#firewall #internetsecurity #infosec #security #networking
As I've said many times in the past, this blog isn't for your run of the mill IT professional, in some cases it can help, but its for everyone, for many of us "what is a firewall?" seems to be a pretty rudimentary question. But, not everyone knows, its quite an interesting system that does in fact need some explanation. Time for us to jump in and figure out what a firewall is, how it works, and why we want it.
Lets start by saying computers do unique devices, they talk to one another over ports. Yes there is the initial IP address, lets use for example 10.10.10.10. Today this is going to be our generic universal IP address. This is going to be our safe house, and the way we will be explaining everything.
Ports are internal instructions inside of each computer that refers an application, refers a process, or something of that matter. For example, lets use port 80. Port 80 is one of the most well known ports out there, as it is the HTTP port (hyper text transfer protocol). This port allows a computer to use it an access a website, it also allows a website to be hosted by a server, or computer. Now lets assume 10.10.10.10 hosted a website called Http://www.HamPickles.com (not a real site), by leading with HTTP, the server on the other end knows to use port 80 and load up Ham Pickles. Could've easily just typed in 10.10.10.10:80 as well, would've resulted in the same outcome. Ports allow for proper program communication. For a list of well known ports, click here.
I'll get more into ports on another day, and I know it can be very confusing, whats the difference between port 25 and port 110, but that's all info for another day. The point so far is we know computers function certain programs over ports. Email works over port 25 and 110, HTTP works over 80, HTTPS uses 443, bla bla bla its nonsense and its a lot. What we do know is this, of the thousands of available ports... you don't need to use all of them.
For example port 3389 is the windows terminal server, which allows for remote desktop protocol connections. In an office with IT professionals, this is a great port to have open, if you want someone to log into your computer, make some tweaks, its good. If someone wants to log into a server and fix a flaw, its great; does grandma need it open? Absolutely not.
This is where a firewall gets involved, they can be extremely complex for your standard home user to configure, and a LOT of work, which is why programs such as symantec or kaspersky offer managed services on their programs. They pre-determine what ports should and should not be open. This can get annoying for an IT professional who wants to open up a port from time to time, but there are ways of fixing these problems. I guess leading to a "anti-virus is important" discussion, but I'll once again leave that for another day.
The true benefit of a firewall is blocking ports that don't need to be open, not because grandma doesn't need to know how to remote into a print server, but because every port open is an additional level of potential failure. Hackers and virus makers prey on finding a broken port and exploits available for the exploiting. Lets use port 540, the Unix to Unix Copy Protocol (UUCP), assuming someone found they could copy any file off of any unix based system by using this protocol, leaving it open can be a problem (apple runs on Unix). Which is why its important for a firewall to close up as many ports as it deems unnecessarily opened.
In summary, a firewall is in place to make sure hackers and viruses can't exploit ports in your computer. It increases security and blocks potential vulnerabilities, decreasing the likely hood of someone hijacking your system, or really screwing up your Christmas. Anti-virus and firewall options will be reviewed another day, and as always, be safe my goblins.
0 comments:
Post a Comment