Understanding Firewalls

Understanding Firewalls

Latest From KENET / Thu, 08/22/2024 - 08:34

What does a firewall do?

A firewall is a program or device that acts as a barrier to keep destructive elements out of a network or specific computer. Firewalls are configured (in hardware, software, or both) with specific criteria to block or prevent unauthorized access to a network. They work as filters for your network traffic by blocking incoming packets of information that are seen as unsafe. In large corporations, if a firewall is not in place, thousands of computers could be vulnerable to malicious attacks. Firewalls should be placed at every connection to the internet and are also used to control outgoing web traffic as well in large organizations.

Firewalls use several strategies to control traffic flowing in and out of networks. Packet filtering is when small chunks of data (called packets) are run through a filter and analyzed. Stateful inspection is where the contents of each packet are not examined, but instead key parts of the packet are compared to a database of trusted information, letting through the packets that pass this test. Firewalls can be configured to filter by several variables: IP address, domain name, protocol, port or even specific words or phrases. Though some operating systems come with a built-in firewall, internet routers also provide very affordable firewall protection when configured properly.

 

What type of firewall is best?

Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use.

  • Hardware - Typically called network firewalls, these external devices are positioned between your computer or network and your cable or DSL modem. Many vendors and some Internet service providers (ISPs) offer devices called "routers" that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers but also offer a high degree of protection for a single computer. If you only have one computer behind the firewall, or if you are certain that all of the other computers on the network are up to date on patches and are free from viruses, worms, or other malicious code, you may not need the extra protection of a software firewall. Hardware-based firewalls have the advantage of being separate devices running their own operating systems, so they provide an additional line of defense against attacks. Their major drawback is cost, most of them are very expensive.
  • Software - Some operating systems include a built-in firewall; if yours does, consider enabling it to add another layer of protection even if you have an external firewall. If you don't have a built-in firewall, you can obtain a software firewall for relatively little or no cost from your local computer store, software vendors, or ISP. Linux/unix operating systems come with inbuild firewall that can also be configured at the network level(proxy servers/network gateways) or the machine level.

How do you know what configuration settings to apply?

Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, you'll need to read and understand the documentation that comes with it to determine whether or not the default settings on your firewall are sufficient for your needs. Additional assistance may be available from your firewall vendor or your ISP

About

Kenya Education Network CERT(KENET-CERT) is a Cybersecurity Emergency Response Team and Co-ordination Center operated by the National Research and Education Network of Kenya. KENET-CERT coordination center promotes awareness on cybersecurity incidences as well as coordinates and assists member institutions in responding effectively to cyber security threats and incidences. KENET-CERT works closely with Kenya's National CIRT coordination center (CIRT/CC) as a sector CIRT for the academic institutions. KENET promotes use of ICT in Teaching, Learning and Research in Higher Education Institutions in Kenya. KENET aims to interconnect all the Universities, Tertiary and Research Institutions in Kenya by setting up a cost effective and sustainable private network with high speed access to the global Internet. KENET also facilitates electronic communication among students and faculties in member institutions, share learning and teaching resources by collaboration in Research and Development of Educational content.