Firewall Primer

firewalls

Firewalls are applications which control network communication. A firewall constrains which computers can connect to the server (IP filtering) and to which ports connections can be made (port filtering). These applications are called firewalls because they serve as a barrier (burning barriers, no less) to unwanted communication attempts.

In Figure 4 the server from Figure 1 is running a firewall. Except for four, all priviliged and well-known ports are blocked by the firewall - connection attempts to these ports are denied. Dynamic ports are left open so that client applications running on the server can communicate with remote services.

Figure 4 | A firewall blocking access to all privileged ports except those which provide conduits to running services. The entire range of well-known ports is also blocked.

There are various ways in which firewalls can be configured and that topic is beyond the scope of this introduction. In most cases, however, the firewall rule set is typically set up to precisely define what is allowed while disallowing everything else. For example, an example rule set would look something like this:

1. allow connections to ports ftp/21, snmp/25, http/80, pop/110
2. disallow connections to all other ports

This conservative philosophy is a good approach: if an unauthorized application was started on port 81, then nobody could connect to it because port 81 is denied by the "disallow connections to all other ports" part of the rule set. By having a specific allow policy and a general disallow policy the firewall minimizes the risk of forgetting specific ports. Forgetting to open a port is less likely to lead to a security vulnerability than forgetting to close a port. This is similar to the "easier to ask for forgiveness than get permission" rule employed by children, teenagers and occasionally repentent adults.