What Is a Firewall and What Is It for | Total Security Software

I sincerely believe that knowing what a firewall is and what it is for is vitally important for all users who have a personal computer at home. For this I have decided to create a series of two posts with the following theme:

1. What are Firewalls and what are they for?

2. How to configure our firewall properly?

The truth is that there are many Linux users who think that it is not necessary to take security measures using Linux. Well, the truth is that according to my humble point of view they are quite wrong.

It is true that in Linux there are practically no Viruses, therefore we could say that the use of antivirus today is practically not necessary, but according to my point of view, there are precautions that must be implemented in all operating systems that we use. One of these precautions is to have a firewall activated and properly configured. Many of you wonder what a Firewall is, what is it for? Do I need it? How can I activate and configure it?

WHAT IS A FIREWALL

A firewall or firewall is a hardware or software device that allows us to manage and filter all the incoming and outgoing traffic between 2 networks or computers on the same network.

If the incoming or outgoing traffic complies with a series of Rules that we can specify, then the traffic will be able to access or leave our network or computer without any restriction. In case of not complying with the rules, incoming or outgoing traffic will be blocked.

Therefore, from the definition, we can ensure that with a well-configured firewall we can avoid unwanted intrusions on our network and computer as well as block certain types of outgoing traffic from our computer or our network.

WHAT A FIREWALL IS FOR

Basically, the function of a firewall is to protect individual computers, servers, or computers connected to the network against unwanted access by intruders that can steal confidential data, lose valuable information or even deny services on our network.

So therefore it is clear that it is highly recommended that everyone use a firewall for the following reasons:

1. Preserve our security and privacy.

2. To protect our home or business network.

3. To keep the information stored on our network, servers, or computers safe.

4. To avoid intrusions of unwanted users in our network and computer. Unwanted users can both be hackers and users belonging to our same network.

5. To avoid a possible denial of service attacks.

So therefore a properly configured firewall can protect us against attacks such as IP address spoofing, Attacks Source Routing, etc.

HOW A FIREWALL WORKS

The firewall is normally located at the junction between 2 networks. In the case that you can see in the screenshot, it is at the junction of a public network (internet) and a private network.

Likewise, we also see that each of the subnets within our network may have another firewall, and each of the computers at the same time may have its own software firewall. In this way, in the event of attacks, we can limit the consequences since we can prevent damage from one subnet from spreading to the other.

The first thing we have to know to know how a firewall works is that all the information and traffic that passes through our router and that is transmitted between networks is analyzed by each of the firewalls present in our network.

If the traffic complies with the rules that have been configured in the firewalls, the traffic will be able to enter or leave our network.

If the traffic does not comply with the rules that have been configured in the firewalls, then the traffic will be blocked and cannot reach its destination.

TYPES OF RULES THAT CAN BE IMPLEMENTED IN A FIREWALL

The type of rules and functionalities that can be built into a firewall are the following:

1. Manage user access to private services on the network, such as applications on a server.

2. Log all attempts to enter and exit a network. Entry and exit attempts are stored in logs.

3. Filter packets based on their origin, destination, and port number. This is known as an address filter. Thus, with the address filter, we can block or accept access to our equipment from the IP 192.168.1.125 through port 22. Just remember that port 22 is usually the port of an SSH server.

4. Filter certain types of traffic on our network or personal computer. This is also known as protocol filtering. The protocol filter allows you to accept or reject the traffic depending on the protocol used. Different types of protocols that can be used are HTTP, HTTPS, Telnet, TCP, UDP, SSH, FTP, etc.

5. Control the number of connections that are being produced from the same point and block them in the event that they exceed a certain limit. This allows you to avoid some denial of service attacks.

6. Control the applications that can access the Internet. Thus, therefore, we can restrict access to certain applications, such as dropbox, to a certain group of users.

7. Detection of ports that are listening and in principle should not be. Thus, therefore, the firewall can warn us that an application wants to use a port to wait for incoming connections.

FIREWALL LIMITATIONS

Logically, a Firewall has a series of limitations. The main limitations of a firewall are the following:

1. A firewall in principle is likely not able to protect us against certain internal vulnerabilities. For example, any user can erase the content of a computer without the firewall preventing it, insert a USB into the computer and steal information, etc.

2. Firewalls only protect us against attacks that go through the firewall. Therefore, it cannot repel all the attacks that our network or server may receive.

3. A firewall gives a false sense of security. It is always good to have redundant security systems in case the firewall fails. In addition, it is useless to make a large investment in a firewall neglecting other aspects of our network since the attacker will always try to find the weakest security link to be able to access our network. It is useless to put an armored door in our house if when we leave we leave the window open.

EXISTING TYPES OF FIREWALL

As we have seen in the definition, there are 2 types of firewall. There are hardware firewall devices such as a Cisco firewall or Routers that have this function.

Hardware devices are an excellent solution in the event that we have to protect a business network since the device will protect all the computers on the network and we can also perform all the configuration in a single point that will be the same firewall.

In addition, hardware firewalls tend to implement interesting functionalities such as CFS, offer SSL or VPN technologies, integrated antivirus, antispam, load control, etc.

The Bidirectional Firewall is the most common and the one used by home users at home.

The Bidirectional Firewall with Total Security Software is installed directly on the computers or servers that we want to protect and only protect the computer or server on which we have installed it. The functionalities that software firewalls usually provide are more limited than the previous ones, and also once the software is installed it will be consuming resources on our computer.