Firewall (computer)

Scheme where a firewall would be located in a computer network.

An example of a user interface for a firewall in Ubuntu

In computing, a firewall (from the original English term firewall) is the part of a computer system or computer network that is designed to block unauthorized access, while allowing authorized communications.

Firewalls can be implemented in hardware or software, or a combination of both. Firewalls are often used to prevent other unauthorized Internet users from accessing private networks connected to the Internet. These often act as an inspection body that verifies the connections that are established between a network and a local computer. A firewall regulates, therefore, the communication between the two to protect the computer against malicious programs or other Internet dangers. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria. It is also common to connect the firewall to a third network, called demilitarized zone or DMZ, where the organization's servers are located, which must remain accessible from the external network< i>.

A properly configured firewall adds necessary protection to the network, but should by no means be considered sufficient. Computer security covers more areas and more levels of work and protection against viruses, malware, among other threats.

Firewall History

The English term firewall originally meant a firewall, that is, a wall to confine a fire or potential fire hazard in a building. Later it was used to refer to similar metal structures that separated the engine compartment of a vehicle or aircraft from the passenger compartment or cabin.^{[citation needed]} In the area In computer networks, the term began to be used in the late 1980s, when the Internet was still a fairly new technology in terms of its use and connectivity on a global level.^{[citation needed]} The predecessors of computer firewalls were the routers used in the late 1980s, as these kept different computer networks separate from each other, preventing problems from spreading from one to the other. others. The view of the Internet as a relatively small community of users with compatible machines, which valued a willingness to share and collaborate, ended with a series of major Internet security breaches that occurred in the late 1980s:

• Clifford Stoll, who discovered how to manipulate the German spy system.
• Bill Cheswick, when he installed a simple electronic jail in 1992 to watch an attacker.
• In 1988, an employee of the NASA Ames Research Center in California sent a note by e-mail to his colleagues saying:

  "We are under the attack of an Internet virus! It has arrived at Berkeley, UC San Diego, Lawrence Livermore, Stanford and NASA Ames."

• The Gusano Morris, which spread through multiple vulnerabilities in the machines of the time. Although it was not malicious, the Morris worm was the first large-scale attack on Internet security; the network was neither expected nor prepared to cope with its attack.

First generation – network firewalls: packet filtering

The first published document for firewall technology dates back to 1988, when the Digital Equipment Corporation (DEC) team of engineers developed filter systems known as packet-filtering firewalls. This fairly basic system was the first generation of what would become a more technical and evolved feature of Internet security. At AT&T Bell, Bill Cheswick and Steve Bellovin continued their research in packet filtering and developed a working model for their own company, based on their original first-generation architecture.

Packet filtering works by inspecting packets (which represent the basic unit of data transfer between computers on the Internet). If a packet matches the filter's rule set, the packet will either be dropped (silently dropped) or dropped (dropped and an error response sent to the sender). This type of packet filtering does not pay attention to whether the packet is part of an existing stream of traffic. Instead, each packet is filtered based solely on the information contained in the packet itself (usually using a combination of the packet's sender and destination address, its protocol, and, in TCP and UDP traffic, the number). number). The TCP and UDP protocols comprise the majority of communication over the Internet, using by convention well-known ports for certain types of traffic, so a packet filter can distinguish between the two types of traffic (either web browsing, remote printing, sending and receiving email, file transfer…); unless the hosts on either side of the packet filter are simultaneously using the same non-standard ports.

Filtering packets performed by a firewall works at the first three layers of the OSI reference model, which means that all the work is done between the network and physical layers. When the sender originates a packet and is filtered by the firewall, the latter checks the packet filtering rules that it has configured, accepting or rejecting the packet accordingly. When the packet passes through a firewall, the firewall filters the packet using a protocol and a base port number (GSS). For example, if there is a rule in the firewall to block telnet access, it will block the TCP protocol for port number 23.

Second generation – stateful firewalls

During 1989 and 1990, three colleagues at AT&T Bell Laboratories, Dave Presetto, Janardan Sharma, and Nigam Kshitij, developed the second generation of firewalls. This second generation of firewalls also takes into account the placement of each individual packet within a series of packets. This technology is generally known as stateful packet inspection, as it keeps records of all connections that pass through the firewall, being able to determine if a packet indicates the start of a new connection, is part of an existing connection, or it is a wrong package. These types of firewalls can help prevent attacks against ongoing connections or certain denial of service attacks.

Third generation — application firewall

They are those that act on the application layer of the OSI Model. The key to an application firewall is that it can understand certain applications and protocols (for example: file transfer protocol, DNS or web browsing), and allows it to detect if an unwanted protocol slipped through a non-standard port or if a protocol is being abused in a detrimental way.

An application firewall is much more secure and reliable when compared to a packet filtering firewall, since it impacts all seven layers of the OSI reference model. In essence it is similar to a packet filtering firewall, with the difference that we can also filter the content of the packet. The best example of an application firewall is ISA (Internet Security and Acceleration).

An application firewall can filter higher-layer protocols such as FTP, TELNET, DNS, DHCP, HTTP, TCP, UDP, and TFTP (GSS). For example, if an organization wants to block all information related to a particular word, content filtering can be enabled to block that particular word. However, application firewalls are slower than stateful ones.

Later Events

In 1992, Bob Braden and Annette DeSchon, from the University of Southern California (USC), shaped the concept of firewalls. His product, known as "Visas", was the first system with a graphical interface with colors and icons, easily implementable and compatible with operating systems such as Microsoft Windows or Apple MacOS.^{[ citation needed]} In 1994, an Israeli company called Check Point Software Technologies patented it as software naming it FireWall-1.

Existing deep packet inspection functionality in existing firewalls can be shared by intrusion prevention systems (IPS).

Currently, the Middlebox Communication Working Group of the Internet Engineering Task Force (IETF) is working on the standardization of protocols for firewall management.^{[citation needed]}

Another of the development axes consists of integrating the identity of the users within the set of firewall rules. Some firewalls provide features such as matching user identities to IP or MAC addresses. Others, such as the NuFW firewall, provide real identification features by requiring the user's signature for each connection.^{[citation required]}

Types of firewalls

Gateway Application Layer

Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very efficient, but can impose performance degradation.

Circuit at catwalk level

Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further control. Allows the establishment of a session originating from a higher security area to a lower security area.

Network layer or packet filtering firewalls

It works at the network level (layer 3 of the OSI Model, layer 2 of the TCP/IP protocol stack) as an IP packet filter. At this level, filters can be made according to the different fields of the IP packets: source IP address, destination IP address. Often in this type of firewall, filtering is allowed according to transport level fields (layer 3 TCP/IP, layer 4 OSI model), such as the source and destination port, or at the data link level (it does not exist in TCP/IP, layer 2 OSI model) as the MAC address.

Application Layer Firewall

It works at the application level (layer 7 of the OSI Model), so that the filters can be adapted to the characteristics of the protocols at this level. For example, if it is HTTP traffic, you can filter according to the URL you are trying to access, and you can even apply rules based on the values of the parameters that appear in a web form.

A firewall at level 7 of HTTP traffic is often called a proxy, and allows computers in an organization to access the Internet in a controlled manner. A proxy effectively hides the true network addresses.

Personal Firewall

It is a particular case of firewalls that are installed as software on a computer, filtering communications between said computer and the rest of the network. Therefore, it is used personally.

Network Address Translation (NAT)

Firewalls often have Network Address Translation (NAT) functionality, and hosts protected behind a firewall have many addresses in the "private address range," as defined in RFC 1918. Firewalls often have this functionality to hide the true address of the computer connected to the network. Originally, the NAT feature was developed to address the limited number of IPv4 routable addresses that could be used or assigned to businesses or individuals, as well as to reduce both the amount and cost of obtaining enough public addresses for each computer in an organization. Although NAT by itself is not considered a security feature, hiding the addresses of protected devices has become a frequently used defense against network reconnaissance.

Features

• Firewall policies: suspends the connection requests that do not come from the same network or system, and hides the internal resources behind an IP.
• Content filter: identifies the contents that can give problems, always having the user's word as a final decision.
• Antimalware Services: Some firewalls can also detect viruses and prevent their expansion. These are a hybrid between a firewall and an antivirus. They're not classic firewalls.
• DPI services: procedures Deep Package Inspection They add a second protection to the system, comprehensively reviewing the information packages received.

Advantages of a firewall

Blocks access to equipment and/or applications. Allows you to control and restrict communications between the parties.

Limitations of a firewall

The limitations are derived from the very definition of the firewall: traffic filter. Any type of computer attack that uses traffic accepted by the firewall (by using explicitly open TCP ports, for example) or that simply does not use the network will still constitute a threat. The following list shows some of these risks:

• A firewall cannot protect against those attacks whose traffic does not pass through it.
• Firewall cannot protect from threats to which it is subjected by internal attacks or negligent users. Firewalls cannot prohibit corporate spies from copying sensitive data into physical storage media (discs, memories, etc.) and removing them from the building.
• Firewall cannot protect against social engineering attacks.
• Firewall cannot protect against possible attacks on the internal network by computer viruses through files and software. The real solution is that the organization should be aware of installing anti-virus software on each machine to protect itself from viruses coming through any storage medium or other source.
• Firewall does not protect from the security flaws of the services and protocols whose traffic is permitted. You have to set up correctly and take care of the security of the services posted on the Internet.

Firewall policies

There are two basic policies in configuring a firewall that radically change the fundamental philosophy of security in the organization:

• Restrictive policy: All traffic is denied except that which is explicitly permitted. The firewall obstructs all traffic and the traffic of the services needed must be expressly enabled. This approach is often used by government companies and agencies.
• Permissive policy: All traffic is allowed except that which is explicitly denied. Each potentially dangerous service will need to be isolated basically case by case, while the rest of the traffic will not be filtered. This approach is often used by universities, research centres and public Internet access services.

The restrictive policy is the safest, since it is more difficult to allow potentially dangerous traffic by mistake, while in the permissive policy it is possible that some dangerous traffic has not been contemplated and is allowed