09-03-2012, 01:46 PM
The basics of a firewall
[attachment=18140]
What is a firewall? :-
A firewall may be a standalone system,a software application or a hardware device that blocks/permits traffic,prevents unauthorized users or malicious traffic from accessing a network or a system.It acts as a barrier or a membrane between two or more networks.
The primary job of a firewall is to secure the inside network from the outside[it can be another network or more often the internet].Depending upon the policies or access control lists configured in the firewall,it can monitor inbound/outbound traffic & plus more.
Do I need a firewall? :-
Thats the question you should be asking yourself.With anyone who had been using a firewall with logging capabilities knows the amount of port scans you get on a day to day basis.Thus there is a need to block inbound traffic.The general tendency among home users with a single host or a small network is to use a software firewall on each host.One thing to consider here is if you are well versed with what goes at the OS level then you certainly dont need a separate freeware/commercial firewall,the windows firewall very well does the job for you.Oh yes I know it monitors inbound connections & not outbound but the fact remains if you have a knowledge of program control at the host then why do you need a separate firewall other than the windows firewall? After all its your computer/s,you should be knowing what is running & accessing the internet.
Does having a firewall make me secure?
The answer is "no".Apart from having a well configured firewall the hosts in a network also need a equivalent & frequently updated anti-virus.Some NAT routers based firewalls also provide anti-virus scanning capabilities but that is like expecting too much of them.A standalone anti-virus application is designed for a single purpose only
Proper Implementation :
Just placing the firewall without making full use of it doesnt serve its purpose very well.Deciding on what rules need to set for a single host or a network of computers,proper screening of the inbound/outbound policies is needed.Blocking all traffic through the firewall & then allowing traffic which is required as per the policies is considered to be a best practice.This implies for a application level firewall too.