A firewall (FW) in a computer network is part of a system or computer network designed to prevent unauthorized access while allowing authoritative communications.
What is a Firewall, and What are its Types, Advantages, and Disadvantages?
It is a device or set of devices configured to allow, limit, encrypt, decrypt, and allow traffic between different scopes according to a set of rules and other criteria.
Firewalls can be implemented in hardware and software, or a combination of both. A firewall is widely used to prevent unauthorized Internet users from accessing Internet-specific private networks, especially Intranets.
It passes through the firewall that blocks traffic that does not meet the security criteria that examines and analyzes all traffic that enters or exits the intranet.
A properly configured firewall provides the necessary protection in LAN and WAN, but should never be seen as an adequate stand-alone solution.
It covers more levels of operating and protection of computer security.
The term Firewall or Fireblock actually means a wall that limits the fire or potential fire hazard in a building.
In addition, it is used to express similar materials, such as sheet metal, that separates the engine compartment of a vehicle or aircraft.
Firewall technology turned out to be a fairly new technology in the late 1980s in terms of global use of the Internet, connectivity, and security.
The basics of firewalls for network security were routers that were used in the late 1980s, keeping networks separate.
The optimism of a small user community with compatible machines that value the Internet’s sharing and availability ended with a series of major Internet security breaches that occurred in the late 1980s.
For example, Clifford Stoll in his time discovered how to manipulate the German spy system. Bill Cheswick, on the other hand, set up an electronic prison in 1992 to observe an attacker.
In 1988, an employee at NASA’s Ames Research Center in California reported to their colleagues that they were under attack from an internet virus and reached Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames.
This virus was a Morris worm that spread widely due to many vulnerabilities in computers of the time, making the first major attack on Internet security.
Packet Filtering Technology
The first document published for firewall technology, filter systems are known as packet filtering of the DEC (Digital Equipment Corporation) engineer team, was developed in 1988.
This basic system became the first generation of security thanks to a more technical and advanced feature of Internet security.
At AT&T Bell, Bill Cheswick and Steve Bellovin continued their research on packet filtering and developed a working model for their own company, based on their original first-generation architectures.
Packet filtering examines packets that represent the basic security of data transfer between computers on the Internet.
If a packet matches the filter ruleset, the packet is allowed or denied to pass. This type of packet filtering does not pay attention to whether the packet is part of traffic flow. Instead, each package is filtered only based on the information contained in the package itself.
TCP and UDP protocols make up most of the communication over the Internet using the structures of certain types of traffic.
Therefore, if computers on both sides of the packet filter do not use the same non-standard ports, a packet filter can distinguish both types of traffic.
Packet filtering configured on a FW affects the first three layers of the OSI reference model. It, therefore, means that all work is done between the network and physical layers.
When a package is created and requested to be sent, FW filters to allow or deny that package.
When the packet passes through the firewalls, it filters the packet using a protocol and a port number.
If an organization wants to block all information about a particular word, it can filter content to block that word, but application firewalls are slower than stateful ones.
Status Information Technology
Between 1989 and 1990, three colleagues from AT&T Bell Labs, Dave Presetto, Janardan Sharma, and Nigam Kshitij developed stateful firewalls.
This third-generation FW operates by taking into account the placement of each packet in a number of packets. This technology is commonly known as packet state inspection.
Being able to determine whether a package shows the beginning of a new connection, it can determine whether it is part of an existing connection or an incorrect package since it stores records of all traffic passing through the FW.
Such methods can help prevent ongoing traffic or DDoS attacks.
Gateway Application Level
Applies security filters for certain applications, such as FTP and Telnet servers. Although this is a very effective method, it may cause slow performance.
It implements security configurations when a TCP or UDP connection is established. After the connection is established, packets can roam between hosts without control.
Allows the establishment of a session originating from a lower security area than a higher security area.
Network Layer or Packet Filtering
It operates at the network level of the TCP/IP protocol as an IP packet filter, and it is one of the main types of firewalls, but it is difficult to configure, although effective and transparent. Filters can be made according to different areas of IP packets, such as source IP address, destination IP address.
Filters are usually allowed in this type of FW based on transport-level fields such as source and destination port or data link level such as MAC address.
This method, which runs on the application layer, can be adapted to the features of the protocols. For example, if it is in HTTP traffic, the filter can be configured based on the URL you are trying to access.
Firewalls in the 7th layer of HTTP traffic are often called proxies and allow an organization’s computers to access the Internet in a controlled manner. Proxy is a technology that effectively hides real network addresses.
It is a special FW installed on the computer as software, which filters the communication between the computer and the rest of the network, and is therefore used on a personal level.
The main advantages offered by firewall technology used in a computer network are:
It creates a secure connection.
It protects against attacks.
It creates access to certain parts of a network and only allows authorized computers on other parts or the Internet.
It helps protect private information.
In an organization, it manages access levels so that each defined group of users can access only the services and information required.
It provides access optimization.
It defines the local and remote networks and provides security between them.
The disadvantages of using a firewall are as follows;
As a result of the behavior carried out by the attacker over the traffic allowed by the FW, it cannot prevent such attacks.
It cannot prevent traffic that is not filtered by the FW.
It cannot prevent local network attacks and attacks by malicious users inside the organization.
It cannot protect against social engineering attacks.
If antivirus software is not installed on computers in the organization, the FW may not be able to prevent these viruses.
It does not protect against security failures of services and protocols that allow traffic.
In general, the first step of a hacker is to know what form of information is collected and what kind of information it is at the same time.
It can create a database containing the organization of the attacker network and collect information about the built-in servers. So, a hacker can simply use TraceRoute, the SNMP protocol, DNS server access information, and Ping program to collect such information.
The solution to preventing the collection of such information is to use a FW in the corporate network.
What Does It Do?
Firewalls protect local networks from attacks launched against them from the Internet.
An Intranet is designed to protect against unauthorized access to company information and damage or denial of computer resources and services.
It is designed to prevent internal users from accessing Internet services through ports that are considered potentially dangerous, such as FTP.
Computers within the corporate network are only allowed to access the Internet after going through a firewall.
Requests need to be configured to allow them to pass through an internal browsing router, also called an internal filtering router or blocking router.
This router prevents remote snooping of packet traffic and examines information on all packets such as a source and destination.
The router compares the information it finds with the rules in a filter table, and then accepts or denies packets based on those rules.
The router also does not allow any packets to be sent to certain questionable Internet locations.
A router can also block every packet circulating between the Internet and the Intranet, except for email, and system administrators can configure which packets are supported and which are rejected.
When corporate networks are protected by a firewall, regular internal network services such as e-mail, access to corporate databases and Web services, and the use of programs for group work can be used.
Some routers can select packets between the Internet and perimeter network using the same type of technology as the indoor selection router.
It can select packets according to the same rules applied by the internal router selection and protect the network even if the internal router fails. However, there may be additional rules for package selection effectively designed to protect the main server.
As an additional way of protecting a network from attacks, it is placed in a perimeter network, a subnet, within the firewall.
Thus, the server can act as the main point of contact for incoming connections from the Internet for e-mail, FTP access, and all other data and services.
The server examines all these requests and individuals only communicate with this server and do not connect directly with other servers. In this way, the servers in the local network are protected against attacks.
Monitoring software works like the packet filtering feature that routers use to filter.
Both examine the data in the header of each IP packet entering and leaving a network and it is decided whether routers allow packets for filtering, but a monitoring software only keeps a record.
In addition to packet information, the monitoring software monitors and tracks data such as the sender and destination address, packet size, type of Internet service, and time of day in the database where these are recorded.
Since all packets pass through a server, it is not necessary to add the information of each packet to the database, they can only be configured to keep track of important services.
For example, information about the packages of important services such as HTTP, FTP, SMTP, and Telnet can be monitored during the flow of data traffic.
A monitoring program running on the server allows network administrators to examine and analyze local network and Internet traffic. Thus, you can analyze the amount of daily and hourly total network traffic, a record in which websites were visited, and display them graphically.