Firewalls Explained

A firewall basically acts as a security gaurd which gaurds the network and keeps a check on incoming and outgoing data packet. Firewall can also be described as a data filter that allows only selected data packets to pass through from internet to your computer. Most personal firewalls like Windows Firewall work  a set of pre-configured rules that are most suitable under normal circumstances so that the user need not worry much about configuring the firewall. Firewalls can be classified into 3 types:


1.Packet Filter Firewalls
2.Application Proxy Firewalls
3.Packet Inspection Firewalls


Packet Filter Firewalls
They are the earliest type of firewall, and nowadays they are not used. They are router-based firewalls. Whenever this firewall receives a request to pass through, it compares the source and destination IP address and port numbers with a pre-defined access control rules. If this information matches the packet is passed, else the  packet is discarded or terminated.


Application Proxy Firewalls
It was belivied that earlier type of firewall was not secure as it allowed the direct  connection between the trusted and untrusted systems. This problem was overcomed with the use of Applicatin Proxy Firewalls, which was developed by DARPA.
This kind of firewall check what service or deamon is running on the port a packet is meant for, and if that particular service is running then the packet is allowed to pass else the packet is discarded or terminated. Once  this is done the firewall extracts the data and deivers it to the appropriate service.



Packet Inspection Firewalls
Packet Inspection Firewall are just similar to Packet Filter Firewalls. It not only verifies the source and destination IPs and ports, it also verifies the content of the data before passing. There are two ways in which PacketInspection Firewall inspects the data.
a.State
b.Session


Firewall Configuration
Firewalls can be configured by adding one or more filter under below mentioned conditions


Ports: Each and every server avaiable on a webserver is running on a specified port. Ports can also be explained as virtual doors present on a server through which services are made avaiable. Suppose a computer is running a Server (HTTP) it is basically avaiable on port 80. Other services like SMTP runs on port 25, telnet on port 23, FTP on port 21. If the server is made avaiable for publice use then these ports are open else they are blocked using firewall.


Domain Names: Blocking of certain domain names or websites can be done using firewalls. Firewalls are generally used in schools, offices and at homes to block websites. 




Bypassing Firewalls using  Proxies and Sockets.


Proxies: These are the program which stays in bewteen of a computer and a firwall. The data passed from the computer, first have to pass from the proxy. After it is pased through the proxy it reaches the destination. So no direct connection is established bewteen the client and the server. Proxy servers can also be used to bypass firewall to access restricted domain name or websites. Refer to my post Access blocked website to learn how to access blocked websites.


Sockets: They are used to tunnling the connection over the internet for better security. Tunnleing provides a better and more secure way for data transfer. I will soon be posting a tutorial on How to bypass firewall using Sockets.