The Basics: What is a Firewall?
Almost any novel or movie involving computer hackers these days typically uses the term "firewall" as an obstacle that must be overcome to gain control of a computer. It is touted to be an impregnable computerized defense, but is it?
In reality, a firewall is just a basic program or simple piece of hardware that any business with computer users, especially those with high-speed Internet connections, should have running at all times. "A firewall is important for computer users to have because it provides secure access to the Internet," says Vincent Weafter, senior director of Symantec Security Response, the research division of the Cupertino, Calif. security software company. "The firewall allows safe traffic into and out of your computer or private network and automatically blocks intruders and hides your computer from hackers."
Small and medium-sized businesses consider viruses, worms, spyware and spam to be there most dangerous security threats today, according to a survey last year of technology decision-makers at nearly 800 firms by Forrester Research, of Cambridge, Mass.. In the survey, 59 percent of respondents said they were likely to invest in network firewalls.
Firewall as the First Line of Defense
If a business' computers are connected to the Internet via a high-speed connection, then they have an Internet Protocol signature, or IP address. Other online users can access that IP address, and this is why a firewall becomes so important. "It (can) detect Internet attacks from worms and viruses, and monitors and regulates all incoming and outgoing Internet traffic," says Weafter. Firewalls also give a company's technology manager the power to decide which programs connect to the Internet, while also shielding the company from being attacked through security holes in unpatched software. "Some firewalls can prevent confidential information from being sent without your permission and block banner ads and popup windows, so you can surf faster," Weafter says.
A firewall essentially creates a "walled city" that provides businesses a level of control over their network resources. "Otherwise people can easily come into the network and look around, take things, add things, like bots and you will probably never know," says Charles Kolodgy, an analyst with IDC, the Framingham, Mass. research firm. "With a firewall you can block all ports you don't need, otherwise people can use any port to do whatever they like."
Kolodgy adds that the issue shouldn't be just about cost trade-off between a firewall and a hack. "There are so many things attackers can do if they get into your network," he says. "It is best to think about having control of your network. Also many of your partners, especially larger companies will require some level of security prior to dealing with you." The cost of a SMB firewall actually isn't that great, either and many of these products include virtual private networks (VPN), intrusion prevention, anti-malware, and URL filtering. Best of all, says Kolodgy, "These are generally plug and play, very easy to use. Leading vendors are Astaro, Fortinet, Secure Computing, SonicWALL, and WatchGuard."
Firewalls are available as a hardware appliance that could be built into your network router, or just as often available as a desktop-based software application. The first line of defense can actually be at a network router, and this works by a technique called packet filtering. This process examines the header of a packet, determines its source and destination address, and this information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped. An advanced system called Stateful Packet Inspection (SPI) looks for other characteristics, including the origin and whether incoming traffic is actually a response to outgoing connections, such as a Web page request. The downside of hardware firewalls is that they can treat any local network traffic as safe, which certainly won't halt the spread of viruses or other threats if even one computer on the network is contaminated.
"We see hardware firewall as a great way to protect the network," says Pat Bitton, vice president of marketing, North America for Agnitum, a supplier of software firewalls, "but it has some serious limitations for client protection." Bitton believes that the disadvantage of hardware firewalls is that these protect only the entry point, and data can easily escape the network via an unprotected PC. He says that hardware firewalls "can only verify traffic according to general conditions."
The alternative to having the router or modem protect your PC is to have a software program that screens the data as it arrives. The Windows XP operating system has a built-in firewall, which was greatly improved with the "service pack 2" patch. And no matter which version is in place, all information passes through the firewall, and those that do not meet a specified security criteria are blocked.
There are several types of methods that firewalls use to block unauthorized connections to the computer:
- These include a packet filter that looks at each packet of data that enters or leaves the network, accepting or rejecting it based on the user-defined rules. It is effective, but susceptible to spoof IP addresses - that is where the sender's IP address has been changed to appear to be an allowed address.
- A proxy server can intercept all data entering and leaving the network, and it effectively hides the true IP addresses, but this adds difficultly in allowing an authorized outside computer to access the protected computer.
- Gateways can also be set up that allow specific connections, with approved access for specific programs - such as games - or from authorized outside IP addresses.
Users should determine their firewall needs based on how they use their computers.
The biggest downside to software firewalls is that these only protect the one machine that the application is installed on, so networks with multiple computers need to buy, install and configure the software firewalls for each machine. And each machine needs to be configured to allow the sharing of data, which can be a lot to manage. If this isn't properly configured, the computers could block one another, and make the sharing of any data almost impossible, negating the reason for setting up a network in the first place.
Firewalls and Mobile Users
Give the growing number of entrepreneurs and employees using laptop computers and other portable devices in the work place, firewalls also need to be considered for mobile users. The greatest benefit of a software firewall on a laptop is that you don't have to be worry about being protected when you take the machine on the go. "Your desktop firewall continues to protect when you connect your laptop to a different network," says Weafter. This is important if you do take your laptop with you to different branch offices, home or on the road.