What Is a Firewall? Described With Concept and Types

Introduction

Even people less familiar with technology know that the Internet is not a danger-free "territory". It is for this reason that it is important to know and use protection tools for computers and networks. This text deals with one of the most important security options in computing environments: the firewall.

Concept of Firewall


In the next few lines, you will understand the concept of firewall, get to know its most common types, and understand the reasons why these solutions are considered essential.


What is a firewall?

A firewall is a security solution based on hardware or software (most common) that, based on a set of rules or instructions, analyzes network traffic to determine which data transmission or reception operations can be performed. "Wall of fire", the literal translation of the name, already makes it clear that the firewall fits into a kind of defense barrier. Its mission, so to speak, basically consists of blocking unwanted data traffic and allowing welcome access.


To better understand, you can imagine a firewall as a condominium entrance: in order to enter, it is necessary to obey certain conditions, such as identifying yourself, being expected by a resident and not carrying any object that may bring security risks; to leave, you cannot take anything that belongs to the tenants without the proper authorization.


In this sense, a firewall can prevent a series of malicious actions: malware that uses a certain port to install itself on a computer without the user knowing, a program that sends sensitive data to the internet and attempt to access the network from computers unauthorized external controls, among others.

Find the best free antivirus to prevent malware

How does a firewall work?

You already know that a firewall acts as a kind of barrier that checks what data can and cannot pass. This task can only be done through the establishment of policies, that is, rules, as you also know.

In a more restrictive way, a firewall can be configured to block any and all traffic on the computer or the network. The problem is that this condition isolates this computer or this network, so you can create a rule so that, for example, every application waits for authorization from the user or administrator to have its access released. This authorization may even be permanent: once given, the following accesses will be automatically allowed.

In a more versatile way, a firewall can be configured to automatically allow traffic of certain types of data, such as HTTP requests (an acronym for Hypertext Transfer Protocol - a protocol used to access Web pages), and block others, such as connections to Internet services. email.

Note, like these examples, that firewall policies are based, initially, on two principles: all traffic is blocked, except what is explicitly authorized; all traffic is allowed, except what is explicitly blocked.


More advanced firewalls can go further, directing certain types of traffic to more specific internal security systems or offering extra reinforcement in user authentication procedures, for example.


You will have more details on how firewalls work in the following topic.


Firewall Types

The work of a firewall can be accomplished in several ways. What defines one methodology or another are factors such as criteria of the developer, specific needs of what will be protected, characteristics of the operating system that maintains it, network structure, and so on. That is why we can find more than one type of firewall. The following are the best known.


Packet filtering

The first firewall solutions emerged in the 1980s based on packet filtering data ( packet filtering ), a simpler methodology and therefore more limited, although it offers a significant level of security.


To understand, it is important to know that each packet has a header with various information about it, such as source IP address, destination IP address, type of service, size, among others. The Firewall then analyzes this information according to the rules established to release or not to release the packet (either to leave or to enter the machine/network), and can also perform some related tasks, such as registering access (or attempting to) a file of the log.


Data transmission is done based on the TCP / IP ( Transmission Control Protocol / Internet Protocol ) standard, which is organized in layers, as explained in this text on IP addresses. Filtering is usually limited to the network and transport layers: the first is where the equipment that forms part of the network and routing processes are addressed, for example; the second is where are the protocols that allow data traffic, such as TCP and UDP ( User Datagram Protocol ).


Based on this, a filtering firewall can have, for example, a rule that allows all traffic on the local network that uses UDP port 123, as well as having a policy that blocks any access from the local network through TCP port 25.


Static and dynamic filtering

It is possible to find two types of packet filtering firewalls. The first uses what is known as static filters, while the second is a little more evolved, using dynamic filters.


In static filtering, data is blocked or released merely based on the rules, regardless of the connection that each packet has with another. At first, this approach is not a problem, but certain services or applications may depend on specific responses or requests to initiate and maintain transmission. It is possible then that the filters contain rules that allow the traffic of these services, but at the same time block the necessary responses/requests, preventing the execution of the task.


This situation is capable of causing a serious weakening of security since an administrator could be forced to create less strict rules to prevent services from being prevented from working, increasing the risks of the firewall not filtering packets that should be indeed blocked.


Dynamic filtering came about to overcome the limitations of static filters. In this category, the filters consider the context in which the packages are inserted to "create" rules that adapt to the scenario, allowing certain packages to travel, but only when necessary and during the corresponding period. In this way, the chances of service responses being blocked, for example, drop considerably.


Application Firewall or Proxy Services

The application firewall, also known as proxy services ( proxy services ) or just proxy is a security solution that acts as an intermediary between a computer or an internal network and another network, external - usually, the internet. Usually installed on powerful servers because they need to deal with a large number of requests, firewalls of this type are interesting security options because they do not allow direct communication between source and destination.


The following image helps in understanding the concept. Realize that instead of the internal network communicating directly with the internet, there is a device between both that creates two connections: between the network and the proxy; and between the proxy and the internet. Watch:


Realize that the entire data stream needs to go through the proxy. In this way, it is possible, for example, to establish rules that prevent access from certain external addresses, as well as, prohibit communication between internal computers and certain remote services.


This broad control also makes it possible to use the proxy for complementary tasks: the equipment can record data traffic in a log file; frequently used content can be stored in a kind of cache (a frequently accessed web page is temporarily stored in the proxy, making it unnecessary to request it at the original address at all times, for example); certain resources can be released only through user authentication; among others.


The implementation of a proxy is not an easy task, having seen the huge amount of services and protocols existing on the internet, making this type of firewall, depending on the circumstances, unable or requiring much configuration work to block or authorize certain accesses.


Transparent Proxy

With regard to limitations, it is worth mentioning a solution called a transparent proxy. The "traditional" proxy, not infrequently, requires that certain configurations be made in the tools that use the network (for example, a web browser) for communication to happen without errors. The problem is, depending on the application, this adjustment work can be impractical or expensive.


The transparent proxy appears as an alternative for these cases because the machines that are part of the network do not need to know about its existence, dispensing with any specific configuration. All-access is normally done from the client to the external network and vice versa, but the transparent proxy is able to intercept it and respond appropriately, as if the communication, in fact, was direct.


It is worth noting that the transparent proxy also has its disadvantages, for example, a "normal" proxy is able to block malicious activity, such as malware sending data from a machine to the internet; the transparent proxy, in turn, may not block this traffic. It is not difficult to understand: to be able to communicate externally, the malware would have to be configured to use the "normal" proxy and this usually does not happen; in the transparent proxy there is no such limitation, therefore, access would happen normally.


Stateful Inspection

Regarded by some experts in the field as an evolution of dynamic filters, firewalls the state inspection ( stateful inspection ) work making a kind of comparison between what is happening and what is expected to happen.


To this end, inspection firewalls analyze all data traffic to find states, that is, standards acceptable to their rules and that, in principle, will be used to maintain communication. This information is then maintained by the firewall and used as a parameter for subsequent traffic.


To better understand, suppose an application initiated file transfer access between a client and a server. The initial data packets tell you which TCP ports will be used for this task. If traffic suddenly starts flowing through an unmentioned port, the firewall can then detect this as an abnormality and block it.

Comments