The Internet has made large amounts of information available to the average computer user at home, in business and in education. For many people, having access to this information is no longer just an advantage, it is essential. Yet connecting a private network to the Internet can expose critical or confidential data to malicious attack from anywhere in the world. Users who connect their computers to the Internet must be aware of these dangers, their implications and how to protect their data and their critical systems. Firewalls can protect both individual computers and corporate networks from hostile intrusion from the Internet, but must be understood to be used correctly.

What is a Firewall?

A computer firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. It may be a hardware device or a software program running on a secure host computer. In either case, it must have at least two network interfaces, one for the network it is intended to protect, and one for the network it is exposed to. A network firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest computer firewalls were simple routers. The term "firewall" comes from the fact that by segmenting a network into different physical subnetworks, they limited the damage that could spread from one subnet to another - just like firedoors or firewalls.

Firewalls create barriers in order to prevent unauthorized access to a network. Think of the Internet as a series of hallways. Firewalls are the security doors through which some people (i.e. data) may pass and others may not.

The firewall's role is to ensure that all communication between an organization's network and the Internet, in both directions, conforms to the organization's security policies.

Types of Firewalls

Firewalls generally fall into two categories: application-level firewalls (such as proxies) and network-level firewalls (such as packet filters).

Many organizations use a combination of network-level and application-level firewalls to achieve a higher level of security than either alone can provide. In this discussion, each type is covered separately. You might have to apply both sets of instructions.

Application-Level Firewalls ("proxy" firewalls)

Application-level firewalls first determine if a requested connection between a computer on the internal network and one on the outside is permitted. If the connection is authorized, the firewall, mimicking the application, sets up the necessary communication links between the two computers. As an intermediary, the firewall can monitor the communication between the two networks and suppress any unauthorized activity.

Network Level Firewalls ("packet-filtering" firewalls)

Rather than impersonating an application, as do application-level firewalls, network-level firewalls examine the packets of information sent at the transport level to determine whether a particular packet should be blocked. Each packet is either forwarded or blocked based on a set of rules defined by the firewall administrator.

A common configuration for network-level-filtering firewalls is to allow all connections initiated by machines inside the firewall, and restrict all connections for machines outside of the firewall. For most programs, this works well since they usually only establish a single outbound TCP connection.

Talk to Theseus when considering your options and requirements for setting up a secured managed firewall environment for your business needs today.