A Firewall is a term used for a part of a car. In cars, Firewalls are physical objects that separate the engine block from the passenger compartment. They are meant to protect the passenger in case the car explodes.
A Firewall in computers is a logical device that protects a private network from the public part. How they work is:
Now, you have two distinct networks, which share a computer. The
firewall computer, from now on named "firewall"
, can reach both
the protected network and the internet. The protected network can not
reach the internet, and the internet can not reach the protected
network.
For someone to reach the internet from inside the protected network, one
must telnet to firewall
, and use the internet from there.
Accordingly, in order to get into the protected network, one must go
through the firewall first.
This provides excellent security against attacks from the internet. If
someone wants to make a concerted attack against the protected network,
they must go through the firewall first, making it a two-step, and thus
much harder, attack. If someone wants to attack the protected network
via a more common method, such as mail bombing, or the infamous
"Internet Worm"
, they will not be able to reach the protected
network. This makes for excellent protection.
The biggest problem with firewalls is that they greatly inhibit the
access to the internet from the inside. Basically, they reduce the usage
of the internet to that which one would have via a dial-up shell
account. Having to login to firewall
and then do all internet
access is a severe restriction. Programs like Netscape, which
require a direct internet connection, will not work from behind a
firewall. The answer to these problems is having a Proxy Server.
Proxy servers are constructs that allow direct internet access from
behind a firewall. How they work is they open a socket on the server,
and allow communication via that socket to the internet. For example, if
my computer, drig
is inside the protected network, and I want to
browse the Web using Netscape, I would set up a proxy server on
firewall
. The proxy server would be configured to allow
requests from my computer, trying for port 80, to connect to its port
1080, and it would then redirect all requests to the proper places.
Anyone that has used TIA or TERM has seen this concept before. Using these two programs, you can redirect a port. A friend had TIA setup to allow anyone using 192.251.139.21 port 4024 to connect to his Web Server. The proxy server works like this, but backwards. To connect to anyone else's port 80, you must use port 1080 (or whichever port you set it for).
The great thing about proxy servers is that they are completely secure, when configured correctly. They will not allow someone in through them.
Next Chapter, Previous Chapter
Table of contents of this chapter, General table of contents
Top of the document, Beginning of this Chapter