One popular method of protecting your computer from external threats is a firewall. They are also called “firewalls”, firewalls or firewalls.
It allows you to protect against viruses, worms, Trojans and intruders. Firewalls can be software or hardware, and their main purpose is to control and filter network traffic.
To keep malware out, the firewall analyzes the structure and content of data packets. “Good” packets with no problematic elements are let through, while “bad” packets are blocked. If there is a serious threat, the firewall alerts the user.
How it works
Applications generate special data packets and such software needs dedicated ports to work. For example, browsers use port 80 for outgoing TCP connections and DNS server port 53. Skype receives and sends data on port 44583. If you close the port an application uses, it will stop working – Skype will not be able to send or receive any messages, including audio and video. Not only common applications use ports, but also malicious ones.
The firewall can customize the filter list by adding known threats to it. If the protection detects signs of a blacklisted malware in incoming traffic, the data is blocked. In addition, the firewall can compare incoming packets with safe packets. If the similarity level is high enough, the data is skipped. In this case the “whitelisting” rule works, when only data packets matching the benchmarks prescribed in the rules are allowed. The rest of the information is blocked.
Network firewalls are a strong security method. The Windows operating system comes with a built-in firewall, which Microsoft recommends that you never turn off. For the average user this protection is good enough, but if you want a higher level you will need a router.
How reliable is it?
Firewalls have varying degrees of protection. First, ask yourself “what do you need a firewall for? The highest level of security is required for those organizations that work with state secrets or valuable corporate data. In this case, a Class 1 firewall is appropriate. For most public institutions, including schools, universities, municipalities, a Class 5 complex will suffice.
Commercial organizations mostly use combined solutions. The main criteria for business – the cost of the system, its performance, the level of protection and the number of functions.
Small companies often use software solution, which is installed on one of the network computers and acts as a gateway. The advantage of such a solution is its low cost and simple implementation. The disadvantage is a weak level of security.
The most severe protection is used by large businesses. Most often it is a combination of equipment such as routers with proven software. Such a firewall can completely close the computer or their network from external threats. Firewalls are used by developers, information security specialists, and ordinary users.
Features of firewalls
Here are their main functions:
- Filtering access to unprotected services and services;
- Blocking external threats, such as attempts to obtain proprietary information from a protected subnet or introduce a malicious program;
- Controlling access to individual network elements;
- Logging of threats and security system activities;
- Alerts on threats, including attacks against the network or firewall.
Gartner, Inc. has come up with its own list of must-have features for any modern firewall, including standard features:
- Built-in intrusion prevention;
- The ability to record and monitor application specifics to quickly identify threats;
- An update system to keep up to date on new threats and respond to them promptly;
- Threat protection technology.
Modern firewalls are also equipped with additional features that can be useful in an organization – a company, an educational institution, a government agency. For example:
- Blocking resources with inappropriate content for any reason. These are entertainment sites and sites of the XXX category for companies and universities, resources with dangerous information for children, etc. Social networks are often blocked in companies so that employees are not distracted from their work.
- Making reports on the visits of various sites by one or another employee. The manager in this case understands which of the subordinates are working and which are just pretending.
- The distribution of traffic to individual users. If the traffic package is limited, it is possible to set a limit for each user – allocate a certain limit per day, week or month.
- User identification by SMS or any other method.
Disadvantages of firewalls
The main problem with this protection scheme is that the firewall cannot filter out data that cannot be recognized. The user can configure himself to handle these packets, they can be both blocked and allowed into the system. Data from SRTP, IPsec, SSH, TLS are among the packets that are usually not recognized by screens. They use cryptography to hide content. In addition, they are also protocols that encrypt application layer data (S/MIME and OpenPGP).
Despite this, firewalls are a fairly reliable method of protecting private or corporate information. They can prevent a cyberattack, detect and eliminate malware, or stop a company employee’s attempt to visit an unwanted site. It is not easy to understand the variety of firewalls, but the main thing here is to identify your own needs and choose the protection that meets them.