The Most Popular Questions and Answers for Firewalls?

Normally, there are always a few questions on firewalls that are very important but many persons may not know. Now, I’d like to share some popular questions and their answers step by step aiming to help those confused users.

What is a firewall?

What is the Difference between firewall and distributed firewall?

How do you get pass the firewall if need?

What are basic functions of Firewalls?

How to configuration firewalls?

1.       What is a firewall?

A firewall is system or group of system (router, proxy, or gateway) that implements a set of security rules to enforce access control between two networks to protect "inside" network from "outside" network. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network's firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external (inter)network, such as the Internet, that is not assumed to be secure and trusted.

Which is worthy of noticing is that application of firewalls must have at least two network interfaces, one for the network which is intended to protect, and one for the network which is exposed to. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet.

2.       What is the Difference between firewall and distributed firewall?

This question will be clear after we know what distributed firewall is. Generally speaking, distributed firewalls are host-resident security software applications that protect the enterprise network's servers and end-user machines against unwanted intrusion. They offer the advantage of filtering traffic from both the Internet and the internal network. This enables them to prevent hacking attacks that originate from both the Internet and the internal network. This is important because the most costly and destructive attacks still originate from within the organization. They are like personal firewalls except they offer several important advantages like central management, logging, and in some cases, access-control granularity. These features are necessary to implement corporate security policies in larger enterprises. Policies can be defined and pushed out on an enterprise-wide basis.

There are a few advantages with distributed firewall:

1)       The most obvious is that there is no longer a single chokepoint. Thus, throughput is no longer limited by the speed of the firewall; in many cases, however, that redundancy is purchased only at the expense of an elaborate (and possibly insecure) firewall-to-firewall protocol.

2)       With a distributed firewall, all machines have some rule concerning port 25. The mail gateway permits anyone to connect to that port; other internal machines, however, permit contact only from the mail gateway, as identified by its certificate. Note how much stronger this protection is: even a subverted internal host cannot exploit possible mailer bugs on the protected machines.

3)       It is more subtle. Today's firewalls don't have certain knowledge of what a host intends. Instead, the distributed firewalls with the sending host, however, know. Relying on the host to make the appropriate decision is therefore more secure.

4)       Distributed firewall is clearer when it comes to protocols such as FTP. Today's firewalls--even the stateful packet filters--generally use an application-level gateway to handle such commands. With a distributed firewall, the host itself knows when it is listening for a particular data connection, and can reject random probes.

5)       The most important advantage, though, is that distributed firewalls can protect hosts that are not within a topological boundary. There is no protection whatsoever when the tunnel is not set up. By contrast, a distributed firewall protects the machine all of the time, regardless of whether or not a tunnel is set up. Corporate packets, authenticated by IPSEC, are granted more privileges; packets from random Internet hosts can be rejected. And no triangle routing is needed.

3.       How do you get pass the firewall if need?

If you need to bypass a firewall in order to allow access for certain peer to peer networking or gaming software, you will need to allow those sites and the ports they are accessed through in the firewall software itself. Depending on the program in use, you would look in the options or preferences for instructions on how to allow those sites and ports.

A firewall shouldn’t stop MySpace. That’s just port 80. You are probably dealing with some sort software on the proxy (or router but less likely) that is stopping the site. There are many sites on the web that allow you to get around these:

http://www.freeproxy.ru/en/free_proxy/cgi-proxy.htm… is a site with a list of free sites that can do that.

4.       What are basic functionsof Firewalls?

Firewalls primarily provide access control for connections between networks. Usually this will be the connection between a corporate network and the Internet. For our security purposes we classify networks at here:

1 Trusted: this is usually the corporate LAN. It is assumed that all PCs and servers in the LAN are under your administrative control. If users are able to change their IP address and install software at their will.

2 Untrusted: the Public Internet, the Firewall's WAN interface;

3 Partially trusted: the Firewall's DMZ interface. These are machines under our control, but freely accessible from the Internet. These are not fully trusted because it is assumed that being accessible they will be compromised or hacked at some time.

The LAN is allowed to access the WAN and DMZ which is allowed to access the WAN on certain ports for certain services determined according to your security policies. Services not explicitly allowed are blocked. And the WAN is allowed to access the WAN and DMZ on certain ports for certain services. (For example a Mail server in the DMZ may be allowed to access a few DNS servers on port 53 only; also it would be allowed outgoing access to any SMTP server on port 25. Incoming access would be on POP3, port 110. )

A setup as described above provides

1) Excellent security from external threat

2) Control the connections that LAN pcs are allowed out to the WAN

3) Proper utilization of expensive bandwidth

4) Full speed access to internal and external resources

As for “How to configuration firewalls?” please read at: http://goodrouterswitch.blogspot.com/2012/07/basic-steps-of-configurating-cisco-asa.html
 And more information on Cisco Firewalls' average price at:  http://www.router-switch.com/cisco-asa-5500-series-firewalls-documents-pdc-10.html