3.5. Identifying the Purpose, Benefits, and Characteristics of Firewalls
Generally speaking, a firewall is a hardware/software service that prevents packets from flowing through an interface from one network to another unless they meet the criteria specified by the firewall. In this section, we will discuss the main reasons that you might use a firewall and the benefits that you receive from using firewalls. In addition, we will discuss the characteristics of firewalls and some considerations of which you should be aware.
3.5.1. Critical Information
You should know the purpose of using a firewall. In addition, you should understand the main benefits that an organization obtains by using firewalls. Finally, you should understand the characteristics of a firewall and special factors that an organization may need to consider when incorporating firewalls.
3.5.1.1. The Purpose of a Firewall
When you think about a firewall in today's environment, you probably think first about a device or a piece of software that is designed to keep the Internet out of your computer or your network. While this is true, it is not the only reason that organizations use firewalls.
An organization might use a firewall to keep valuable information from slipping out of the organization unnoticed. For example, a company might prevent all FTP traffic from leaving the network or leaving specific portions of the network. This would be done to prevent people on the inside from inadvertently or intentionally sending sensitive corporate files to other parties. In addition, an organization might use firewall filters to prevent specific types of traffic from flowing through its own subnets. This might be done to prevent users from playing games on the network or to prevent them from sharing music files, and so on.
Today's firewalls have become very sophisticated. Earlier firewalls worked primarily at layers 3 and 4 (the Network and Transport layers) of the OSI model and could filter traffic by IP address or by port numbers and protocols. Newer firewalls can also work at layer 7 (the Application layer) and can filter traffic based on the content of the message itself. In other words, a layer 7 firewall can be used to prevent documents that contain sensitive or inappropriate information from passing through an interface. This granular capability of filtering can be a great asset to an organization if the firewall is configured properly.
3.5.1.2. The Benefits of a Firewall
The main benefit of a firewall is that it allows you to control traffic into and out of computers and networks, thus increasing the security of the network and hiding the resources within it. An organization can use a corporate firewall to keep its network separated from other networks and from the Internet. A corporate firewall can provide a barrier that keeps attackers from accessing or changing a company's sensitive data. Users can utilize the Internet Connection Firewall (ICF) built into the Windows XP operating system to block unwanted traffic that was not filtered by the corporate firewall. Windows XP is the only client operating system that provides the ICF firewall. The ICF does not filter traffic going out of a Windows XP client computer, only traffic going in. Figure 3.8 shows the ICF settings on a Windows XP computer with Service Pack 2 installed. Using both the corporate firewall and the Internet Connection Firewall provides multiple layers of security.
Figure 3.8. The Internet Connection Firewall
3.5.1.3. Considerations when Using a Firewall
If you decide to use firewalls in your organization, you should be aware that some applications that require specific protocols may be blocked by the firewall. Most corporate firewalls are initially configured to block all traffic except for the specific protocols and IP addresses that are configured on the firewall. This means that if you or your firewall administrator miss a protocol in your configuration, then the application that was supposed to work through the firewall will instead fail. For example, you won't be able to use SSL unless you open port 443.
You should also know that there are many types of firewalls from which to choose. Some firewalls are hardware based, some software based, and some are a combination of the two. If you use multiple firewalls, you should realize that the filtering effect will be cumulative as the traffic flows through each of the firewalls. Using ICF on all of your clients will keep clients from being able to share resources on the client computer unless exceptions are configured in the firewall.
3.5.2. Exam Essentials
Understand the purpose of a firewall. The main purpose of a firewall is to filter traffic to and from a network or a computer. Firewalls can be used to filter traffic based on many different conditions, including IP addresses, protocols, ports, and even the data that the traffic contains. Most firewalls are used to protect a network or a computer from the Internet, but they can also be used to filter traffic going out of a computer or a network or to filter traffic between two subnets in the same organization.
Describe the benefits of using a firewall. The main benefit of using a firewall is that it allows you to filter traffic into and out of a network. This protects the network from attacks from the inside as well as from outside of the network. In addition, you should understand that multiple firewalls can provide a layered security that further enhances the effectiveness of firewall filtering.
Know the characteristics and considerations of using a firewall. There are many choices in regard to hardware- and software-based corporate firewalls. Windows XP clients include an Internet Connection Firewall (ICF) that can filter traffic going into a client computer. These fire-wall filters may keep some applications from functioning if the specific protocol for the application has not been allowed through the firewall. Using the ICF on all of your Windows XP clients will prevent the clients from sharing resources on their own computers unless special exceptions are configured in the firewall.