Juan
Murillo Consulting
5 - Firewalls… They’re not just for Old Smokey anymore.
In the last edition of Computer Corner we discussed those dreaded computer viruses and learned that they are aptly named for their similarity to biological viruses. In this edition we discover that the term “virus” is not the only computer jargon rooted in a physical entity or condition; nor are they the end-all of threats to problem free computing.
The term “Firewall” was originally used to describe a physical wall that prevented fire from spreading from one area to another. If we equate the damage caused by hackers upon computers to the structural damage caused by fires, it’s easy to see why the computer industry describes a mechanism that prevents unauthorized computer access as a “Firewall”; in essence, both prevent a destructive force from entering a protected area.
Before launching into the types and functions of computer firewalls, I think it’s helpful to have some background on the Internet and differences between dial-up and direct Internet connections.
The Internet is basically a worldwide network of interconnected computers that communicate with each other using a distinct language or “protocol”, specifically TCP/IP or “Transport Control Protocol/Internet Protocol. Each computer on the Internet has a unique IP address that functions much like the postal address of a business or residence. Just as a piece of mail is delivered to your house based on your postal address, a packet of information is delivered to your computer based on its IP address.
In the early days of the Internet, namely before the proliferation of Broadband connections such as DSL and Cable Modems, computer users would dial an Internet Service Provider (ISP) via a phone line and a modem. Their computer would then establish a connection to the ISP’s computers and receive a private IP address used to identify it on the ISP’s network. This connection was based on a communications standard called PPP or Point-to-Point Protocol. PPP basically acts as a gateway to transmit information between the home computer and the Internet. Because all information came directly from the ISP to the home computer, the connection was relatively secure.
However, within the past several years many computer users and companies have made the switch to Broadband Internet connections using either DSL or Cable Modems to take advantage of faster connection speeds. Though these High-Speed connections may seem like the best thing since sliced bread, they are not without consequence. When you are directly connected to the Internet, whether it is by DSL, Cable or even Satellite, your computer is essentially part of the Internet. Your IP address is public and therefore accessible by any other computer on the Internet. Without some form of firewall in place you’re vulnerable to any number of attacks from hackers that know how probe for security holes. In case that message wasn’t clear enough let me restate it this way: If you use Broadband (DSL, Cable Modem or Satellite) Internet Connection Services, YOU NEED A FIREWALL!
Settling that issue, let’s move on to describing the types of firewalls and how they work.
Firewalls basically come in two flavors: Hardware and Software. A software firewall is a program that is installed on an existing computer and interacts with the Operating System (e.g. Windows 98, 2000 or XP) to check the packets of information that enter through the Internet connection. Software firewalls have a few disadvantages. For example, though they work with the Operating System of the computer, they may not be able to “harden” or protect certain parts of the Operating System itself. Additionally, since the software firewall is a program running on the computer, it is forced to share CPU (Central Processing Unit) and Memory resources which may lead to performance problems.
A hardware firewall on the other hand is separate physical device that has its own processor, memory and operating system in addition to the firewall software program. It “sits” between the Broadband Internet connection and the home or network computer(s). This device is dedicated to the task of preventing unauthorized access to the computer(s) attached to it. As such, hardware firewalls are typically faster and more reliable.
Both Software and Hardware firewalls use one or more of the following three methods to protect “their” computers: Packet filtering, Proxy Service and/or Stateful Inspection.
With Packet Filtering, the packets of information received via the Internet connection are analyzed against a set of filters that check for unauthorized requests. Packets that make it through the filters are sent on to the intended computer and all others are discarded.
Proxy services on the other hand, simply act as a gateway where information from the Internet is retrieved by the firewall and then sent to the requesting computer and vice versa.
Stateful Inspection is the newest and most comprehensive firewall method. Though it doesn't examine the contents of each packet, it compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
In determining the type of firewall best suited for your environment there are a couple of factors to consider. If you have just one computer utilizing a Broadband Internet connection installing a software firewall using Stateful Inspection technology can reasonably protect you. Just keep in mind that it may affect your connection speeds especially on older computers.
If you have more than one computer “sharing” the Internet connection your best bet is a hardware firewall solution. Many manufactures now incorporate firewall solutions into their broadband router hardware (the device interconnects your computer and the DSL phone line or Cable connection). Consult your ISP or router manufacture for specifications and configuration information.
Homes or Companies that run networks should consult a professional to select, configure and install a dedicated hardware firewall solution as they must consider not only the impact of a potential security breach but also overall network performance.
If you have any questions about the preceding information or would just like some advice or consultation, please feel free to contact me directly.
Network Design &
Implementation
Publications