Furthermore, as our company continues to grow, this knowledge will be central to our success in the upcoming years. A broad discussion of how a network is created will help to demonstrate where and how firewalls are utilized. The structure of our network can be explained quite simply. All of our computers are connected through intranetworking. This means that all of our computers have the same access to the server. Without a firewall in place, all of those hundreds of computers are directly accessible to anyone on the Internet.
If a security hole is left unprotected, hackers can gain access to this information and use it however they see fit, oftentimes without a trace until it is too late. A company will place a firewall at every connection to the Internet (for example, at every line coming into the company) and the firewall can implement the particular security rules that the computers will operate by. The most common security rules regulate which websites users can access, whether information can travel outside of the firewall and so on.
The most important aspect of a firewall is that it is at the entry point of the networked system it protects. This means the firewall should be the first program or process that receives and handles incoming network traffic, and it is the last to handle outgoing traffic (Evolution). If another program is performing this task, there is no firewall. Most people have a basic understanding of what an online firewall does. Like its counterpart in the physical realm, a firewall is intended to stop the spread of a flame.
It accomplishes this through a variety of ways, the most popular being packet filtering, proxy service, and stateful inspection. Basically a firewall acts to control traffic flowing in and out of the network. Lets begin with a discussion of each method. Packet filtering works by analyzing chunks of information (packets) that are analyzed against a filter for either information coming into or leaving the network. Packets that make it through the filters are then sent to the requesting system and all others are discarded.
Filters are determined by the webmaster and are intended to stop potential threats from gaining access to the server. They basically enable you to manipulate (that is, permit or prohibit) the transfer of data. Because this type of firewall does not inspect the network packets application layer data and does not track the state of connections, this solution is the least secure of the firewall technologies (Evolution). A proxy service firewall acts by analyzing the information from the internet to make sure it is retrieved by the firewall and then sent to the requesting system and vice versa.
What this means is that the firewall doesnt simply allow or disallow packets but also determines whether the connection between both ends is valid according to configurable rules, then opens a session and permits traffic only from the allowed source and possibly only for a limited period of time. The stateful inspection method is a bit different. Instead of analyzing the content of each packet, stateful inspection compares certain parts of the packet in relation to a database of trusted information. If the parts of the packet do not match with the trusted information in the database it will be rejected.
Once a connection is terminated, its table entry is removed, and that virtual circuit between the two peer transport layers is closed (Evolution). These three firewall methods are not mutually exclusive, and oftentimes they work together to catch information that may have been missed by one of them. Furthermore all firewalls are customizable. Without going into too much detail, I will explain a few basic customizations that we can easily implement to continue our online security presence. Each machine on the internet is assigned a unique access code that identifies it.
If a particular outside IP address is accessing and reading too many of our files on the server, we can block that IP address so they cannot gain access. In relation to IP addresses are domain names. Instead of having to remember an IP address code, we use domain names such as google. com that are easier to remember. In a similar fashion, a firewall can block access to domain names in addition to IP addresses. Another firewall customization addresses protocol. A protocol is the way that computers interact with one another, most often through web browsers such as Internet Explorer or Mozilla Firefox (Roiter).
It is most useful to set up one or two computers on a server that handle a specific protocol and then to block access to that protocol on the other computers. Similarly to protocol protection, we can also manage how our information is accessed through controlling our portals. For example, we use both web servers and FTP servers. By blocking access to particular ports to all computers except perhaps one or two, we can control how are services are available (Roiter). Another basic customization is blocking packets that contain particular words and phrases.
For example, we can set up a firewall that detects packets that contain x-rated. This method is highly recommended to protect from potentially dangerous sites, even though it has to detect exact matches and may be time consuming to organize. Weve all read about companies that have been hacked into that have been exploited, at great cost to the company and its customers. If we follow these basic firewall security protective measures, we will be in a greater position to control our information. This will allow us to continue our online presence and growth. Works Cited Evolution of the Firewall Industry.
(2002). Cisco Documentation. Retrieved January 25, 2009, from http://www. cisco. com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch3. htm Kemp, John. Basic Firewall Concepts: the ABCs of Using Firewalls for Network Security. (2002). Computing News at the University of Oregon. Retrieved January 25, 2009, from http://cc. uoregon. edu/cnews/spring2002/firewall. html Roiter, Neil. Firewall Management Tools Aid Configuration, Compliance. (2008). Information Security Magazine. Retrieved January 25, 2009, from http://searchsecurity. techtarget. com/news/article/0,289142