Firewalls 101

Firewalls 101

Ashton Mills straps on some flame-retardant clothing and attempts to venture through a few walls of fire.

A long time ago, mankind made a firewall. Its purpose was simple and clear – block incoming and, optionally, outgoing ports. It could be blanket, or allow traffic to or from specific ports, or even IP addresses. Later, it could even be done based on protocol.

In this humble beginning, it was elegant and simple, but the demands of users, and networks, were not. Especially in large networks, with the demands of different work environments, there would be a plethora of necessary Internet-enabled applications, and opening up the ports for all of them would give you a firewall that resembled Swiss cheese, rather than anything effective. And why open ports that may only be used once or twice, or temporarily?

What was needed was an intelligent firewall that could outright block most ports, and open others only as required, and thus the stateful firewall was born. This particular invention made it so that incoming traffic destined for a machine on the network would be allowed in only if the target machine had first initiated contact. Sort of like a door that only opens when it’s needed, and only from the inside.

The firewall does this by tracking the outgoing connections and comparing incoming connections against them. If the address and port of an incoming connection matches the address and port of an outgoing connection, the data transfer is allowed to go through.

Today, pretty much all firewalls are stateful – from those your ISP uses, to your router, to the software firewall on your PC. They make it possible to have good protection without sacrificing usability.And though they can’t be easily abused, they can in some cases be bypassed.

Tricksy software
You might have had times when, setting up an FTP or game server, you had to tell your router or operating system’s firewall to allow certain programs or services through. That’s because, as it should, your firewall would see any incoming connections as a threat, and drop them.

Some of you may be familiar with the Hamachi software that lets you set up a VPN over the Internet at the touch of a button. It enables you, for example, to play games with your friends without the need to enter their IP address, or connect to them over a game browser. Instead, you select to play over a ‘LAN’, and voila, your mates’ machine is detected as if it were on a LAN in the next room.

Hamachi makes playing networked games easy as pie but more importantly, if you’re hosting a game, you don’t need to open ports in your firewall. It just works.

And Skype, of course, helped the VoIP wave take off and now at any one time there are millions of users using it to call each other over the Internet. But once you’ve installed the software, you don’t need to tell your firewall to let connections of people calling you in, they just work.

So how is it that another Hamachi user can connect to your machine, or a Skype user can call you, without ever telling your firewall to let them through?

Browse this article:   Next

This Feature appeared in the May, 2007 issue of PC & Tech Authority Magazine

See more about:  firewalls  |  firewall  |  security  |  virus  |  hack  |  hacker
Latest articles on BIT Latest Articles from BIT
Bitdefender 2016 brings new ransomware protection
28 Sep 2015
Bitdefender Labs has unveiled its 2016 consumer line, including Bitdefender Antivirus Plus 2016, ...
How to protect your LastPass account from hackers
19 Jun 2015
So, the unthinkable has happened for millions of LastPass customers worldwide: LastPass’s ...
NovaBACKUP 17 brings installation assistance, phone/ email tech support
11 May 2015
NovaStor has announced the release of its industrial-strength backup solution for Windows, ...
Dropbox for iOS 3.9 adds new Recents tab, supports comments
11 May 2015
Dropbox has unveiled Dropbox for iOS 3.9.0, a significant update to its client for iPhone and ...
Arq cloud backup app debuts on Windows
11 May 2015
Popular Mac cloud backup app Arq is now available on Windows 7 and later. The program makes it ...

Latest Comments

Latest Competitions

Win one of three Intel 750 1.2TB SSDs worth $1599 each! 

Win one of three Intel 750 1.2TB SSDs worth $1599 each!

If you purchase an Intel 6600K or 6700K CPU from an Intel Technology Partner* between 8/8/15 and 15/12/15 you can win the stunning new Intel 750 Series 1.2TB SSD.

Latest Poll

What PC component are you planning to upgrade in the next six months

Ads by Google

From our Partners

PC & Tech Authority Downloads