firewalls protect computer
There is no specific organization that is responsible for Internet security. Protecting Internet gateways is one of the tasks that experts in this field perform using hardware and software such as routers, switches, operating systems, applications and firewalls. In this article, we focus specifically on the firewall.
What is a firewall and who needs it?
The term “firewall” was first used in 1764, when a wall was used to prevent fire from spreading to all parts of a building. The term was used in computer network security in the 1980s, when routers used a firewall to isolate networks. A firewall is a system or set of systems that sits on the edge of an Internet connection and enforces access control policies between two or more networks. The rules and tasks defined for a firewall are known as Rules.
The functions of a firewall are extensive, but there are generally two basic functions: one is to block traffic and the other is to allow traffic to pass. Probably the most important thing to use a firewall properlyWhat you need is strict access control policies (definition of appropriate rule) and if you do not have a good idea about the type of authorized and unauthorized access, the firewall will not help you. Another important issue is how to configure the firewall, because the necessary policies apply to everything behind it, and sometimes incorrect configuration does more harm than not having a firewall. In addition, in most cases, the firewall is located in a network that has many hosts and those who manage the firewall bear a lot of responsibility.
The simplest question to ask is when do people need a firewall? If you want to connect to the Internet or other networks, you need a firewall and it does not matter if you are at home, company or elsewhere. Sometimes to counter unreliable agents who intend to send data in (for example, to counter hackers and DoS attacks), sometimes to prevent traffic from being sent out of the organization, sometimes to control emails, and so on. In addition, the firewall provides a wealth of information about the volume of incoming and outgoing traffic, the number of calls, and the type of traffic, and can issue alerts as needed. However, a firewall alone can not provide complete security for systems, much of the intrusion is through USB flash drives, data is sometimes stolen and no encryption is applied to them. Being on the back can also be a nuisance.
How the firewall works
How a type of firewall works can be learned with the help of Figure 1. Firewalls use the Access Control List (ACL) to filter traffic by destination and source IP, protocol, and communication status. For example, the FTP protocol of port 21 may be blocked for everyone. But is allowed by one of the rules defined for an IP; Therefore, no one is allowed to use FTP except the specified IP.
Figure 1 – Example of a rule defined for a firewall (packet filtering)
Hardware and software firewalls
In terms of existence, there are two types of hardware and software firewalls. The type of hardware is a separate product and has its own operating system. Configuring these firewalls does not require much effort and does not require much expertise. These devices are often located between routers and Internet connections, and are mostly used in large companies and organizations.
Firewall is the software of choice for most home users. This type of firewall, like other software, is installed on the computer and gives the user the ability to make changes and personalization. To prevent the entry of trojans, worms in the email, blocking insecure applications and the like, the installation of a software firewall is recommended to all users who operate in a networked environment. Of course, there are drawbacks to this type of firewall: using a large amount of resources, incompatibility with some other programs and in some cases not working properly.
Types of firewalls
There are different classifications for firewalls, and in a basic example of them (by technology) there are four types: Packet Filtering, Stateful Inspection, Application-Level Gateway, and Level Gateway. Circuit (Level Gateway).
A packet filtering firewall applies a set of rules to IP packets, thus transferring or deleting these packets in the send or receive path. The rules are based on information in IP packets, such as the source and destination IP address and port number. There is also a default rule that applies if it does not comply with all the rules (and usually blocks traffic). Previously, there were stateless firewalls that only examined packets up to the third layer and header, and therefore did not detect packets in a connection. But with the changes in this category came Stateful Packet Filtering or Stateful Packet Inspection (SPI) firewalls. This type of firewall stores communication information in a table, thus determining which package is part of which traffic. These two generations of networks, which are part of the Network-Level, are shown in Figure 2.
Figure 2 – Closed filtering and inspection firewalls
The Application-Level Gateway or Application Proxy firewall, known as the third generation, is able to control layer 7. Proxies are located between the client and the server and have the ability to recognize and control protocols. This type of firewall is able to distinguish between HTTP traffic used to access web pages and HTTP traffic used to share files. (Figure 3)
Figure 3 – Circuit level and application level firewalls
The fourth type of gate (proxy) is the circuit surface, which can be installed as a separate system or as a function on a specific application. This firewall does not allow one end-to-end TCP connection; instead, it establishes two TCP connections, one between the proxy and the internal host and the other between the proxy and the external host. One of the uses of this firewall is when the organization administrator trusts internal users, in which case the application level gate is used for internal communication and the circuit level gate is used for external communication. The advantage is that the extra traffic outside the network is not checked. (Figure 3)
Next Generation Firewalls (NGFW)
Why we need more advanced firewalls at all is because attacks and malware are becoming more and more complex. Organizational communication is not limited to just one email, but also includes instant data exchange, VoIP, peer-to-peer applications, video streaming, and more.
NGFW is part of third-generation firewall technology that combines traditional firewalls with other network filtering technologies, such as an application firewall or intrusion control system (IDS). Other technologies can be used, such as: TLS / SSL encrypted traffic inspection, website filtering, bandwidth and service management, antivirus inspection and the like. NGFW’s goal is to cover more layers of the OSI model and improve network traffic filtering related to packet content. These types of firewalls have a deeper inspection than the first and second generation firewalls, examine the contents of packets, and match signatures for attacks and malware. This is why security is moving towards content-centricity. This is why security systems are built on situational information such as time, place, device, and business performance.
Firewall based on machine learning
It has always been one of the ideas that should not always be ordered in a firewall. The ability to operate the firewall and make changes to the rule will deal with new and unknown threats. Mistakes that occur in the application of restrictions can also be corrected. These firewalls are based on machine learning models looking for data connections. Using traffic analysis, location and many other factors, we will see the better performance of a firewall. These types of firewalls are a good option to deal with hackers who also use machine learning to lighten their work.
The last word
Undoubtedly, it is not possible to deal with all the threats in the network environment, especially the Internet, and many of the solutions offered come after the attack. However, installing a firewall along with other security suites is essential for organizations and ordinary users and should not be overlooked.