Protection tools: Firewalls [active & passive]
Firewall is a very colorful term however in real IT life it has very little to do with a strong image of a wall wrapped in a flaming inferno. The meaning of this IT concept is nothing fancy; in fact it`s a monotonous, relentless filter for the data ( packets ) that a computer exchanges with the Internet. Let us illustrate what a firewall does through a real-life analogy. Imagine a post-office worker who is assigned a tedious task of permitting mail for certain city addresses and denying everything else - everything that is not specifically allowed. In principle this job would constitute the vast majority of all firewalls out there in the world. Here`s what transpires: our postman looks at a letter which normally carries the addresses of a sender and a recipient. First he checks if the recipient is living on a street that is allowed to receive mail from the outside world and if the sender is banned to send mail to this particular street (or even the whole town), if it`s a "green light" our guy would then check if this very building is allowed to receive mail from this type of senders. If it`s cleared again our package goes through the city wall, or should we say: through the firewall.
Look at the example below which translates the common street address into the Internet language.
IP address is an analogy to a street address and the Port is analogy to a building carrying a designated function (it could be a police department, hospital, casino, post office, etc).
Aside from the most general properties the postman can also discriminate the delivery based on many other parameters such as
It is safe to say that almost everybody is using a firewall in the US these days. The most common example exists in every home with a broadband connection. It is a very basic firewall with two simple rules defined for each home-computer behind the firewall:
These days each Windows, Mac or Linux computer comes equipped with a Firewall that is activated by default.
These examples constitute the realm of Standard Firewalls (also called Passive). They are driven by a pre-written set of rules and have very modest capabilities to adjust in order to avert a crisis.
Active Firewalls provide much stronger security thus they are more sophisticated and expensive. They resemble an analytical division aka a group of FBI investigators rather than a postman who is not at liberty to introduce new rules on the fly or override the existing ones should an attack hit the computer (network). Active Firewalls are dynamic in nature because they
It is easy to see and appreciate all the good that a firewall brings in any scenario, be it a home computer or an E-commerce Web server. However before we end this article it must be mentioned (with much sadness) that firewalls have certain drawbacks:
At last, with regards to firewalls, we`d like to mention something that usually brings joy and relief to managers and some level of aggravation to office workers, especially fun loving office workers ;) Business firewalls are often used to limit potential distractions to employees. It`s a common practice to block Internet access to entertainment, chat websites and social networks such as YouTube.com , Google Talk , Facebook.com
On the grand scale of things firewalls are frequently used by a lot of countries in order to control spreading of unwanted information. On the small scale firewalls can be very efficient for the purposes of guarding a child from unwanted Internet content