Introduction to firewalls
Firewalls are expected to be part of the security of every computer system and network.
In its basic functionality, a firewall monitors the incoming and/or outgoing traffic and decides whether to block a particular packet or let it through based on a predefined set of rules.
We will discuss firewalls in greater detail later in the course once we have covered the theory of computer networks. For the purpose of this week’s practical work, we need to introduce some of the basic principles and functions of a firewall.
In its simplest implementation, a firewall will have a set of rules determining whether particular traffic should be allowed through based on criteria like protocol, port and source/destination IP address. The majority of firewalls will also have relatively strict rules blocking untrusted incoming traffic and relatively relaxed rules for outgoing traffic. By using such rules, we can restrict the exposure/visibility of services available on a particular computer to an untrusted network, eg the internet.
For example, suppose we have a computer server that is running a web server with a back-end database and is also acting as a file server for the local desktop machines. What we would want in this case is to make sure that the web server is visible to the internet, while the file server is visible only on the local network, and of course the database is only visible within the machine itself. In addition to the configuration of these services, a firewall will also be part of the solution.
We will need to prepare a set of firewall rules based on protocol, port and IP address. We can write one rule which allows all traffic from any network directed to the web server; a second rule allowing only traffic from the local network IP range to the file server; and a third rule blocking all incoming external traffic to the database (or as is more common, blocking traffic to everything else).
The above scenario can be implemented using the Linux kernel firewall (with iptables) rules. Please download the Rules document from the Downloads area at the end of this step. We will discuss these rules in more detail, as well as the capabilities and limitations of modern firewalls, later in the course.
Firewalls can be host-based (running on the host they are protecting) or network-based (protecting the local network from external untrusted traffic). Host-based firewalls are usually software implementation, while network-based ones tend to be hardware (or a hybrid) implementation.
In the following practical exercise we are going to see the configuration of a host-based software firewall, turn it on and see the difference it can make to the security exposure of the machine to external networks.
© Coventry University. CC BY-NC 4.0