How Does a Firewall Work?


How Does a Firewall Work - Introduction

So, how does a firewall work? Just what is a firewall?

A firewall is designed to block unwanted traffic between computers on a network or between computers on your home network say and another computer or server connected to the Internet thereby allowing you to surf the web in relative safety.

It will only allow traffic to pass through that you have given the go ahead to and will block all other traffic so that a potential hacker cannot gain access and start looking at your files and data or install a nasty little program to grab your credit card details, passwords etc.

Computer firewall

As we all know by now, the web is rife with Trojans, worms and viruses and the like and in order to provide a level of protection against attack your PC or laptop computer should have a firewall installed before you connect to any form of network or Internet connection.

Almost immediately that you connect up to the Internet your PC is open to these viruses and Trojans which are on the constant lookout for vulnerable PCs to infect and spread their nefarious activities – especially over a fast broadband connection.

Without a firewall it has been said that your online connected PC is likely to become infected by a Trojan horse, Worm or some other form of Malware within 5 minutes!

Your firewall will filter and disregard any data that it deems as coming from an unsecure or suspicious source or unsolicited data.

Various methods are employed such as packet filtering and stateful packet inspection etc which compare the data packets against lists of pre-configured, user defined rules and in-context data streams and will ignore any un-solicited traffic from the Internet to your PC or network thereby making your networked PCs and other devices invisible to anyone probing for a way in to your network.

There are two different basic types of firewall available, software firewalls and hardware firewalls.

How Does a Firewall Work – Hardware Firewall

A hardware firewall, such as the one built into your home wired or wireless router, is a configurable piece of hardware that is set to block unwanted traffic between computers connected to your router LAN (local area network – your home network) and the WAN (wide area network - your Internet connection).

It will protect all of your PCs, laptop computers and other devices connected to your home LAN network from attack via your Internet connection.

Hardware firewalls by their very nature are faster than software firewalls.

Your hardware firewall has the advantage over a software firewall in that it will protect all of your PCs and laptop computers etc connected to it.

A further level of protection built into your hardware router is NAT (Network Address Translation).

When accessing the Internet your firewall / router is assigned a public IP address which is seen by the outside world but your PCs and laptop computers etc connected to your LAN (home network) side of your firewall / router will be allocated private IP addresses by your router which will not be seen by the outside world and hence any potential hackers etc.

So, NAT converts your PCs IP address for outgoing data to a public IP address. Return reply data from a remote server on the Internet say will send back to the public IP address it has been given where the firewall / router will then translate this back into the originating PCs individual private IP address and then route the data back to the PC where the request originated from.

A hardware firewall can be purchased as a stand alone item or more commonly as an integral function of your broadband wired or wireless router.

A hardware firewall will be effective ‘right out of the box’ with little or no setting up required.

How Does a Firewall Work – Software Firewall

Software firewalls differ in that it is a program written to be installed on your PC or laptop computer to run alongside your operating system and is designed to protect only the PC or laptop computer that it is installed upon.

Your software firewall prevents attack by monitoring all incoming and outgoing data (note that Windows own firewall protects against incoming threats only) via your PC or laptops network adapter or Internet connection and blocks any intrusions via network services etc.

Software firewalls incorporate user defined inputs to allow setting up of file and printer sharing and keeps a set of rules telling it what is allowed to pass through unimpeded and what is not.

Software firewalls are more complex to set up in the sense that they need to be configured by you to allow or disallow certain traffic.

When you install your firewall it will be set to block all traffic and you will have to ‘train’ it to allow the programs that you wish to access the Internet.

How Does a Firewall Work – How does it do this?

Well, all network traffic is identified by the use of a port number.

All services accessed over the Internet make use of a particular port dependant upon the type of service performed.

So, for instance, file and printer sharing will make use of ports 137, 138, 139 or 445 and your firewall will block any traffic to or from these ports via your Internet connection so that a potential hacker cannot access your shared files but will allow traffic between computers connected to your home network providing a rule has been set to allow such traffic – i.e. file and printer sharing has been enabled.

Now, this is all very well and good but we can’t go blocking off all traffic between your home network LAN and the Internet or you wouldn’t be able to use your web browser etc!

So, your firewall will need to be set up to allow data between yourself and the Internet to pass through without being blocked and also to allow a response to come back - i.e. you open up a web page browser and search for and select a website of interest and the website data is displayed on your PC without hindrance after your firewall has confirmed that the data coming back is in response to your request.

Your firewall though will block any data that has not been specifically requested.

Sometimes you need to allow certain traffic through for specific applications running via your Internet connection – i.e. online games etc. To do this you will need to ‘open up a port’ to allow direct access for that program to your PC through a ‘hole’ in your firewall. Unfortunately doing so makes for potential access to a hacker who can then use this to potentially gain control of your PC via your Windows operating system or other programs.

How Does a Firewall Work – Ports

What is a port?

A port is used by a program to send data via your network connections and various port numbers are assigned to different services. There are 65,536 different ports available for use!

A program or service will make use of a specific port number when it wishes to transmit or receive data over your network or Internet connection.

It doesn’t really matter which port number is chosen but you will find that specific port numbers have now become set aside for particular services – i.e. port 80 is always used for HTTP web browser traffic, port 110 is used for POP3 by your email program, online games such has World of Warcraft will use port 3724 etc.

If your firewall is set to close these ports then all traffic – ingoing and outgoing – will be blocked.

You will need to configure your firewall to ‘open’ the relevant port required for that service or program to communicate.

How Does a Firewall Work – Windows Firewall

Your Windows operating system from Windows XP onwards incorporates its own firewall which is built into the Windows operating system.

The Windows firewall does a good job of protecting you against online threats and is easy to configure – pretty much you just let it get on with the job.

You should note however that your Windows Firewall only monitors incoming data and not outgoing data which is where the third party software firewalls offer added protection.

Why would this be useful?

How Does a Firewall Work – Third Party Software Firewalls

Well, say you have spyware already installed on your PC – your PC could then be compromised via the spyware which is programmed say to collect information stored on your PC or laptop and send it out unimpeded with who knows what data, passwords etc.

Third party software firewalls are more comprehensive in that they will look at data going into and out of your PC and hence will protect against the inadvertent addition of a program which has found its way on to your PC via an email or memory stick or whatever and is now trying to send data that it has found on your PC back to its owner out on the Internet somewhere.

The purpose of your software firewall is to protect your PC whether you are connected to the Internet or a LAN (local area network) whether within your own home or when you are out and about say with your laptop computer maybe browsing the Internet via a public hotspot at a coffee shop or hotel for instance.

Your firewall will not prevent viruses or spyware or adware from infecting your PC or laptop and it won’t prevent you from downloading a program or file which you may then open and inadvertently infect your PC by unleashing a virus. What it will do though is monitor incoming or outgoing data from your PC via your network connection, be that your LAN, Wi-Fi or Internet connection.

How Does a Firewall Work – Firewall Zones

Some firewalls may split your traffic up into ‘zones’ where you may have a ‘trusted zone’ and say an ‘Internet Zone’ whereby all your home network PCs, laptop computers and other devices are added to your ‘Trusted Zone’ for easier access with lower security settings and access to printer and file sharing by all other LAN connected devices.

Your ‘Internet Zone’ connection will have much higher security settings controlling the incoming and outgoing data.

Your firewall will now prevent Internet access to your shared folders and printers.

How Does a Firewall Work – Hardware or Software Firewall?

Which type of firewall should you be using? Our opinion is that a combination of both a software and hardware firewall will give you the best of both worlds and offer the best all round protection for your home wired or wireless network

You should ensure that your PC or laptop computer connects to the Internet via a router with an integral hardware firewall (which they all have as standard these days) and back this up with a good software firewall installed on each and every one of your PCs and laptop computers connected to your home LAN network.

Your hardware firewall will make your LAN networked PCs and Laptop computers invisible to the Internet where the online nastiness resides. It will inspect all incoming data using Packet data filtering which examines the header of a packet of data and only allows safe data into your home network of PCs and other networked devices.

But your hardware firewall is set to ‘trust’ traffic on your home network LAN and so does not really protect you against threats that may be introduced here, say by a laptop PC which gets used whilst at work or on the road which may have inadvertently picked up a Trojan or spyware or similar.

Here, is where your software firewall will come in for your ‘bells and whistles’ protection!

Your firewall will keep a list of rules that it applies to various services and programs to allow or disallow Internet access.

Some firewalls are pretty intuitive and if you run a new program that you have installed and it requests Internet access, your firewall will pop up a notification box giving you the option of allowing or blocking access for the program to the service.

Sometimes this doesn’t happen and you will have to manually add access for that program by editing your firewalls exception list.

It will monitor all traffic between the Internet and your PC and block any unauthorized traffic whist alerting you so that you may decide whether or not it is safe to allow.

So basically your combined firewall setup works like a border patrol with a guard who will only let you pass through in or out with the correct paperwork :)

If you’re surfing the web then only web type data such as browser page requests and pages returned from the relevant server will be allowed to transmit back and forth.

How Does a Firewall Work – Final Thoughts

Now, to make sure that you are fully protected you must ensure that you install good anti-virus software to protect against any Trojans or Worms etc introduced via a memory stick or laptop say which your firewall will not protect you against – your firewall will only protect you against propagation of these threats and will not help you to detect and remove them.

Return from How Does a Firewall Work to PC Tips and Tricks Homepage