Firewall Operation

A firewall is a dedicated device or aplication that runs on a computer, which inspects the network traffic that passes by, and denies or allows the pass based on a set of rules.

This is a software or hardware that is placed between a protected network and a network without protection, and acts as a gate to protect and warrants that the private access doesn't go out, and that nothing malicious can enter into our system.

A firewall's basic task is to regulate some of the traffic flows in between computer networks of differente security levels. An example of this is Internet that is a zone of no security and an internal network that is a zone with higher security. A zone with and intermmediate level of security situated between Internet and an internal network, it is referred as a perimeter network or demilitarized zone (DMZ).

A firewall function inside a network is similar to a physical firewall. In the first case it is used to prevent outsiders in a private network. In the last case, it is destined to keep fire form spreading to the adjacent structures.

Without the right configuration, a Firewall may be often useless. Standard security practices dictate a default set of rules for the firewall, in which the connections to the network are only allowed if they have been explicitly authorized. Unfortunately this configuration requires a detailed understanding of the network applications and terminals needed by the organization day by day. Many companies do not have that knowledge that's why they apply a set of "default allow" rules in which all traffic is allowed unless it has been specifically blocked. This configuration creates warnings in network connections and more reliable systems.

The package filters work through the inspection of the "packages" that represent the basic unit of data transference between computers on Internet. If a package matches with the package filter from the set of rules, the package filter will reduce (silently discard) the package, or it will reject it (detached from it, and then send "error responses" to the source).

This kind of package filtering doesn't pay attention whether a package is part of an existent traffic secuence (that stores no information about the "State" connection). On the contrary, each package filter is based only on the information contained on the package (generally it uses a combination of the package's source and the destination's address, it's protocol and, depending on the TCP or UDP traffic, the port number).

By: Gerardo Dorantes

This site use iBizCMS as the Free Content Management System | © 2009 All Rights Reserved by domaingrus.com