Go Premium for a chance to win a PS4. Enter to Win


how do firewalls work? please explain... thanks

Posted on 2006-06-19
Medium Priority
Last Modified: 2013-11-16
I just want to know how firewalls work so please explain.  thanks...
Question by:JackOfPH
  • 2

Assisted Solution

xpsavy earned 1000 total points
ID: 16932939
Hi JackOfPH

A firewall is a piece of software or hardware that filters all network traffic
between your computer, home network, or company network and the
a firewall in a network ensures that if something bad
happens on one side of the firewall, computers on the other side won’t be
affected. You read about these threats in the papers almost every day: viruses,
worms, denial-of-service (DoS) attacks, hacking, and break-ins. Attacks with
names like SQL Slammer, Code Red, and NIMDA have even appeared on the
evening news.  Often we don’t know who they
are, but we do know where possible intruders are and where we don’t want
them to penetrate. Hackers are roaming the wide expanses of the Internet,
and we don’t want them to enter our network and roam among the computers in it.
You know that you need to protect your network from these outlaws, and
one of the most efficient methods of protecting your network is to install a
firewall. By default, any good firewall prevents network traffic from passing
between the Internet and your internal network.

 Keep in mind that separating the Internet from your
internal network traffic is the default behavior of most firewalls. However,
the first thing that you will probably do after installing the firewall is to
change the defaults to allow selected traffic network through the firewall.
This is no different from a building inspector who allows fire doors in a physical
firewall. These doors are designed to provide an opening while still guaranteeing
safety for all occupants. When you configure a firewall, you create
some controlled openings that don’t compromise your network’s safety but
that allow selected network traffic to pass through.
As you are designing your protection against attacks from the Internet, never
rely on a single form of protection for your network. Doing so can give you a
false sense of security. For example, even if you completely disconnect your
network from the Internet to prevent a computer virus from entering your
network, an employee can still bring to work a floppy disk that has been
infected with a virus and inadvertently infect computers in your network.

-- From Firewalls
2nd edition

All the best
Rupesh KRishna

Expert Comment

ID: 16933246

Here is the link for downloading that book

All the best
LVL 15

Author Comment

ID: 16939181
how do firewalls filters network traffics? and how do firewalls hide your IP from hackers, slammers, etc..?
LVL 11

Accepted Solution

rafael_acc earned 1000 total points
ID: 16945603
Right ... reading the book is the best option really but here is a start up ...
Phew ... this is a lil' bit dificult to explain ... specialy finding a start point. Anyway ...

Network traffic goes through diferent network layers.

Each layer "works" does something diferent and works with a diferent type of information. Imagine 7 boxes (according to OSI standards, there are 7 network layers). Each box is between the previous one and the next one in size.

NOw ... this is really very superficially! As the network information travels through the computer application, processes, network stack, etc., the small box will be put into the next bigger one; this one will be put inside the next bigger one ... and so forth.

so, box1 will have information1, box2 will have information2 (but will include information 1 as well), ....

Now about firewalls: you can find firewalls at diferent levels. If you have a firewall that can filter information from all the boxes, then you can virtually reach the maximum level of security. Basically, a friewall that works with all 7 boxes, can analyze what information is there inside the boxes and decide whether that inforamtion is good or not!!

IN networking terms now ...

Most firewalls work at the Layers 4,3,2. This is the layer where ports filtering can take place (let me know if you don't know what ports are!). For example, if your firewall can work with Layer 4 network packets, then you should be able to teach it how to not allow ftp traffic (which uses ports 20 and 21) but to alllow http traffic (which uses port 80 and eventually 443 - for SSL connections).

Further more, since this firewall also works at layer3 (at this layer you can get ip addresses), you can teach it how to deny or accept traffic coming/going to specific machines (since every machine has an IP address).

Yet, at the layer2, you can filter traffic from/to specific MAC addresses (each network card has a unique MAC address - also known as physical address or MAC Address).

You might be asking why all this layers? Why all this stuff?? Well ... having multiple layers of security is much better, isn'it? Also, different scenarios (network topologies) may require diferent approaches to security and therefore, security at diferent layers.... For example, inside your network you might need to filter only specific ports (say messenger). This will be at Layer4. But in the network portion where all your servers are located, you might one to allow only specific ip addresses!!!

For hiding addresses, this is really a huge topic as well ... But basicaly, it is about manipulating the nework packets so that the outside world sees something diferent !!! think of it as changing the content of the boxes yourself but in a way that your infrastructure would know how to put the content back so that the information inside the box can be useful..

Well ... this was quite dificult to explain and I am not realy sure if I was able to help... but I hope so.

let me know.


Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question