Firewalls Explained

If you’ve been using computers for a while then you’ve no doubt heard the term firewall mentioned. Unfortunately, many people don’t actually understand what one is. Upon questioning, you’ll hear words like security mentioned, along with protection from hackers, attacks, denial of service (DoS) attacks and viruses. But you might not be given any idea of how a firewall provides any such protection or what it actually does.

So here’s an analogy to give an explanation of what a firewall actually does for you. Imagine your server like an office, it has a fixed address but many doors, and each door is used for a different service. These doors are equivalent to ports on your server, traffic to your server is tagged with the destination port that it is intended for, and by convention, services run on their specific ports such as port 80 for web traffic, 443 for secure web traffic, 25 for SMTP email, 143 for IMAP email, and the list goes on for a fair while. The firewall is effectively like having a bouncer on each of the office doors deciding whether each person is allowed in or out or not.

Now there are three main types of firewall you’ll come across. For the majority of people running a server, the software firewall will be the first kind you’ll come across. Generally that’s iptables in Linux and Windows Firewall in Windows.

Next, you have integrated firewalls, the sort of thing that comes in a router or other multifunctional network device. Most people will have one of these in their home broadband router.

Finally, you have dedicated hardware firewalls; devices for which firewall is their primary purpose.

The main differences between hardware and software firewalls are that standalone hardware firewalls can tend to be harder to configure, but offer greater flexibility in configuration. Integrated firewalls can go one of two ways, some can be somewhat inflexible with simple configuration, others can provide similar feature sets to a full hardware firewall. Software firewalls, again, can offer ranges of flexibility and they are variously difficult to configure, but their main downside is that, as the work of the firewall is performed by the CPU, then with a high traffic server you can find CPU loads becoming too high for the server to keep up with. In this instance, a hardware firewall may be preferable as it takes the load of handling incoming network connections away from your server.

Pretty much all firewalls allow you to block or allow traffic in or out of your server. Most allow you to create rules that define whether traffic should be allowed or not based on certain parameters.  The standard parameters are destination IP address, source IP address, destination port, source port and transmission protocol. More flexible firewalls allow you to pick from more parameters to define the required rules. This means that, in most cases, you can tailor your firewall to fit your exact requirements.

So how does a firewall help protect you from bad things on the internet? A properly configured firewall should minimise the number of services available for a hacker to try to exploit, reducing the attacks that the server could be vulnerable to. It can block unwanted traffic intended to overload services on the server in a denial of service attack. Finally, a firewall external to the server can be used to block outbound traffic that may allow viruses and trojans to call home or spread, though beyond defending against hackers placing viruses on the server it won’t help much against an initial infection. Unfortunately many modern denial of service attacks leverage a lot of servers directing huge amounts of traffic to the target server, so rather than overloading specific services on a server in an attempt to crash them, they saturate the network links to the server. This means that, regardless of the firewall, legitimate traffic would be unable to reach the server so it adds no protection in those scenarios.

Whilst not a magic bullet in terms of security for your server, a firewall is a very important tool for staying secure.