Home |  Forum |  Submit Software |  Submit Book |  Link to Us |  Contact us  |   Sitemap

  Topics
Software
Books
Network Basics
Glossaries
SNMP
Networking
Links
  Forums
SnmpTools.net forum
  Search for Software

  Other
Submit Software
Submit Book
Link to Us
Contact Us

 


  Visit ActiveSocket Web Site
  Download ActiveSocket Network Communication Toolkit

Firewall - an explanation

System or combination of systems that enforces boundary between two or more networks, controlling access from one to the other.Essentially, a firewall should be thought of as a gap between two networks - in our case an internal network and the Internet - occupied by a mechanism that lets only a few selected forms of traffic through.

At its simplest level, a firewall can be nothing more than a screening router configured to filter out unwanted TCP/IP packets - perhaps restricting inbound connections to known sites, for example. The plus side to this is that most organisations already have routers in place, thus eliminating the requirement for additional capital expenditure. The down side is that it is not particularly flexible, particularly in environments which need to permit wide-ranging access (i.e. to anyone who wants to purchase products), yet restrict them to only a tiny portion of the network (i.e. the Web server only). In general, routers cannot be customised to specific network environments, do not authenticate users, and have no audit capability. If not properly set up, the firewall may thus have trapdoors through which intruders can surreptitiously enter.

For this reason, most organisations who are serious about Internet connectivity will invest in a full proxy-based Internet Firewall. Also known as a "dual-homed gateway", this is a system with two network interfaces that sits on both the protected network and the public network. Since the gateway can communicate with both networks it is an ideal place to install software for carrying data back and forth. These agents are called "proxies", and one is required for each service you wish to provide. For instance, a WWW proxy will manage user connections to the Internet, and will ensure that incoming data packets are for a valid recipient - otherwise they will not be passed through the firewall.

One of the biggest advantage of effective firewalls is that they present just a single IP address to the outside world, thus hiding the real structure of your network from prying eyes. They will also usually provide full auditing and reporting facilities. Unfortunately, the administrative burden is high, since the network administrator must create and maintain the security architecture, programming for every possible exposure. It is also true to say that a completely secure firewall is not always transparent to the user.

It is important to recognise that the most secure configuration is to place your Web server on the outside of the firewall’s protection, making it a part of the external Internet. This obviously leaves the Web server itself open to attack, but maintains the integrity of the internal network completely. Protection of the Web server itself - as well as your internal network - often comes down to how secure your password and authentication mechanism is. This brings us on to our next topic - passwords.