is possible to find numerous options, many of them free. Windows users, for example, can count with the ZoneAlarm, Comodo, etc.
No matter what your operating system, it is worth search for an option that can meet your needs.
It was already mentioned in this text is the fact a firewall could be a software solution or hardware. This information is not incorrect, but it is need a complement: the hardware is nothing more than a equipment with a firewall software installed.
It is possible to find, for example, routers, or equipment similar to these that exercise the function in question function. In this case, the goal usually is to to protect a network with heavy traffic or with data very important.
The advantage of a hardware firewall is that the equipment, by be developed specifically for this purpose, it is prepared to dealing with large volumes of data and is not subject to vulnerabilities that can eventually be found on a server conventional (on account of a failure in other software, for example).
Limitations of firewalls
Reading this text, you must already have observed that the firewalls have there own limitations, and that these vary according to the type of solution and architecture used. In fact, firewalls are security features quite important, but are not perfect at all senses.
Summarizing this aspect, we can mention the following limitations:
- A firewall can offer the security you want, but compromise the performance of the network (or even a computer). This situation may generate more expenses for a expansion of infrastructure able to overcome the problem;
- The verification policy must be revised periodically so as not to impair the operation of new services;
- New services or protocols may not be properly handled by proxies that have already been implemented;
- A firewall may not be able to prevent an activity malicious that originates and is destined to the internal network;
- A firewall may not be able to identify a the malicious activity that happens through carelessness of the user – when this accesses a fake site of a bank by clicking on a link an e-mail, for example;
- Firewalls need to be “watched”. Malware or attackers experienced players can attempt to discover or exploit loopholes security solutions such as;
- A firewall can’t intercept a connection that do not pass by it. If, for example, a user to access the the Internet on your computer from a connection 3G (precisely to circumvent the restrictions of the Ending
As you could observe, firewalls are solutions important safety – do not it is for less that have emerged in the decade of the 1980’s and are widely used up to the present day. But, as evidenced by the topic about limitations, a firewall does not it is able to fully protect a network or a computer,reason must be used in conjunction with other features, as anti-virus, detection systems intruders, VPN (Virtual Private Network), and so on.
The thought that one should have is that the firewall is part of security, not security in itself, of the same way that happens in a building, for example: walls, gates, surveillance cameras and alarms are the security combined, with less efficiency if only one or the other item is used.