Back Note: This is only a draft. Some errors may still be in here and this is only as information about firewalls itself.

What Is a Firewall?

You could compare a firewall to a house made of only stone with no windows and no doors. That’s made to stop a fire, in the same way a firewall should stop unwanted traffic between 2 networks. The most common way to do this is to extempt the Lan from the extern network (Internet), or else the Lan will be a part of the Internet. A firewall has two extreme positions, Fully open or completely closed. If it is completely closed no one can get out and no one can come in. And the opposite if it is completely open. Everybody gets out and everybody gets in, as they want. That’s no security at all.
The secret is to open the firewall just right. So you let the traffic out that you want and not let anybody in that’s not wanted.
There are different types of firewalls both personal and bussines types but we will only go thrue the personal firewall. The simple way to keep your security up.
When installed, a firewall exists between your computer(s) and the Internet. The firewall lets you request web pages, download files, chat, etc. while making sure other people on the internet can not access services on your computer like file or print sharing. Some firewalls are pieces of software that run on your computer. Other firewalls are built into hardware and protect your whole network from attacks.
Everyone connected to the Internet should be running some sort of firewall. Programs can be downloaded on the Internet that can scan huge ranges of IP address for vulnerabilities like file sharing services. These programs are easy to download and run. Almost no network knowledge is needed to use these programs to exploit or harm your computer. Any kind of firewall will keep you safe from these types of attacks.

Software Firewall

Software firewalls are programs that run on your computer and nestle themselves between your network card software drivers and your operating system. They intercept attacks before your operating system can even acknowledge them. Many free firewalls of this type exist on the Internet.

Simple NAT firewall (network address translation)

The firewalls that are built into broadband routers and software like Microsoft ICS are very simple firewalls. They protect your LAN by not letting anyone figure out how to ‘directly’ talk to any of the computers on your LAN. This level of protection will keep out almost all kinds of hackers. Advanced hackers may be able to take advantage of certain inadequacies of NAT based firewalls, but they are few and far between.

Firewalls with stateful packet inspection

The new trend in home networking firewalls is called stateful packet inspection. This is an advanced form of firewall that examines each and every packet of data as it travels through the firewall. The firewall scans for problems in the packet that might be a symptom of a ‘denial of service’ (dos) attack or advanced attacks.
Most people are never subject to these types of attacks, but there are some areas of the Internet that invite these kinds of attacks. Most often, these attacks come from being involved in certain kinds of competitive on-line gaming or participating in questionable Irc channels.

Ok the how does it work?


Your computer is connected to the Internet thrue one of the physical ports on your computer, Modemport or Network card. Thrue that port a large amount of data streams while online. This stream of data is then filterd and rerouted to a large amount of virtual ports that your computer makes up.
These virtual ports sorts the correct data out and helps your computer figure out what data belongs to wich program. For the TCP/IP protocol there are about 65000 of those ports. Some of them you use regarly like 21 for FTP, 80 for websurfing and 6667 for IRC.
Ports are orginised in certain order. Those with numbers 1 – 1023 are known and their function is determind by and organisation called ICANN (The Internet Corporation for Assigned Names and Numbers). These funtions you cant decide for yourself. The same goes for ports 1024-49151 thats called registred ports. How ever you can decide functions for the dynamic or personal ports 49152 – 65535. A lot os ISP´s for example changes the port21 to one with a higher number (over 49152), the purpose is to higher the security.
The problem with the virtual ports when it comes to security is for example that you don’t controll wich ports are open and wich are closed and that the ports functions often is public knowledge. That in turn makes the problem that when you connect to get mail (port 110) someone “can” get in and open up ports higher up to retrive information about you, delete files or something in that order and you wont notice that unless…you use a FireWall :o)
The firewall keeps the ports closed unless you specify other. It will notify you when someone tries to open a closed port or connect to one that is closed.


What It Protects You From

There are many creative ways that unscrupulous people use to access or abuse unprotected computers:

Remote login:


When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer.

Application backdoors:

Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program.

SMTP session hijacking:

SMTP is the most common method of sending e-mail over the Internet. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users. Redirecting the e-mail through the SMTP server of an unsuspecting host, making the actual sender of the spam difficult to trace does this quite often.

Operating system bugs:

Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of.

Denial of service:

You have probably heard this phrase used in news reports on the attacks on major Web sites and maybe had it done to yourself here on IRC. This type of attack is nearly impossible to counter. What happens is that the hacker sends a request to the server to connect to it. When the server responds with an acknowledgement and tries to establish a session, it cannot find the system that made the request. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash.

E-mail bombs:

An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages. Macros: To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer.

Viruses:

Probably the most well-known threat is computer viruses. A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data. Redirect bombs: Hackers can use ICMP to change (redirect) the path information takes by sending it to a different router. This is one of the ways that a denial of service attack is set up.

Source routing:

In most cases, the routers along that path determine the path a packet travels over the Internet (or any other network). But the source providing the packet can arbitrarily specify the route that the packet should travel. Hackers sometimes take advantage of this to make information appear to come from a trusted source or even from inside the network! Most firewall products disable source routing by default.

Some of the items in the list above are hard, if not impossible, to filter using a firewall. While some firewalls offer virus protection, it is worth the investment to install anti-virus software on each computer.

Some good firewalls.