At the beginning…
When we talk about the Firewall, at first we think about a vast, flaming wall, or a string of fire. It is not a case, that this service was called just so. Firewall has the task of dropping an unwanted network traffic first of all. Specifically, it is about an ingoing and outgoing traffic from and to a host. Imagine a network in which all information are not filtered and between recipient and sender all information are able to flow. Basically, the network would be highly loaded and unsecured. The firewall should filter the traffic and pass only information that interests a recipient and drop unwanted information.
How does it work?
Usually, this is done by filtering of packages i.e., to verify their origin and destination. It is not difficult, because a lot of standard services have the unical port number (interface that are used for communication via a network). We can drop all traffic from and to host and privilege some standard services (e.g. mail (25, 110, 993, 995 etc); www (80, 445); ssh (22); telnet(25); databases (5432 on PSQL server); DNS(53)). Firewall is able to block every port, whether it is a TCP or UDP. There is a lot of applications for traffic network management. We can easily find something for our platform. The most popular firewalls are:
- Linux - IpTables, Shorewall
- Windows - Kerio, Zone Alarm
- MAC - DenyIP, SunShield
The firewall is a comprehensive service. Dropping traffic applications know more and more and evolve along with the needs of users for security. This is particularly evident in the case of a p2p traffic (e.g. torrent). Download manager applications used to work on specific ports not so long ago (e.g. Bittorent (TCP 6881-6889); DC++ (TCP/UDP 412 or 1412); Kazaa (1214)). It was enough to block specific range of ports in the firewall and we could get rid of the clogging of our network with high amount p2p traffic. Nowadays these applications use random ports and even are able to connect by the seemingly standard ports. In this case, traffic filter based on headers is very useful.
Traffic loggingFirewalls do other additional and useful things besides filtering. They also provide logs of whole or a partial of the network traffic. Firewall logs ports and services which your machine is connected and the amount of transmitted data. It is also essential when we recognize some undesirable traffic and we are not sure if we do not have any security holes.