| | | | A hardware or software-based device used to protect a computer or network from access by unauthorised users. The term is derived from i) the firewalls used in building construction to stop the spread of fire by isolating parts of a building at critical points ii) the practice of firefighters of clearing part of a building or forest to remove combustible materials creating a barrier. An example of hardware incorporating a firewall is a modern router (firewalls work in close conjunction with router software) - there are also stand alone firewall devices. Software firewalls are available on a buy-then-subscribe basis, where the software is initially purchased with free security updates included for a year (typically). This is then often followed by a paid subscription structure, to be eligible for further updates as and when they are released. They are sometimes also offered as freeware in the form of a "lite" version of the subscription package. All traffic into and out of the network must flow through the firewall. Data packets are inspected to determine whether they are to be allowed or not - the rules determining which data packets are allowed through the firewall and which are denied access are set during the configuration of the firewall. A number of different methods are used to determine what happens to a data packet and these have evolved over time as firewalls have become more sophisticated (partly driven by the need to cope with increasingly sophisticated hackers!), as follows. Packet filters look at each data packet and it's contents in isolation and independently of the data stream it is a part of. Stateful filtering not only looks at the packet contents but also, by maintaining records of all connections, is able to compare the packet with those from known and/or trusted sources and in addition to determine whether it is part of an existing data stream or a new connection. Application layer filtering was the third major development - also known as proxy filtering - and the most sophisticated because it can recognise protocols and the way they are used and detect irregularities and suspicious activity (up to a point). Ultimately however, any firewall is only as effective as the way it has been configured. A badly configured firewall can be more or less useless, with many users failing to fully grasp how to set up the filters and opting for the "default allow" set of rules which greatly diminishes the effectiveness of the device. | | | |
|
