So there you were, working in the office, tired of the sound of your fingers tapping at your every press on the keyboard. You suddenly grew tired but too lazy to stand up and fetch a cup of coffee at the pantry. You got more bored, so you decided to open an Internet browser and visit your favorite website. However, after clicking on the browser icon, you got something like this:
Surprised, baffled, and wouldn’t spare some time to read and understand what’s going on, you clicked the Unblock button and surfed away. That is the common action taken by people upon seeing such warning messages. However, alerts like this weren’t created for nothing, right? If so, then let’s get to know what this message is all about by knowing what a firewall is and why firewalls block programs.
A firewall, as the name implies, protects you from the “fires” of the computer world. It regulates traffic between computers on a network, and even signals from the Internet. Named from the brick walls of houses of over a century ago that prevent the likely spread of fire, computer firewalls prevent unauthorized access to their hosts’ private networks. But surely, computer firewalls didn’t originate from the physical, fire-preventing firewalls of the olden times. Then where, exactly, did firewalls originate?
History of the Beloved Computer Wall
With network security breaches increasingly growing in number back in the 80’s, people then found themselves being attacked by the Morris Worm that wreaked large scale Internet security havoc.
In 1988, engineers from a digital company created the first generation of firewalls known as packet filters firewalls – inspectors of packets sent from one computer to another. A packet (a block of data used for transportation and data exchange between computers in a network) had to “pass” a filter firewall’s set of rules for it to be accepted by the receiving computer, otherwise, it will be rejected, returning an error message to the sending computer. This method, however, disregards the relationships between different packets, as it treats packets individually. This posed some dangers to a rejected packet’s control data, which contained important information like the packet’s source and destination addresses, and sequences.
After some time, three colleagues from AT&T Bell Laboratories developed their own type of firewall based from packet filters, and called it circuit level firewalls. This kind of firewall did not only examine packet contents but also even compared packet relations with records of all connections that passed through the firewall. A circuit level firewall can determine whether the passing packet is the start of a connection or if it is simply a part of a connection. Also, it can protect the computer from connection attacks like receiving packets of a wrong sequence to consume a computer’s processing time and memory when it tries to figure out and correct packet sequences. Still, packets have to undergo a set of rules from this generation of firewalls, with the additional criteria of checking the state of the connection where the packet belonged.
The third generation of firewalls was a product of different studies from Purdue University, AT&T Laboratories, and an independent researcher. The application layer firewall or proxy-based firewalls can detect unwelcome protocols (instruction sets that control connections and data transfers between computers) sent to the private network, and even harmful exploiters of protocols. This is because this firewall generation is familiar with the application layer, where manipulation of protocols takes place.
The firewalls that we know today comprise the fourth generation of firewalls, complete with a user interface and easy access through the computer’s operating system. Our present-day firewalls function similarly to that of their ancestors, but with a more sophisticated process, which we will discuss next.
How Firewalls Protect Computers
As defined earlier, a firewall protects your computer from network hazards. But no matter how simple its definition sounds, a firewall’s activity is far too complicated. To illustrate this, let’s assume that we are part of a computer-laden company whose staff amounts to a hundred or so. Each worker has his own computer terminal connected to a network, where all processes and file transfers happen. Let’s also assume that the company is web-oriented, so the company also has an Internet connection. If there were no firewalls configured, our company’s computers are accessible to the entire population of Internet users! Even an outsider who has basic knowledge on virtually connecting computers can easily probe or even access our computer files. Further, if one of our fellow employees left a security hole, it will be the greatest Christmas gift ever for hackers.
What if, instead, our network security department decided to install firewalls beforehand at every connection to external networks and the Internet? That would be a very different scenario than the first one. If firewalls were implemented, the company will then be secured from external accesses through, say, alert or warning messages.
Actually, with firewalls in place, a company can implement security rules that range from selected access to the Internet to company-wide ban to access a certain computer.
Security rules can affect anywhere from File Transfer Protocol servers to servers accessible to the Internet, in the private network’s perspective, of course. They can also control a computer terminal’s connection to anywhere in the private network, like whether it should be allowed to access a computer with higher security levels or not.
In our sample setting, firewalls certainly give our company both authoritative control over their employees and protection for its private network.
As written down in history, a firewall protects its host computer network simply by checking all kinds of data that passes through it. From its first generation to its third, a firewall utilizes all kinds of security measures that its ancestors.
Firewalls act as middlemen that retrieve data from either the Internet or the private network before sending it to the other end of the connection. Also, firewalls implement packet filters that flag those that shouldn’t enter the network and discard it. Even further, packet sequences are also examined to check for logical matches using a trusted database that records characteristics of traveling packets. If there was a match between traveling packets and the entries in a firewall’s trusted database, the information passes through. If there was none, the information is rejected.
However complicated and important a firewall’s functions are, they are often bypassed because of faulty configuration and, often, misinformation. And firewalls often end up with a very loose configuration, primarily allowing all traffic from different networks to the computer until explicitly blocked by the user. Often, your system is being compromised with some unintended, sometimes harmful, network connections. To avoid this, we must know what a firewall protects us from.
The “Fires” of the Computer World
With different levels of security, firewalls can protect your computer. Turning your security to the highest level will block everything, defeating the purpose of having your own Internet connection. On the contrary, setting it at the lowest level will expose you to the whole virtual world, as if you are animatedly saying “hi” to intruders and hackers alike.
Here are some of the most common intruders that a firewall can stop:
- Through an unprotected network, a person can infect your computer with a virus or its disciples: Trojan horses and computer worms. Being the well-known computer risk that it is, a virus can do damages ranging from simply irritating you through repeated message pop-ups to deleting all of your computer’s data.
- Remote logging happens when a person outside your private network connects to your computer, viewing files and possibly accessing your programs.
- Programs with special features can allow remote access to your computers. They can provide hidden access, known as application backdoor, to your computer especially when they have bugs that can gain a certain control level over your computer.
- Applications aren’t the only ones that can have backdoors. Even some operating systems can have opened backdoors that allow remote access to your computer. Such operating system bugs nullify your computer’s security to an extent, which a hacker can exploit.
- Macros, user-created scripts that applications can utilize, are a hacker’s best friend when it comes to exploiting through a network connection. Malicious hackers can take advantage of macros and create their own to do their bidding, which is either manipulate your data or, ultimately, crash your computer.
- Harmless as it may seem, a spam often contains links to nasty websites with equally nasty plots: to expose your computer to the world and abuse it. Such kinds of websites, when visited, may open a backdoor to your computer via cookies, text parcels sent by the servers of websites you access for tracking and authentication purposes.
- An e-mail address sends junk e-mail or spam to several users, cloaked by a Simple Mail Transfer Protocol server of an innocent host, so as not to leave traces. Through e-mail session hijacks like this, unaware users are prone to opening spam, usually out of curiosity.
- Mostly a one-on-one attack, an e-mail bombing happens when somebody bombards your e-mail address with a message sent hundreds or even thousands of times until the system that handles your e-mail services can no longer receive and store any more messages. This act consumes your e-mail system’s resources, killing all its connections.
- Routers determine the path a packet takes within a network. They also provide arbitrary data about the packet’s source. In source routing, hackers use such arbitrary data to conceal malicious information that they send through the network, as if the packets they sent came from a highly trusted source.
- Further, information sent via network has to keep its destination address to guide it while “traveling” the network. Hackers target those “traveling” information by using redirect bombs to change the information’s path to a different one.
- Redirect bombing, in a way, opens doors for the occurrence of a denial of service attack – a very wicked computer exploit wherein a hacker slows down servers by sending unidentified requests. A hacker sends external, unanswerable requests to, say, a certain server, asking for connection. Then, when that server responds to the request, the server’s responses to its regular network traffic weaken. Through this, the hacker either eats up all the resources of a server or computer, forcing it to halt operations and restart, or impedes communication between his victim and the other users in the network by trapping the “attention” of the server.
With various network hazards above, you need to at least know how to protect yourself from them, and the succeeding section explains how.
Your Firewall of Choice
Firewalls are still programs themselves, and customizing them based on your needs is possible, or more significantly, essential. The succeeding paragraphs detail some conditions to consider before building your firewall.
Serving a purpose similar to your home address, an IP address is your identification in the network, or, more commonly, the Internet world. Firewalls can limit an IP address’ access to the Internet to loosen network traffic, as that address might be accessing too much information via the network.
IP addresses, which often look like unintelligible strings composed of numbers and dots, surely are hard to remember, giving birth to humanely understandably addresses known as domain names. For a firewall to protect a company from malicious software, the domain names of pornographic websites, home of several “computer world fires,” are often blocked.
Firewalls can also protect you from computer protocols as some of them might bring damage to your computer. Serving as mobile bridges for computers in a network, protocols can be used maliciously by hackers. With firewalls, you can simply assign a computer to handle a specific protocol for easier supervision.
Furthermore, firewalls can block ports, an outgoing channel used by servers to send you the services you requested from them, which can further regulate network traffic. Usually, in a company setting, File Transfer Protocol (FTP) servers are blocked from most computers’ access, while web servers aren’t, because FTP servers are the common providers of uploading and downloading activities.
And since the firewall acts as the gateway of your computer in one way or another, it also filters the information entering through it. The largest form of information it filters is the greater content of websites and files: text. A firewall can entrap an exact word or phrase from a passing data. Common types of words and phrases that firewalls treat as malicious are “porn,” “x-rated,” and “xxx,” all of which are related to commercial pornography, one of the most oppressing and malicious type of website.
As seen above, firewalls put information to certain “tests” before letting them pass. They actually assign certain trust levels to entities connected to their computer in order to determine which signals to accept and which ones to block. Usually, the Internet has no trust level while the computer’s internal network has the highest. Zones whose trust levels lie between the Internet and that of an internal network are regarded as Demilitarized Zones or DMZ’s, which comprises our final section.
DMZ’s: To Trust or Not To Trust
There are times when you should allow users to access your private network for certain reasons. However, with many notorious risks involved, you can’t help but think twice. What should you do then?
DMZ’s will answer your problems. If you have a DMZ, you can put computer files in it for others to access, without fully exposing your computer to the world. As mentioned earlier, a DMZ stands between the Internet, the “no trust” zone, and your private network, the zone with the highest trust level. It is actually an area outside your firewall but very close to your private network.
To put simply, a DMZ is similar to a garage sale, standing between you and your buyers. In a garage sale, all items you display are still yours, only, they are for sale. You allow people to see what you are selling, and they can look at them and, more importantly, examine them.
DMZ’s save you from most of the network risks out there. Try it out. Most firewall softwares already contain DMZ setup options so there’s no trouble looking for one.
We often take firewalls for granted because we feel like they are doing nothing more than just sit on our virtual space and irritate us with various alert messages when we do something pretty risky. In the course of my research on firewalls, I realized that they are more than just an obstacle to our surfing joy. It actually is our best ally against all the “fires” that may have spread through computer networks.