Want to keep learning?

This content is taken from the Raspberry Pi Foundation & National Centre for Computing Education's online course, Introduction to Cybersecurity for Teachers. Join the course to learn more.

Skip to 0 minutes and 2 secondsFirewalls are tools that protect computer networks by deciding how and what information can enter and exit the network. There are two forms of firewall. A network firewall uses separate hardware to act as a barrier between networks. A host firewall is software downloaded onto an individual device, and only protects the host device. Network and host firewalls have different strengths and weaknesses. If your network is comprised of only one computer, then just the host firewall is sufficient. Cheaper and easier to use, host firewalls can be customised, and can easily identify if a device has been compromised. But if your network has hundreds of computers, then one out-of-date host firewall can make the whole network vulnerable.

Skip to 0 minutes and 46 secondsInstead, a network firewall can protect each device equally. Most companies will use a combination of network and host firewalls for extra protection. So how does a firewall work? A primary role of a firewall is to filter traffic entering and leaving the network. The firewall evaluates incoming data to identify malware and other threats, but also checks any outgoing traffic is authorised to leave the network. Network firewalls can act as a proxy when communicating with websites. This means that any information requests sent outside the network are first sent to the firewall, which then passes the requests to the recipient on your behalf. The recipient responds to the firewall, which passes the response back to you.

Skip to 1 minute and 31 secondsThis allows the firewall to screen potentially harmful messages, and stops the recipient gaining access to the network. An added benefit is that this feature can speed up your interactions with the internet. If the proxy server stores data from regularly-visited websites, it can load their information without having to get it from the website itself. Firewalls can also block specific websites or URLs containing particular keywords. However, firewalls can only protect against the threats they can identify. Firewalls, just like antivirus software, must be kept up-to-date in order to remain effective against changing threats. Firewalls require constant maintenance. They are not the kind of technology that you can just set up and leave. Does your school use a firewall to block certain websites?

Skip to 2 minutes and 15 secondsIf so, what kind of sites, and why? How effective is it?

Firewalls

What is a firewall?

Firewalls are tools that protect networks by deciding how and what information can enter and exit the network. They can be used to protect large networks and individual computers from malware and data theft.

There are two forms of firewall:

  • A network firewall acts as a barrier to the entire network. It normally comes in the form of a separate piece of hardware which sits between the network and the internet or any external networks.
  • A host firewall is software which is downloaded onto an individual device and only protects this device, known as the host device (to find out more about host devices, refer to our Networking course).

Network and host firewalls have different strengths and weaknesses and so are used in different situations:

  • If your network is made up of one computer, then you only need a host firewall. This technology is cheaper and often easier to use if you are not an IT professional. Host firewalls can also be more specialised to their host and can show more clearly if the host has been compromised.
  • If your network is made up of hundreds of computers, then a network firewall offers equal protection for all of the computers. If there was no network firewall in place, and any computer in the network had an out-of-date host firewall, then it could make the whole network vulnerable.

Most companies will use a combination of network and host firewalls for extra protection.

How do they work?

Firewalls can perform lots of different functions and try to protect the network from different attacks in different ways. Here are some examples of the role a firewall can play in defending a network:

  • Filter: The firewall filters traffic entering and leaving the network. It evaluates incoming data to identify malware and other threats, but also checks that any outgoing data is authorised to leave the network.

An animation of firewall filtering traffic. A firewall, represented as a brick wall with a metal component on top, sits between a network on the left and some empty space on the right Some legitimate data represented as a green circle enters the firewall from the right, is scanned, and the continues to the network. Some malware respresented as a red circle enters the firewall from the right, is scanned, and then disappears. Some legitimate data comes from the network on the left, enters the firewall, is scanned, and then exits to the right.

  • Access control: Firewalls can be used to prevent external devices from accessing the network. You will find out more about this later.
  • Proxy service: Network firewalls can act as a proxy when communicating with websites. This means that any information requests sent outside the network are sent to the firewall, which passes the requests to the recipients on the user’s behalf. When the recipients respond, they respond to the firewall, which can pass the response to the user. This allows the firewall to screen potentially harmful messages, and stops the recipient from gaining access to the network. It can also speed up the user’s interactions with the internet — if the firewall stores websites that the user visits regularly, then it can load the information without having to get it from the website itself.

An animation of a filewall acting on a proxy. Data represented as green circles travels from a laptop on the left to a firewall, where it is scanned, and then passed on to a website on the right. The website responds with another green circle of data, which travels to the firewall, is scanned, and is then sent to the laptop.)

  • Block websites: The firewall checks outgoing messages as well as incoming messages, so it can block certain requests. This allows organisations to prevent their employees from visiting or using particular websites. This is often done by implementing a blacklist of websites that are blocked, or by using a key word search that blocks any websites containing a particular word.

The restrictions that firewalls apply to the network can be specific to a device or an account. For example, the firewall could be set up to allow more senior staff to send information out of the network, but prevent less senior staff from doing so.

How effective are they?

Firewalls can only protect against the threats that they can identify. As you learned last week, threats change all the time, so firewalls must be kept up-to-date in order to be effective.

In addition, many firewalls are not effective because they are not configured properly. If a firewall is not set up to scan an organisation’s internal network, then the network is not protected from internal threats.

Furthermore, many firewalls don’t or can’t scan encrypted traffic, so if an organisation is receiving a high number of encrypted files, it may be under threat.

Next step

In the next step, you will learn about how devices can be added to a network securely.

Questions

  • How do you think the firewall detects malware trying to access the network?
  • Does your school use a firewall to block certain websites? If so, what kind of sites and why? How effective is it?
  • If the firewall in your school applied different restrictions to students and staff, what kind of differences would there be and why?

Share your answers in the comments

Share this video:

This video is from the free online course:

Introduction to Cybersecurity for Teachers

Raspberry Pi Foundation