What is a Firewall?
A network firewall is typically a hardware appliance that provides network security by filtering inbound and outbound data and internet traffic according to user-defined guidelines. Generally speaking, the firewall’s job is to decrease or remove any malicious communications or data while allowing legitimate communications to the network to flow easily. In most infrastructures, the firewall is the first layer of security in place that can prevent an attack.
In this blog, we will be starting with an explanation of traffic through Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) packets and then we will move into the various issues related to security.
TCP Network Packets
We are going to take a look at the appearance of network traffic but first we will explain the protocols of the network traffic. TCP is the standard that defines the establishing of a network “handshake” or how applications and programs interchange data. UDP is another type of data communications protocol which is primarily used for establishing low-latency and loss-tolerating connections between applications on the internet.
Both TCP and UDP are protocols used for sending bits of data also known as packets over the Internet. They are both built on top of the Internet protocol (IP).
TCP traffic on the network is displayed in packets and these packets contain unique information that defines the data referred to as the packet header. Understanding the packet header allows for better control of the information such as source and destination addresses, which are also known as payload. While control information in each packet confirms that data is sent correctly, it also contains elements that provide information to comply with firewall rules.
It is important to note that when the incoming TCP packet is received correctly, the recipient sends an outgoing authentication packet. The combination of input and output packet control information can be used to determine the state of communication between the sender and receiver.
Although there are more, let's discuss three basic types of firewalls: Filter stateless packets, the internal firewall, and the application firewall.
Filter stateless packets or program firewalls are designed to monitor network traffic. These types of firewalls use a simple set of rules and are not able to distinguish whether a packet that is received is unauthorized or forged. It is typically faster and functions better under heavy traffic.
The internal firewall can configure the connection state of the package to make it more flexible than an unbreakable firewall. It works by collecting relevant packets to determine the connection before applying firewall directives to traffic.
The application firewall examines the uploaded data, which allows network traffic and firewall rules to be compared to a separate installation or application. It can block specific content and determine when applications and protocols are not being used appropriately. These are also called proxy firewalls.
A basic firewall is normally provided in all modern operating systems on laptops and desktop computers. This basic security functionality is generally also available on devices such as cable and DSL modems and home network routers.
What Firewalls Do?
Firewalls perform the following tasks:
- Defend and Block
- Keeps a check on access and whether it is valid or invalid
- Manage and control network traffic
- Record and report on events
Standard firewall rules are "Accept" (or allow) and "Deny" (or reject). Basically, it is allowing or rejecting inbound data traffic to your network.
These rules specify how the firewall complies with the data when there is new inbound or outbound network traffic. "Accept" means that traffic is allowed, and "Deny" means block the traffic. But there are times that certain traffic will respond with "inaccessible" errors, and that data will be blocked from entering or leaving the network.
Network traffic is inspected from beginning to end through a list of firewall rules in an order or chain. When a rule matches, its actions are applied to network traffic and it is allowed through or denied to the network.
Incoming and Outgoing Traffic
Network traffic can be inbound or outbound, and is managed differently for both cases. Traffic from other sources (incoming traffic) is different from the network’s outgoing traffic. Firewalls often allow the most outbound traffic because the data is typically trusted. However, if an attacker or a malicious executor threatens the server, outbound rules can be used to stop unwanted communication.
To exploit the security of your firewall, you must define all the ways other systems can communicate with the network, explicitly authorize the rules, and then block all other traffic. Understand that you must have correct exit rules for the network, or all outbound traffic may be blocked. This means you should have an expert like Blue Ridge Technology setup and configure your firewall properly for the best security for your business. Often servers need to have their own burst of traffic for a variety of reasons (such as by downloading updates or linking to a database), it is also important to include these conditions in the rule set.
The firewall service uses two types of ports:
- Set port: The computer port that initiates the connection.
- Answer port: The computer port where the connection is stopped.
Now that we have a better understanding on how the firewall works, let's get into the details of what the firewall is looking to allow or block.
UFW (Firewall without complications) is a boundary of IP Tables designed to simplify the configuration of the firewall.
Block all received programs
In some cases, it is safer to block all received data connections on your network and whitelist as needed but this is an administrative nightmare for the novice administrator. It is better to have a data security professional like Blue Ridge Technology work with you so that they can configure the firewall for proper traffic flow.
There are times that you want to block all incoming traffic on your local machine. For instance, if you travel and use open Wireless connections in places like hotels and airports. If the inbound traffic is not blocked, you may become susceptible to malware or to having your data compromised.
To block all received data connections on the Windows computer firewall, just click Start, select Control Panel, and then click Windows Firewall > Change Notification Settings. Under Open Network Settings, select Block all incoming links, with the links in the Allowed Programs list, and then click OK.
If you allow this setting, you can still send and accept email and browse the Internet, but all other links are automatically blocked.
Remember that the firewall is the first level of defense to securing your network and protecting your data. To be sure that your firewall is set up properly, call Blue Ridge Technology. Let us review your network, your security and your relationship with your business data. What’s the worst that can happen?