Intruders can get inside a corporate network or a server with a website – and steal data, delete important information, or break something.
To prevent this from happening, you need a special protective tool. It is called a firewall. We will tell you what a firewall is, how it works, why it is needed and what it can be.
What Is A Firewall, And How Does It Work
Let’s figure out the terms first. Firewall, ME, firewall, firewall, firewall, firewall are all names for the same tool. The main task of the firewall is to protect against unauthorized access from the external network. For example, it can stand between the company’s network and the Internet and ensure that attackers do not enter a secure corporate network. Or it can protect only a single computer or device from access from the network (in this role, it is often called simply a firewall, not a firewall).
The firewall can be a separate program, or it can be part of an application. Many modern antivirus programs include ME as a component that protects the computer. Sometimes the ME is made in the form of a PAC (hardware and software complex, that is, “pieces of iron”).
For protection, the firewall monitors the parameters of the incoming and outgoing traffic. Classic firewalls, the so-called packet filters, evaluate traffic based on network layer parameters and decide whether or not to allow each IP packet based on its properties, for example:
- IP address and port of the source of the IP packet (host from which the packet came);
- IP address and port of the destination host of the IP packet (host from which the packet came);
- transport layer protocol (UDP, TCP, and so on);
- packet transmission time.
In addition, MEs can take into account the traffic context. For example, the ME is often configured so that traffic initiated from the external network is blocked. Still, if traffic from the external network responds to a request from the internal network, it will be allowed through.
Simplified firewall scheme
In addition to packet filters, which filter traffic based on the properties of IP packets, that is, at the network layer of the OSI model, the ME also includes:
- session-layer gateways, which filter traffic by checking the implementation of network connection rules in effect at the session layer of the OSI model;
- Application-level intermediaries, including the Web Application Firewall, consider the “meaning” of the transmitted traffic already in the context of the applications.
To date, It is not used as a stand-alone network protection tool. Since the advent of this technology, different approaches to traffic scanning have emerged, including DPI, IPS / IDS, anti-DDoS protection, streaming scan antiviruses, and others. But filtering by parameters of network layer traffic has been an important basic level of network protection, a kind of “intercom” in the world of corporate networks.