|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|
|
|
Mailing List
|
|
By Joining the mailing list you will be notified of site updates.
|
|
_______________
Show Your Support For
This Site By Donating:
_______________
|
|
|
Server Time:
3:01 AM
This Server Runs:
Red Hat Enterprise Linux 4
Kernel 2.6.9-42.0.2.EL #1
Apache 1.3.36 (Unix)
PHP 4.4.2
Perl 5.8.5
cPanel 10.8.2-STABLE 120
|
_______________
|
|
|
|
|
|
Questions? Call Our Office Today 941-306-3031
|
Audience: Newbies - Self Learners
Last Updated: 10/8/04 7:38 PM
Original Creation Date: 6/14/03 1:51 AM
**All times are EST**
|
|
Firewalls
By Erik Rodriguez
This article describes two different types of firewalls. Configuration and implementation are also discussed.
What is a Firewall?
A firewall is a system designed to prevent unauthorized access to or from a private network. Firewalls are now widely used because of the vast amount of broadband connections present. They provide a first line of defense for your computer or network. If it succeeds in keeping the bad guys out, while still letting you happily use your network, it's a good firewall¹. Every corporate network has at least one firewall in use. Firewalls come in all shapes and sizes. Most computers are shipped from the factory with some type of firewall software or may use the default firewall built into XP.
Types of Firewalls
There are two main types of firewalls: hardware and software. High Level Hardware firewalls are very expensive and are not practical for the home user. However,
low-end routers that perform NAT act as a hardware firewall. Cheaper broadband routers such as Linksys, Belkin, D-Link, etc provide this functionality. In a corporate environment, very expensive devices such as the Cisco PIX, Symantec firewall, and Sonicwall are commonly used hardware solutions. Hardware firewalls are better solutions for networks with a large amount of clients.
Software firewalls are practical for home users because they are nothing more than a program that runs with your operating system. These programs are usually
inexpensive, free, or come built into the operating system. They are many different types of firewalls available with many different options.
Hardware vs. Software
Generally speaking, hardware firewalls perform better than software firewalls for several reasons. First, a hardware firewall is "dedicated" to inspecting traffic.
Unlike a software firewall, it does not compete for CPU time or RAM. The main downside to a hardware solution is cost and configuration. High-end devices like Cisco's PIX firewall can be tricky to configure. Software firewalls are easy to install and generally easy to configure. If you are on a network with other clients that you do not know, such as a dorm or apartment with shared Internet access, a software firewall is a must! Remember that if your router performs NAT, it only protects you from Internet traffic. You are still vulnerable to attacks from within your LAN. Hackers often target routers to gain access to other devices or machines on a network.
Examples
Let us say Susan has a DSL connection at home. From there she does her banking, stock trading, and other private communication. A firewall is important because it would block connection attempts by a hacker. If a hacker has Susan's IP address, he can establish a remote connection. If a successful connection is made, it is possible for that hacker to intercept passwords or other data that endangers Susan's online identity. Are you wondering if a firewall is for you? I'd say "Better Safe Than Sorry." You wouldn't want to own a store in a dangerous neighborhood without a burglar alarm. Below are diagrams of how a firewalls can be deployed in a network:
Simple NAT Firewall
Legend
The diagram above illustrates the firewall protection provided by NAT. While 3 machines are attached to the router, the Internet/WAN link thinks only 1 device is present. This protects all 3 machines by limiting access to IP addresses and ports from the Internet/WAN connection. For more details on this see the article on NAT.
Dedicated Firewall Device
The diagram above illustrates how a dedicated firewall device is used. Notice that the firewall protects the router, servers, and network users. This is a common approach used when are large number of users need to access the Internet. NAT is not meant for large networks. Using a dedicated firewall device in a high-traffic environment does not negatively impact network performance like a software firewall or low-end NAT device.
¹ Zwicky, Elizabeth; Cooper, Simon; Chapman, Derek. Building Internet Firewalls. Sebastopol, CA: O' Reilly, 2000.
Comments, Questions, Problems?
Use the form below to send the author your thoughts. Your e-mail address is optional, but required if you would like a response.
|
|
|
|
|
