What is a firewall ?: in networking, used for, in Linux, in mobile, in azure. Introduction. A firewall is a system of hardware, software or both that separates one part of a computer system (or the entire system) from another.
One example would be the Firewall between two different organisations
Firewalls are implemented in many different ways. For example, packet filtering firewalls (also called “stateful inspection firewalls”) may filter out packets based on specific criteria, such as port number and source or destination address.
Network Address Translation (NAT) routers are typically used when a private network that shares an IP address range with the public network is desired. Many organisations use a firewall that is built into the router at the top of the corporate domain hierarchy.
A firewall in networking refers to a way to keep unauthorised users from accessing the network. Many firewalls are configurations of routers or switches that assign an IP range to a specific client or server. This is also referred to as “Network Address Translation”, which converts one IP address into another.
A firewall can serve as a barrier between networks, creating security zones with different levels of trust in a single network environment.
This kind of firewall can be used to limit access to certain sites and services (e.g. HTTP, FTP) by user groups or allow unrestricted access for most purposes with a few narrowly defined exceptions, as part of an overall information technology (IT) security policy. The term firewall was originally applied to keeping unauthorised users from accessing computers on a corporate network.
In networking, firewalls are often used to prevent users from accessing certain websites such as those that contain pornography. Other benefits are more controllable usage of the internet, including the ability to stop computer viruses from entering a network.
There are many types of firewalls available on the market that vary in function and implementation. Firewalls can be categorised into a number of different types, based upon their use as well as their point in the network topology and purpose.
The commonly used firewall for networking is border router firewalls which are used to separate networks from other networks. They are used to prevent unauthorised access.
The router filters the traffic entering or leaving a network based on certain characteristics, such as protocol, port number and source and destination address. Circuit-level gateways are commonly found in long-distance telephone systems, where they connect private branch exchanges (PBXs) belonging to two different carriers.
A firewall allows you to have an organization’s private network protected from outside intruders and traffic, but still connect to other systems on the internet for various reasons such as file downloads and updates. In this way, it protects your internal systems from external threats by blocking outside access that could potentially damage these resources.
A firewall can also be used to help protect your network against hackers and viruses. When a hacker attempts to break into a system, a firewall will often let them in for short periods.
However, once the hacker has installed their malicious code or found a new way around the firewall (known as “back door” access), they can roam freely around the system. This is known as “worming”. A worm is a type of malware that can replicate itself to other systems on the network with very few or no security measures in place.
A firewall also provides a secure connection for corporate users to access internal network resources, such as intranet websites, file sharing systems and management functionality. In some cases, firewalls are implemented at the router level to provide a basic level of security for all traffic entering or leaving the network.
This can be used in conjunction with more dedicated firewalls that provide additional layers of protection.
In Linux: What is a firewall ?
Firewalls in Linux are implemented as a program called “fw” (firewall). This program and similar ones exist in other OSes as well, but in Linux those firewalls are sometimes referred to as “network integration layers”.
They serve two main purposes: to provide firewall functionality, like all good firewalls should, and to provide the ability to easily implement services within the firewall ruleset. In the open source world, a number of implementations of the service-oriented firewall exist.
These firewalls, often based on Linux firewalls and other network OSes, allow you to provide services like port forwarding and web filtering with minimal configuration.
Firewalls traditionally have been implemented using hardware firewalls such as Cisco Adaptive Security Appliance (ASA) appliances, Checkpoint Firewall-1/2 appliances and Web Security Appliance appliances.
Software firewalls like tcsh or BSD-FTPd provide some security in the form of packet filtering. Linux BSD firewalls are often used to offload firewall services from a Linux machine, reducing the volume of traffic that it has to process.
Such firewalls can be made to operate in a transparent mode so as not to obscure access from end users on the same LAN. Systems that implement packet filtering using limited resources may make use of protocols such as H.323 and H.248 for NAT and QoS.
Firewall filters are a set of rules that define protocols and ports to be allowed or blocked. They also can specify whether the connection is wanted or unwanted (in case of attacks).
The rule set consists of matching conditions such as IP addresses/subnets, packet size, and protocol type. These rules are bundled together as either being optional or mandatory. To allow a certain traffic through the firewall, all the rules must match; otherwise all the packets are dropped.
Firewalls in mobile networks are used in order to limit the communication between network and terminal for providing secure connection. The mobile firewall is an application that gives the user the service of protecting, controlling and filtering access to the network.
The firewall for mobile networks is called packet control engine, management and protection of terminal data, filtering unwanted connections from outside the terminal and allowing access only to authorised addresses.
Firewall is considered as a security application to protect the terminal from hacker attacks or cyber threats, or even harmful traffic from the network. Firewalls are connected through wireless networks, GSM networks, and UMTS networks. Firewall provides security for private and public network terminals against hacking, thereby protecting data and resources of an organisation.
Firewalls are often used to block incoming connections on certain ports of a host for the purpose of preventing intrusion on that specific port and thus limiting possible attack vectors.
Firewalls can be configured to block certain ports based on source or destination IP address. These types of rules are often referred to as “ACLs” or “access control lists”. Source ports are specified by a rule with a port number, which will be matched with the source IP address ( srcip ).
Destination ports are specified by a rule with an IP address, which will be matched with the destination IP address ( dstip ). In both cases, the port number is optional.
Many firewalls include features that allow automatic application-level dynamic filtering which allows some or all traffic on a specific port to be accepted or denied based on its source and destination addresses.
This type of dynamic filtering is often referred to as an “access control list” or simply as an “ACL”. The use of an ACL enables a firewall to be more selective in what types of traffic it permits and what types of traffic it causes to be dropped.
The ACLs can include address lists, host lists, network lists, etc. that permit or deny packets based on their source and destination addresses or hostnames.
Firewalls in Azure offer two types of access control lists. The first kind of ACLs are IP-based, which are similar to the TCP and UDP ACLs on other Firewalls. The second kind of ACLs are based on rules that match expressions based on the header fields in each packet.
This allows Firewalls in Azure to act as application aware devices and control the flow of traffic at a higher level than just being IP- or TCP/UDP-based.
Firewalls also include traffic analysis features. These allow a network engineer to log the incoming and outgoing traffic on a network device, and then use these logs to perform traffic redirection. This can be done by blocking an incoming connection request if the reply is not destined for the firewall, or by redirecting traffic that originates from one IP address or range to another.
Firewall appliances are used by many corporations to protect their networks from unauthorised access by unauthorized persons and systems.
Depending on their configuration and origin, they can be responsible for preventing internal attacks against a corporation’s own networks, or external attacks that target a corporation’s network.
They may also be called upon to prevent employees (inside the company) from accessing potentially damaging material such as pornography, or to suppress abuse of the corporate network infrastructure. Firewalls are also used in home computers to control the computers’ access to the Internet.
Firewalls are sometimes used to control incoming connections that must not be allowed unless specifically permitted by the administrator. This is often accomplished using IP firewalling rules with an access-list called “no-allow”.
Some firewalls are capable of performing stateful packet inspection where the state information remains with the packet and is used to allow or deny certain types of packets.
Stateful packet inspection is often used for reading sequence numbers in an IP packet, which are then matched against expected values, or to inspect TCP headers in order to determine whether a connection should be allowed or not.
External resource: Cisco