Problem solve Get help with specific problems with your technologies, process and projects.

How firewalls work

I apologize for the elementary level of this question, but I couldn't get a straight answer from anyone I asked. My question to you is this: I understand the basic principal behind a firewall. It verifies that information is coming from a secure source. But how does a firewall determine that information? Is there a configuration that is done by the network administrator? Is there a list that is setup prior that says, these IP addresses are allowed access to these servers? And if there is a list, then who is responsible for setting up the list? Any insight into this question and it's sub-questions, would be greatly appreciated.

First, you are still slightly confused about the basic principal. Firewalls do not verify that information is coming from a secure source. Firewalls enforce a set of rules that determine which information is allowed to pass.

There are two basic types of firewalls: packet-filters and proxy servers. Some other sources define more categories, but these are the basic two. Many commercial firewall products are hybrids of these two types.

A packet-filter firewall does just what the name implies. It blocks access through the firewall to any packets, which try to access ports which have been declared "off-limits." Some versions allow you to specify that only packets from specific IP address can pass particular ports. Others allow for all except specific IP addresses. But regardless of the method, they all are trying to block access based on some set of rules.

The proxy server (also known as "application gateway") type of firewall attempts to hide the configuration of the network behind the firewall by acting on behalf of that network, or as a "proxy." All requests for access are translated at the firewall so that all packets are sent to and from the firewall, rather than from the hosts behind the firewall. These firewalls also allow for various access control rules to be enforced. The major difference between these and packet filters, is that packet filters operate on individual packets, whereas the proxy servers must be aware of the entire session.

You will also hear the term "stateful inspection" with regard to firewalls. What this feature does is have the firewall remember what outgoing requests have been sent and only allow responses to those requests back through the firewall. This way, attempts to access the internal network that have not been requested by the internal network will be denied. Either type of firewall can use stateful inspection.

Regardless of which type of firewall, someone has to configure the firewall to make it work properly. The rules for access must be defined and entered into the firewall for enforcement. A security manager is usually responsible for the firewall configuration. How the particular policy is set that the rules are to enforce is an internal matter for the owner of the internal network.

The above is a greatly simplified introduction to firewalls. A good reference book to learn more would be Building Internet Firewalls, Second Edition by Elizabeth D. Zwicky, Simon Cooper and D. Brent Chapman (Published by O'Reilly & Associates; Second Edition June 2000; 894 Pages; ISBN 1-56592-871-7).
This was last published in May 2001

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.