Firewall

The term firewall refers to a group of security tools used to secure network connections from unauthorized access. In general, a firewall is hardware or software, or some combination of the two, that acts as a gate-keeper by controlling who can access a network, as well as what information can enter and leave it, according to preset criteria. Information is allowed to pass through the protected Internet connection or network as long as it meets these criteria; otherwise, it is stopped. While a firewall can effectively protect both commercial and private network connections, it should be considered only one part of an overall security plan.

Firewalls are commonly recommended for any computer connected to a network. Although all connections are at risk, broadband Internet connections (those using a cable modem or DSL) are particularly vulnerable to intrusions. Because these connections have static Internet addresses and are always connected to the Internet, they are especially attractive targets to intruders, who use special programs to randomly scan computers for openings; once located, open ports on a computer can be used to gain access to its operating system and infiltrate a network. Intrusions of this type have the potential to compromise sensitive information on a computer's hard drive, and therefore constitute security threats.

Firewalls come in different forms, focusing on protection at different levels of a network. Common types of firewalls are packet filters, application gateways, and circuit-level gateways; in addition, information logs and proxy servers increase the effectiveness of firewalls.

Packet filters: When information is sent over the Internet, it is broken into packets, small bits of data that are reassembled at their final destination to recreate the original file. A packet filter inspects each incoming and outgoing packet according to the criteria set by the user to determine if it is allowed access to a network.

Application gateways: These provide a different level of security by determining rules or settings for specific programs that require Internet access. For instance, many newer software programs have builtin features that inform users of the availability of updates and/or additions. These programs use network connections to access the Internet for this information. Application gateways determine what programs can access the network, what ports they may use, and how to best secure the connection.

Circuit-level gateways: Similar to application gateways, this form of firewall focuses on specific programs; however, it provides a faster monitoring process. When a remote PC is accessed from a network connection, a circuit-level gateway monitors the connection process and examines packets being exchanged to ensure authenticity (e.g., make sure packets meet preset specifications). Once the examination is complete and the connection is secured, packets are exchanged between the computers without the need for further filtering.

Proxy servers: These are used as intermediaries between a network and, for example, the Internet, to hide the network and make a computer's address more difficult to identify; together with a firewall, however, proxy servers provide more effective security. A proxy eliminates the direct connection to the Internet, and funnels all incoming and outgoing requests through a central location; when an intruder attempts to access the network, the Internet address the intruder finds is that of the proxy server, and not of any of the network connections and computers.

...