The Learning Center
Home  »  Learn  »  Home Computing  »  How Firewalls Work

How Internet Firewalls Actually Work

 Share the knowledge!

For as long as there are computers connected to the Internet, there will be hackers trying to make life miserable for everyone. That's why firewalls were created for computer users: to block a hacker's attempts to break into our computers and computer networks, either at work or at home.

A firewall is a protective system that "sits" between the network you're connected to and the Internet. There are both software and hardware versions of firewalls that you can install, and they both can help to keep you safe from outside intruders.

Following safety rules.

Here's how a firewall works: The IT (information technology) or network manager sets up specific rules that the firewall will use to filter out unwanted and dangerous intrusions. For example, the firewall could shut down any nonessential ports that a hacker might probe for and open (given the opportunity). The network manager might also decide to block out all inbound traffic except for email or data that's been requested by someone inside the firewall.

As data starts to travel in and out of the network, the firewall puts the rules into action through a number of safeguards:

Packet filtering.

The data that we all send out over the Internet—our emails, transactions and more—travels in packets. These packets are small chunks of data, along with information about where the data originated and where it's headed. The firewall takes a close look at every packet. If the outbound address of the data is listed on banned Internet locations (such as a porn site), the firewall will block it. This type of filtering is used on small business or home networks.

The proxy part.

All of the incoming and outgoing network traffic goes through a proxy, which is a file server that is outside the firewall. Following the filtering rules established, the proxy server examines all data and forwards all packets that are in line with the rules, and won't forward any that aren't. If a harmful transmission of data has managed to sneak past the filters, the proxy takes the hit and protects the network.

State inspector.

The firewall takes a close inspection of key parts of a packet, comparing it to a database of known safe data. To be considered acceptable, a data packet must look like those which the firewall has seen before...and allowed through. Data that passes inspection is sent by the firewall to its ultimate destination. Packets that fail go nowhere and are written over and pushed aside by the newer data packets that follow.

On the alert.

When the firewall senses an intruder trying to get into the network, it will stop the attack. It will also send the computer user a message, usually in the form of a pop-up window on their monitor. It will say something like, "There has been a recent attack against your system." It will also provide a link that allows you to see more details on the attack, just in case the IT manager wants to explore it.

The good, the bad and the ugly.

Not only can a firewall prevent attacks, but it also can provide a history of all data that has passed through it. All intrusions or attacks, for example, are recorded. Usually the IP address of the computer sending the attack is identified and so is the type of attack that was sent.

This is highly valuable to IT network managers in a business setting. A data history can also be worthwhile to an Internet Service Provider, allowing them insights into the volume and type of traffic on their network.

As you can see, a firewall is a complete security resource, working invisibly—and sometimes not so invisibly—behind the scenes to keep your network protected and to keep you productive.

Related Articles