Today’s article is about Firewalls. We are going to discuss what is a firewall, how it works and do you need one?
What Is A Firewall?
Lets say I have a house and I want to protect it from thieves, what should I do?
Maybe I should use sensors, burglar alarms, CCTV cameras and strong windows and doors of course.
But wait…I have think of something better, I am going to hire 15 professional commandos to secure my house.
I divided them into three teams:
There are 5 commandos in each team. Alpha team’s job is to recognize my friends, girlfriend, family members and relatives so they can be allowed by them to enter.
Delta team’s job is to kick out everyone who is not in the “trusted list”.
But hey! What if my girlfriend is stoles something from my house?
Don’t worry! Team Bravo will handle her. Team bravo will not let anything go outside of my house without checking.
Looks like my house is now safer than my neighbors because they have only a dog named tommy and I have 3 teams of commandos. *Thug Life*
So what this house has to do with a firewall?
Well this is how a firewall works.
The basic function a firewall is to filter the traffic (data packets) going in or out of our machine. But how does a firewall know which traffic should be allowed and which traffic should be blocked?
Let me show you,
I have three servers
1. SMTP Server: Job of this server is to handle E-Mails. It runs SMTP (Simple Mail Transfer Protocol) on port 25. Its IP address is 188.8.131.52
2. FTP Server: I use this server to share files with users so they can download them easily. It runs FTP (File Transfer Protocol) service on port 21. Its IP address is 184.108.40.206
3. Web Server: My website is stored on this server.
Now I have placed a firewall between my network and internet and here is how it looks:
I want to keep away malcious traffic from my servers but how this firewall is supposed to filter traffic?
This is where rules come into play. We have to tell it which traffic it has to allow and which not.
For that I have created a rule set:
Now let me explain what each line says:
1. If any visitor (any IP address) with from any port wants to access my web server (220.127.116.11) on port number 53, 80, 3306 he will be allowed.
2. Its the second rule so first rule will be executed first which means if a users wants to access port number 53, 80, 3306 of my web server it’s okay but if he wants to connect to any other port, this rule will get executed thus his access will be denied.
3. If any visitor (any IP address) with from any port wants to access my SMTP Server (18.104.22.168) on port number 25 will be allowed.
4. Similar to rule number 2, if any visitor wants to connect to SMTP Server on port 25 it’s okay but he will be denied if he wants to access other ports.
5. If any visitor (any IP address) with from any port wants to access my FTP Server (22.214.171.124) on port number 21 will be allowed.
6. Similarly, if any visitor wants to connect to FTP Server on port 21 it’s okay but he will be denied if he wants to access other ports.
Now lets summarize what this rule set tells the firewall:
No one can access the SMTP server other than on port 25.
No one can access the FTP server other than on port 21.
No one can access the web server other than on ports 53, 80, 3306.
As this rule set was to filter incoming traffic there can be a rule set to filter outgoing traffic too.
So a firewall scans header each data packet coming our going out of the network and denies or allows it on the basis of the rules specified by the user.
Moreover, it can store the IP addresses of a potential attacker and put the IP address in blacklist so the attacker will never will be able to access our machine from that IP address.
Do I Need A Firewall?
Well before I answer that question I would like to tell you about the two types of firewalls:
1. Software Based Firewall: It is a software which can be installed in a computer to protect it.
2. Hardware Based Firewall: They are special devices loaded with a firewall software.
They are costly than software based firewalls.
So should you use a firewall?
Yes because your machine will be less vulnerable to hackers and ddos attacks. Even if a trojan gets installed in your system it will not be able to connect to the internet if the firewall is configured properly.
So which firewall should you use?
Well for normal users software based firewalls are sufficient but when we have a whole network, we should deploy a hardware firewall between the network and the internet and then install software firewall on each computer of the network.
That’s all guys. This was just an introductory article to firewalls because firewalls are complex than what i just showed you.
Thanks for reading.