Blog / What Did You Say? Firewall 101
A firewall provides the interface between the internal network/computers and the Internet. It translates and passes all traffic to and from user computers to the Internet. Even the most basic home Internet access has a firewall (sometimes called a router). In simple home networks, the modem, and firewall are combined into a single box supplied by the Internet provider (ie: Telus or Shaw).
In it’s most basic form, the firewall prevents outside Internet access to the computers behind the firewall. Thus for example, I can’t look at your home computer from my home computer – and visa-versa. However, if everything is blocked, then the users behind the firewall can’t see anything on the Internet.
All Internet traffic communicates on “ports” (think TV channels). There are more than 250,000 ports available for traffic depending on what the user wants and how the application/website was designed. Thus, firewalls open some ports while blocking traffic from others. Some applications use multiple ports – one for incoming and one for outgoing. Some applications use ports or ranges of ports dynamically – expecting the firewall to accommodate the differences.
This is a VERY simplistic explanation, but I hope you start to get the idea; the firewall is the central and critical “traffic cop” on the network that protects the internal systems from unauthorized and malicious intrusion. Firewalls are mini single-purpose computers.
Things get complicated when a malicious virus infects a network. Taking a recent crypto-wall virus as an example:
- The virus is delivered by Email to a user. It hides inside a standard-looking document such as a PDF, so it passes through the firewall to the user undetected. When the document is opened, the virus installs itself on the user’s computer; if its a newer virus, the anti-virus software won’t recognize it and so does nothing.
- The virus then calls home; it sends a signal through the firewall to a virus-server somewhere. That server sends malicious code back through the firewall that starts the file encryption process – and real problems start for the user. Most of the time, the virus and virus-server use standard Internet ports and so the traffic goes undetected through basic firewalls.
This is typical of most consumer-grade (home) and entry-level business firewalls – which is why they are ineffective against modern-day virus attacks.
Better-grade firewalls employ more sophisticated techniques to inspect traffic. For example*, they look at the data-stream (called packets) that make up the Internet traffic passing though it. Each packet is scanned and compared with samples known to be good. Recognized packets are passed through; unrecognized packets are either rejected or sent for further analysis. This is very sophisticated technology that requires a large and up-to-date list of good samples. This is why a subscription service is needed – as no local firewall can keep up-to-date by itself. Modern firewalls use 6 or more subscription services to protect the network from different type of attacks.
Five years ago, this type of sophisticated firewall was only used by large corporations and governments. Today, they are becoming common-place in many small offices. You can generally tell if you have a subscription-based firewall if you are paying a monthly or annual fee for
services.
If you would like more information about firewalls, please contact me or your primary tech; we’d be happy to answer your questions.
Qapla’! (Google it …)