Cyber security – firewalls

cyber security firewall

Firewalls are nothing more then a packet filter. A firewall has rule sets that define what to do from packets when they are received. The main options for firewalls are accept, reject or drop. An acceptation rule will let the packet / traffic flow threw without issue. When you hear “please add this to your firewall, this is what they are talking about.

Reject on the other hand is the opposite of that. It will reject the packet or traffic and send an ICMP rejection. Basically, it gives a sort of no way Hosay rejection notification.

Drop on the other hand will not allow traffic / packets and will not give a response. Drop is like an angry girlfriend; you can ask it all the questions you want – but you do not get an indication of what’s wrong. That’s for you to figure out.

Common misconceptions about firewalls

A lot of people I talk to seem to use the term firewall when the mean antivirus. A firewall works on the network level while antivirus is mainly on the operating system level. We are starting to see antivirus and endpoint protection that work directly with your router / IDS / firewall, so the lines are getting blurred.

What types of firewalls are there?

Getting back to the idea that a firewall is packet filter makes describing firewalls much easier. One type is a firewall on your computer. Windows firewall is the default Microsoft Windows firewall, while Linux and BSD operating systems use iptables or ipchains.

Hardware firewalls on the other hand will usually sit on your main router or security appliance so they can filter traffic for all the computers, servers, printers, etc behind it. This is usually referred to as head end filtering.

A lot of antivirus companies build a firewall into their antivirus products to make it a total protection solution. This way the antivirus can better manage the firewall and traffic identification and response to malicious traffic being sent to the computer.

Firewalling and NAT (Network Address Translation) are not the same thing.

Network Address Translation or NAT is when a network device like a router matches an external connection port and passed that to an internal system on a specified port. An example of NAT is natting port 21 for FTP. If someone is trying to connect to a natted FTP server at ftp.example.com on port 21 – it could pass the traffic to the internal FTP server on port 21 to an internal server address of 192.168.1.100. This is just a basic example, but it does outline that NAT rules are just rules. The firewall would filter the traffic on the incoming traffic to port 21. Firewalls and NAT do usually work together, but they aren’t the same thing.

There you go! Our quick and dirty rundown of firewalls. There is a lot more on this topic to discuss and we will try and slowly cover everything in the future. Check back for updates.