Firewalls

Firewalls are like the defenses surrounding medieval castles. Moats and walls forced visitors to enter and leave through easily monitored choke points, such as gatehouses and drawbridges. Similarly, a firewall monitors traffic in and out of a network. It admits friends, blocks foes and keeps tabs on who’s trying to get in.

Firewalls use one or more of three methods to control traffic.

Packet Filtering

1. Information travels on the Internet in small units called packets. Each packet contains routing information in a header.

2. A device called a screening router reads the header of each packet. Specific rules determine whether the packet should pass or be blocked.

3. A simple example would be barring access to a particular sender by having a rule to block all packets from that unique identifier, or IP address.

Proxy Server Gateway

1. More secure than packet filtering, a proxy server acts as a middleman between the internal network and the Internet. When an internal computer - called a client - requests something from the Internet, it connects first to the proxy server.

2. The proxy server substitutes its own unique identifier, or IP address, for the client’s and relays the request to the Internet, thus hiding the client’s identity from the outside world. The Internet server replies to the proxy server, which forwards it to the client.

3. An application gateway is a sophisticated proxy server that uses specific proxy software for different applications, such as Web pages and e-mail. The administrator chooses proxies only for applications that clients should have access to.

Stateful Inspection

1. This method provides better performance than proxies by not having to examine the contents of each packet. Instead, it compares key parts of packets with a database of trusted information. This is the equivalent of the medieval guard recognizing familiar faces without checking ID.

2. The firewall monitors information traveling from inside for specific characteristics and remembers the information. This is called saving the state.

3. Incoming information is compared with the saved state. If the comparison yields a reasonable match, the information is allowed through.

Customizing Firewalls

Rules used in firewalls can be constructed with various combinations of the following:

IP addresses: The unique address of each machine on the Internet, expressed in a four-part number, i.e., 216.27.61.137.

Domain names: The familiar ‘dot-com’ names, easy-to-remember substitutes for IP addresses, such as www.latimes.com.

Protocols: The communication rules that computers use to talk to each other to carry out specific tasks, such as Hyper Text Transfer Protocol used for Web pages and Simple Mail Transport Protocol used to send e-mail.

Ports: The numbered virtual pathways through which different services communicate. The port number identifies what type of service it accommodates.

Specific words or phrases: Any string of text as defined by the administrator, such as obscenities, racial slurs or even passwords.

Additional sources: www.ibg.com/presentations/beyond/sld021.htm

www.3com.com/nsc/500619.html

www.interhack.net/pubs/fwfaq/firewalls-faq.html

www.howstuffworks.com/firewall.htm www.ntresearch.com/firewall.htm

www.ntresearch.com/firewall.htm

How Stuff Works: www.howstuffworks.com

Researched by VICKI GALLAY/Los Angeles Times