WHAT’S A FIREWALL
A firewall is a device installed between the internal network of an organization and the rest of the network.
It is designed to forward some packets and filter others.
For example, a firewall may filter all incoming packets destined for a specific host or a specific server
such as HTTP or it can be used to deny access to a specific host or a service in the organization.
A firewall is often installed away from the rest of the network so that no incoming requests get directly to the private network resource.
If it is configured properly, systems on one side of the firewall are protected from systems on the other side.
Firewalls generally filter traffic based on two methodologies:
- A firewall can allow any traffic except what is specified as restricted. It relies on the type of firewall used, the source, the destination addresses, and the ports.
- A firewall can deny any traffic that does not meet the specific criteria based on the network layer on which the firewall operates.
- The type of criteria used to determine whether traffic should be allowed through varies from one type to another.
- A firewall may be concerned with the type of traffic or with source or destination addresses and ports.
- A firewall may also use complex rules based on analyzing the application data to determine if the traffic should be allowed through.
- A firewall is an intrusion detection mechanism. Firewalls are specific to an organization’s security policy. The settings of firewalls can be altered to make pertinent modification to the firewall functionality.
- Firewalls can be configured to bar incoming traffic to POP and SNMP and to enable email access.
- Firewalls can also block email services to secure against spam.
- Firewalls can be used to restrict access to specific services. For example, the firewall can grant public access to the web server but prevent access to the telnet and the other non-public daemons.
- Firewall verifies the incoming and outgoing traffic against firewall rules. It acts as a router in moving data between networks.
- Firewalls are excellent auditors. Given plenty of disk or remote logging capabilities, they can log any and all traffic that passes through.
- A firewall can’t prevent revealing sensitive information through social engineering.
- Firewall can’t protect against what has been authorized. Firewalls permit normal communications of approved applications,
but if those applications themselves have flaws, a firewall will not stop the attack because to the firewall,
the communication is authorized.
- Firewalls are only as effective as the rules they are configured to enforce.
- Firewalls can’t stop attacks if the traffic does not pass through them.
- Firewalls also can’t secure against tunneling attempts. Applications that are secure can be Trojaned.
Tunneling bad things over HTTP, SMTP and other protocols is quite simple and easily demonstrated.