What is a Firewall?

A firewall is a network security system that is used to monitor and filter incoming and outgoing network traffic on a network or host basis. Firewalls are usually used to create a barrier between a trusted network and an untrusted network, such as the network in your home or business and the wider internet. Simply put a firewall can prevent you from sending specific traffic outside the network and stop certain external services connecting to your network or client machine.

The most common approach is to have a firewall block network packets by having a list of allowed ports. This filters traffic on the application layer. You can imagine a firewall being a big brick wall and each brick in the wall is a port. Ports are used to communicate through the wall. If there is a brick then the port is closed for communication and if there is an empty slot in the wall then that port is open for communication. Ports are numeric, for example, the port generally used for HTTP communication is 80 and the port for HTTPS is 443. A port number is a 16-bit unsigned integer, therefore making the largest port number 65535. You can use your firewall, that either sits on the network boundary or on your computer, to block/close certain ports which will block any application from using this port to communicate.

Blocking ports is not the only way to restrict network traffic via a firewall. You can add more specific rules. The things that are sent through the firewall are network packets so you can filter based on the features or attributes of the network packets. For example, only allow network packets with specific process IDs or specific structures or contents. This is called packet filtering and can be thought to be on the network layer of the OSI model.

A proxy server is another way to protect a network from external threats. A proxy server acts as a middle man between external connections and any internal network node, all communication must go through the proxy server first. This allows you to configure the firewall of the network on the proxy server and then protect every node on the network by only allowing communication from the proxy server. This adds an additional layer of abstraction from your host computers and the external networks. It may seem like a redundant addition as you could add a firewall onto your external facing router or add a physical hardware firewall. However, redundancy is not a bad thing when considering the security and protection of your network and sensitive information.

Leave a Reply