Provided by HP

A firewall refers to several types of hardware and software, and involves multiple different technical approaches. Firewalls are available for both business and home use, as freeware, and are even built into most standard operating systems.

What Is a Firewall?

A firewall is simply a gatekeeper between different zones of trust. Systems inside an organization have a high degree of trustworthiness. External partners, suppliers, and customers exist in different zones of lower trust. And, of course, the least trusted zone is the "untamed frontier" of the Internet. Connecting to any outside systems means risking exposure to viruses, hackers, and a multitude of other threats. The firewall is the first line of defense against these threats.

A company's firewall enforces defined security policies regarding whether, how, and which computers and networks can communicate with their internal systems. When a firewall is installed on a network or computer, all data sent to and from it is monitored and compared with a set of user-defined security criteria. Any traffic that doesn't meet those rules is blocked. The personal firewall software on a PC erects a similar barrier around that computer's resources.

Filters
Administrators can configure firewalls to filter content based on:

• IP Address–Firewalls can block traffic based on a machine's unique IP address. For instance, it can ignore requests from a computer that attempts several incorrect logins.

• Protocol–Policies can define whether and how different types of network communications are handled. They can, for example, block all telnet requests originating from the outside. 

• Domain Name–Filtering out requests for ESPN.com or eBay data could help discourage leisure and private Web surfing while on the job.

• Keywords–Similarly, some firewalls can filter out content that contains specific words and phrases.

• Ports–Rules tighten access to server ports.

Firewall Approaches
Most firewalls employ one or more of the following methods to enforce security policies:

• Packet Filtering – Examines packet attributes such as originating IP address or destination service to screen out all traffic that doesn't conform to the rules.

• Application Layer Gateways – Also known as proxy servers, these act as middlemen between internal client machines and external systems. They pass authorized packets along while shielding clients from unauthorized traffic. Proxies are often specific to a network service (HTTP, FTP, telnet).

• Stateful Inspection – This approach examines packet contents and makes decisions based on its context. It uses a table of connection states and knowledge of how types of communication typically operate to differentiate authorized from unauthorized traffic. For example, it could block a mysterious application from opening an FTP connection, thus preventing a hidden keystroke logger program from "phoning home" with its purloined information. 

Limitations
A firewall, however, is only as strong as the security policies it enforces.

And like door locks, a firewall is a necessary first step in protecting your network, but it's no cure-all. A determined attacker can find ways around it, and it does nothing to protect against attacks and mistakes that originate inside its perimeter.

For higher security, firewalls should be used in conjunction with anti-virus software, spyware scanning software, intrusion detection systems, and other safeguards. Most commercial firewall products are available as part of an integrated suite of security software.

© 2007 Hewlett-Packard Development Company, LP

The HP Small Business Connection brings together products, services, and solutions designed with your business in mind.