Find out what I'm doing, Follow Me :)

Thursday, April 14, 2011


Firewalls (2) - How Firewalls Work
In the previous article we have discussed about the importance of using a firewall. This article presents the basic ways firewalls work.

Stateful Packet Inspection Firewalls
Let's examine what an SPI firewall is. Packets are messages containing pieces of data used to communicate between your computers or with the Internet. Inspecting those packets means we look at each one and check whether it is a legitimate message. Stateful means that not only are we going to check each message itself, but check that the message is sent or received at the right time in the connection.

For example, suppose two people, Sally and Rick, are talking and the conversation goes something like this:

Dick "Hi Polly."
Polly "Hi Dick."
Dick "'sup girl?"
Polly "Hi Dick."
Dick "Did you hear me Polly? I asked, 'sup girl?"
Polly "Hi Dick."

What can we discover? Well, after Dick asks, "'sup girl?" the first time, we expected Polly to say something clever, such as, "The sky and your cholesterol." Instead, she repeats, "Hi Dick." That sounds suspicious because it is not what we expected Polly to say at that point in the conversation. Even fishier is she repeats it a third time. So we can wrap up either that Polly has been taken over by an alien or replaced by a robot. Either way, we are probably done talking to her and politely smile as we walk away.

SPI works in a similar way. The next figure shows an example of an SPI firewall on a broadband Internet connection.

How SPI Firewalls Work
Figure 1 How SPI Firewalls Work

As shown in the green series of actions in Figure 1 above , as a computer on the home network initiates a request for a web page, the SPI firewall inspects the call as it passes and makes note of the demand. Next, when the website replays with the web page, the SPI firewall inspects the response. It looks in its memory and realizes that, yes, this web page response was because of the computer on the home network asking for it, and the SPI firewall allows the web page through to the home network.

If a hacker or some other computer tries to send a message to a computer in the home network, such as in the red series of events in Figure 1 , the SPI firewall inspects the message again. This time, however, the firewall cannot make the connection between the message and a request from the home network because such a request did not occur. So, the firewall blocks the message.

Pretty neat. SPI firewalls are an effective way to keep out unwanted intrusions into your home network. They do not solve everything; after all, hackers are crafty and figure out ways around just about everything. However, SPI firewalls can at least severely increase the level of defense you have to start with.

If only we had SPI firewalls for our phone lines to keep telemarketers from calling us unless we called them first.

Personal Software Firewalls
Personal software firewalls have a slightly special role in your home network security. Whereas SPI firewalls are usually meant as a barrier to what can come from the Internet, personal software firewalls act as a barrier to what can go to the Internet from your computers.

Figure 2 shows an example of a personal software firewall. A web browser, such as Internet Explorer, tries to send a web page request to the Internet. The personal software firewall is set up to allow access for this program, so the request is allowed, and the web page is retrieved.

How Personal Software Firewalls Work
Figure 2. How Personal Software Firewalls Work

Suppose, however, that regardless of your best efforts, your computer becomes infected with a Trojan horse virus program . Now the little devil attempts to send information back to the hackers who planted it, as depicted in Figure 2. This time, though, the personal software firewall intercepts the access shot because that program is not set up to be permitted access to the Internet. The request is denied, and the hacker does not receive the information from your computer.

Just to confuse things a little, many personal software firewall programs also contain an SPI firewall for both outbound and inbound protection, as depicted in the lower right of Figure 2. Sweet.

1 comment:

  1. This information is Very Useful in my study.


    Hiren Sakkarval