2. Firewalls: The Basics
This is a basic overview of how
firewalls work and play an active role
in network security.
We will cover the following topics:
• What is a firewall?
• How firewalls are used?
• How does a firewall work?
3. What is a firewall?
Firewalls: Defined
By definition a firewall is a hardware
appliance or software solution used to
enforce security policies. It is used to
protect the resources of one network
and from users from other networks. It
protects the network by allowing and
restricting port communications over the
internet and intranet.
4. Firewalls: How a firewall works
External “Dirty” Internal “Clean”
A firewall is either an appliance or software
running on a server that is placed at the
entry/exiting point of your network. The firewall
has two Network Interface Cards (NIC’s). One NIC
is used for external “dirty” traffic. The second NIC
is for internal “clean” traffic.
5. Firewalls: How a firewall works
The software is used to configure how the traffic will be regulated. You can block
or allow traffic based on port number, protocols, services and IP addresses. Once
the configuration is in place you can keep track of the inbound and outbound
traffic. Which will in turn assist you in conducting trend analysis to help make
your network more secure.
Service being used
Port being used
Whether the TCP/UDP
protocol is opened of
closed for the service to
communicate
Where you input your
trusted and non-
trusted individual IP
addresses or IP range
6. Firewalls: How a firewall works
Firewall
Network Address Translation (NAT)
Virus Check
URL Filtering
Application backdoors
IP address blocking
Source Routing
Once the traffic enters the firewall it goes through a series of checks. Some of
these checks include:
• If the IP address is allowed to talk through the firewall.
• The firewall uses a URL filter to check if a URL is on the allowed or
blocked list.
• A virus check is performed for packages that are being downloaded.
• Network backdoors that might be opened by applications or operating
systems.
7. Firewalls: How a firewall works
Finally after all the traffic has been checked it is
allowed to pass through and to the end user.
When the request from the end user is made it
goes through the process once more on the
way to the Internet.
8. Firewalls: How a firewall is Used
In the following two slides are examples of very
different networks. One is a small home network;
the other is a large Enterprise Network. Even
though the architecture of the networks a very
different the goal is the same, to protect the data
and the integrity of the network. That’s why
firewalls are incorporated into both networks. With
the firewalls in place and working correctly it
provides protection from hackers, viruses, spam,
and other influences coming from outside and
inside of your network.
9. Home Network Layout
This home network shows the firewall protecting both the network devices.
Both the Wireless and Ethernet routers have firewalls installed. This gives the
home user layered protection. Layered protection is necessary incase the
primary firewall fails, and then there is another firewall in place to protect the
network.
Firewalls: How a firewall is Used
10. Enterprise Network Architecture
In this example of an Enterprise Network you will notice that the
first two routers and the firewalls are connected. By connecting the
routers and firewalls with each other, and enabling them to
communicate they have a High Availability status. This means that if
one primary device becomes unavailable the secondary or fall back
devices will become active and communication will continue.
Primary Route
Secondary Route
Router
Router
Router
Router
Firewalls: How a firewall is Used
11. External IP Address
Internal IP Address
Protocol
Port Number
Firewalls: How a firewall is Used
Another way a firewall is used to protect a network is by using Network Address Translation
(NAT). NATing is used in order to enable multiple hosts on a private network to access the
Internet using a single public IP address.
It also blocks your internal IP address from the outside world. In the firewall configuration
you can set the two IP addresses to use for you address translation. The external address
which is usually your ISP address. The internal address which is your private network.
If a hacker tries to probe your network the only IP address that will be seen is you external IP
address.
12. Firewalls are not just used monitor and regulate
network and internet traffic. An example of this is a Mail
Firewall. A Mail Firewall and a Network Firewall work on
the same principle in protecting the network. The
difference is that a Mail Firewall concentrates on
scanning all incoming and outgoing e-mail.
The Mail Firewall is usually behind the Network Firewall
in the network architecture. It scans the e-mail for
malware, spy ware, viruses, and phishing attempts. If it
contains any of these things it can be blocked by either
an individual e-mail address or an entire domain. It can
be configured so that if a certain word shows up in an
e-mail subject line or body it will reject or quarantine
the message.
Firewalls: How a firewall is Used
13. In conclusion remember that firewalls are
useful in:
• Firewalls are either specialized
appliances or software applications
• Protecting Network Integrity by
opening and closing ports on the
network
• Blocking from viruses, spy ware, and
malware
• Using URL filters so harmful websites
cannot be accessed
Firewalls: The Basics Summary