What is a Firewall

What is a Firewall ?

A firewall is a device designed to prevent outside individuals from accessing a network or group of networks.

It is usually a stand-alone computer, router or proprietary hardware device.

A firewall acts as an entry point to your system and evaluates connection requests as it receives them.

It processes only those that come from authorized hosts, and can remove others.


Tasks performed by the Firewall

Firewalls can scan incoming packets from various protocols and take different actions depending on the scan result.

They are therefore able to perform conditional evaluations, such as “if this type of packet is encountered, do this”, these conditional interpretations are called rules.

Generally, when you install a firewall, you implement rules that reflect your company’s access policy, for example, if you don’t want hosts on the 206.246.131.xxx network to connect to your system, you can deny them access by rejecting all packets they may send to you.

On their side, they will be offered a nice message telling them that the connection is refused, or simply their connection blocked.

In this respect, firewalls are to a network what user permissions are to an operating system.

For example, under Windows NT it is possible to specify which users are allowed to access a given file or directory.

Discretionary access control is implemented at the operating system level.

In the same way, firewalls allow this type of access control to be applied to interconnected workstations and the company’s website.

However, this access filtering is only one of the many possibilities offered by firewalls today.

For some years now, their manufacturers have been following the “kitchen sink” approach in the development of functionalities, i.e. they integrate, in their offers, all functionalities except the kitchen sink.

Well, if you don’t understand, that’s okay, it’s not the most important thing to remember …


Content filtering

Some companies may prevent their users from visiting certain sites: web-based e-mail sites, underground sites, stock market gateways, pornographic sites, etc…

This feature allows you to reject certain types of ActiveX code or Java applets.


The Virtual Private Network (VPN) 

VPNs allow traffic to be securely channeled from one point to another, over generally hostile networks (such as the Internet).

Although there is a wide variety of VPN devices available today, manufacturers such as Checkpoint, Cisco integrate VPNs into their firewalls.

Many products offer both business-to-business VPN client and LAN (Local Network Area, i.e., a kind of network) functionality.


Network Adress Translation (NAT)

This service is often used to map illegal, or reserved (see RFC 1918) address blocks to valid blocks (for example, 10.0.100.3 to 206.246.131.227).

Although NAT is not necessarily a security feature, the first NAT products to appear in business are often firewall products.


Load balancing

The most generic of all, the term load balancing, is the art of segmenting traffic in a distributed manner.

Some firewalls now allow WEB and FTP traffic to be routed in this way.


Fault tolerance

Some of the most advanced firewalls, such as CISC PIX and the Nokia/Checkpoint union, support quite complex functionalities.

Often recognized as High-Availability (HA).

Sophisticated fault-tolerance features often allow firewalls to run in pairs, with one device functioning as a “hot spare” in the event of failure of the other.


Firewall and Intrusion Detection

The term “intrusion detection” can have several meanings.

Here, it is a completely new type of product that some manufacturers are beginning to integrate into their firewall offering.

While this is not a problem in itself, people should get tired of the workload it puts on their firewall.

While it may seem attractive to be able to manage all these features, there should be some scepticism about the kitchen sink approach.

Firewalls have always been seen as playing a central role in companies’ security models.

Borrowing from the KISS (Keep It Simple, Stupid) principle of network administration, which is so dear to the world, I would say that cluttering up functionality may not be the best thing you can do when it comes to security products.

But no need to theorize about it… the last rounds of firewall vulnerabilities have confirmed some doubts, this is explained below.


Firewall, they’re not infallible !

Although firewall manufacturers like to think that their products are safe from the problems that plague operating system and application developers, the fact is that they are just as vulnerable.

Let’s look at some examples:

May 1998 : It was discovered that Firewall-1 contained certain keywords which, when used to represent a network object, opened a gaping security hole.

July 1999 : Problems were discovered in “ipchains”, the native Linux firewall code.

Remote attackers could use the stream to transmit data to allegedly blocked ports. IPChains

June 2000 : A denial of service attack was discovered using fragmented packets, capable of disabling all Firewall-1 firewalls.

And the patch was available too long afterwards.

This list is only a glimpse of the problems discovered and still being discovered in the current firewalls, some of which are directly related to a feature outside the product, and added later: content filtering and encapsulation (for VPN use).

It remains to be seen whether firewall manufacturers will treat security with the same interest as added functionality.

They claim that most of their customers are not asking for more security, but more features.

I ask you the question :

“What do you think is the most important thing in firewall?

Tell your provider what you think !”.

Our personal opinion is that a firewall, if it is not able to manage security, is really not useful, and rather cumbersome!

Now you know : What a firewall is ! You can also use proxy servers to become more or less anonymous on the internet.

Share this article if you have more, support us.

How to get a free Netflix account ?

Get a free Netflix account now in seconds ! Our tip will allow you to get Netflix without paying and without any hassle ! No trial or streaming, whether it's on your TV, computer, Android or Apple IOS Phone, get

How to easily gain performance under Windows ?

Want to boost your computer performance ? Did you know that you can gain performance on Windows just by changing the priority of a process ? You will be able to gain more FPS on your video games, they will

How to hack a VPS server under VNC or RDP ?

How do Hackers for Hack a VPS server that works with VNC or RDP ? We unveil one of their techniques in our article! Despite all the methods that can exist for dedicated or virtualized server hacking, this one is

Leave a Reply

Your email address will not be published. Required fields are marked *