Defining a Firewall

A firewall is a piece of software or hardware that filters all network traffic between your computer, home network, or company network and the Internet. It is our position that everyone who uses the Internet needs some kind of firewall protection. This chapter tells you what a firewall does and sets down the basic questions that you should ask as you are evaluating specific firewalls.

Not too long ago, only construction workers and architects asked the question, “Why do we need a firewall?” Before the term firewall was used for a component of a computer network, it described a wall that was designed to contain a fire. A brick and mortar firewall is designed to contain a fire in one part of a building and thus prevent it from spreading to another part of the building. Any fire that may erupt inside a building stops at the firewall and won’t spread to other parts of the building.

A firewall in a computer network performs a role that is very similar to that of a firewall in a building. Just as a firewall made out of concrete protects one part of a building, a firewall in a network ensures that if something bad happens on one side of the firewall, computers on the other side won’t be affected. Unlike a building firewall, which protects against a very specific threat (fire), a network firewall has to protect against many different kinds of threats. You read about these threats in the papers almost every day: viruses, worms, denial-of-service (DoS) attacks, hacking, and break-ins. Attacks with names like SQL Slammer, Code Red, and NIMDA have even appeared on the evening news. Unless you haven’t read a newspaper or watched the news in the last year, you surely have heard at least one of these terms. It’s no secret: they are out there, and they are out to get us. Often we don’t know who they are, but we do know where possible intruders are and where we don’t want them to penetrate. Hackers are roaming the wide expanses of the Internet, just like the outlaws of the Old West roamed the prairies, and we don’t want them to enter our network and roam among the computers in it.

You know that you need to protect your network from these outlaws, and one of the most efficient methods of protecting your network is to install a firewall. By default, any good firewall prevents network traffic from passing between the Internet and your internal network. “Wait a second,” you may be thinking. “I just spent a lot of time, effort, and money to get my network connected to the Internet so that I can send e-mail to business partners, look at my competitor’s Web site, keep up-to-date on sports scores, and check the latest fashion trends. And now you’re telling me that a firewall blocks network traffic. How does this make sense?”

The answer is easy. Keep in mind that separating the Internet from your internal network traffic is the default behavior of most firewalls. However, the first thing that you will probably do after installing the firewall is to change the defaults to allow selected traffic network through the firewall.
This is no different from a building inspector who allows fire doors in a physical firewall. These doors are designed to provide an opening while still guaranteeing safety for all occupants. When you configure a firewall, you create some controlled openings that don’t compromise your network’s safety but that allow selected network traffic to pass through.

As you are designing your protection against attacks from the Internet, never rely on a single form of protection for your network. Doing so can give you a false sense of security. For example, even if you completely disconnect your network from the Internet to prevent a computer virus from entering your network, an employee can still bring to work a floppy disk that has been infected with a virus and inadvertently infect computers in your network.