Firewalls are built into many networking systems nowadays. You’re probably already using at least one firewall within your computer’s operating system, or your Internet router. Or perhaps your organization’s network traffic is filtered through a firewall.
They’re standard issue today because firewalls are essential to your online security, and many organizations use them to control Internet use on their machines.
Have you ever wondered exactly how they work? For example, how does your company or school prevent you from spending time on social media? And how do countries block websites and services? Let’s find out.
A firewall is a program or hardware device that creates a safety barrier between the Internet and your computer or network.
Actually, it’s more like a filter. A firewall only blocks the programs, data and connections that a network admin tells it to. Safe data, like this web page, is allowed through. Malicious connections, and access to harmful or censored websites are dropped or rejected.
Firewalls filter data according to rules
Firewalls filter data and connections according to rules set by a network administrator. These rules can be based on lots of different attributes of the traffic that is being controlled.
For example, network admins could set filters for incoming or outgoing traffic on your network based on:
Domain name – Particularly useful if a network admin wants to stop users accessing specific websites. For example, if a network admin wanted to prevent your office staff from using social media, he or she could simply block all traffic from “facebook.com,” “twitter.com” and so on.
Protocols/Ports –Different kinds of data use different protocols, like HTTP (web), FTP (file transfer) or SMTP (email). Since hackers often try to access networks on unused protocols like Telnet or FTP, protecting them on all or specific computers can enhance security. Firewalls can also filter Internet traffic through identifying ports, which are tied to specific protocols. Common port numbers include 80 (the web) and 25 (SMTP email), but the range goes all the way up to 65535. Closing unused ports can help prevent unwanted incoming connections.
Rules can also be set based on IP, specific phrases and more, depending on the firewall’s capabilities.
How firewalls filter traffic
A firewall compares rules like the ones above against the data it handles. That means it has to inspect all incoming and outgoing data at the gateway it protects. The gateway might be your computer or your home or business router, depending on where the firewall is installed.
The methods firewalls use to inspect data have evolved quite a bit over the past few decades.
Packet filtering – The first firewalls were also known as “packet filters.” All data transmitted over the Internet is split into small packets, each of which includes information such as the IP address it came from. Packet filtering inspects each of these packets as it’s received, and compares it with the kind of rules we described above. Packets that don’t fit the rules are dropped or rejected.
Stateful inspection – The next generation of firewalls (circa 1990) began to keep track not only of individual packets, but the state of the network connections that packets travel across. Once a stateful firewall has identified that a connection session has started, it can check packets belonging to that session much more efficiently.
Application-layer filtering – Application-layer firewalls go a step further by controlling network traffic for specific applications. Rather than treating all packets within a certain protocol (like HTTP) the same way, application-layer firewalls can see which application data belongs to. One benefit of this is the ability to stop the spread of known viruses over the network. Another is to prevent certain kinds of application being used on the network, such as peer-to-peer file sharing.
Firewalls really have a lot of work to do!
Hopefully, you’re now equipped you with a better understanding of how network admins at your company, school, or even country use firewalls to filter traffic.