Definition of a firewall
Simply put, a firewall is a computer network security system that functions to protect computers from various types of attacks from outside computers. A firewall monitors and controls all incoming and outgoing network traffic that you do based on established security rules. In general, a computer firewall is a software program that prevents unauthorized access to or from a private network.
So, a firewall is a tool that can be used to improve the security of computers connected to a network, such as LAN or the Internet. A firewall is also an integral part of a comprehensive security framework for the network you are using. A firewall is able to guarantee security through activating granular control over types of functions. The firewall will also carry out system processes that have access to network resources.
Most people think that a firewall is a device that is installed on a network, and controls the traffic that passes through a network segment. However, you can also have a host-based firewall that can run on the system itself, such as ICF (Internet Connection Firewall). Basically, the functions of the two firewalls are the same: to stop intrusion and provide a powerful access control policy method. In a simple definition, a firewall is nothing but a system that protects your computer; access control policy enforcement points.
Benefits of a firewall
A firewall that is a barrier intended to protect your PC, tablet or cellphone from the dangers of data-based malware on the Internet has several benefits, namely:
• Protect the computer from unauthorized remote access. One of the worst things that can happen to your computer is if someone tries to take control remotely. Seeing the mouse move on the monitor because of hackers certainly scary. With a properly configured firewall (and modern OS), you can disable remote desktop access, thus preventing hackers from taking over your computer.
• Can block messages that link to unwanted content. The internet has a lot of bad code that crosses cyberspace, waiting to pounce on unprotected PCs. A firewall can prevent this from happening.
• Making online gaming safer. Every hacker attempt to use their malware to enter your system will be blocked, making your system safe.
How a firewall works
When your computer has firewall protection, everything that enters and exits the computer will be monitored. The firewall monitors all information traffic to allow ‘good data’ to enter, and to block ‘bad data’ from entering the computer. Firewalls use one or more of the three methods below to control the traffic that flows in and out of the network:
• Package filtering. Packages (small pieces of data) are analyzed against a set of filters. Packets that pass through the filter are sent to the requested system, while other packages are discarded.
• Proxy service. Information from the Internet is taken by the firewall and then sent to the requested system and vice versa.
• Stateful inspection. A newer method that does not check the contents of each package but compares certain key parts of the package with a trusted information database. Information from inside the firewall is monitored to determine specific characteristics, then the incoming information is compared with these characteristics. If the comparison produces a reasonable match, that information is permitted to enter. If not, discard.
Basically the function of a firewall in a network is useful as a security system, for more details about the firewall’s function as follows:
• Control and regulate the flow of data packet traffic into a private network such as VPN (read: VPN Is).
• Authentication of data packets sent based on the source of origin.
• Protect the resources in the private network
• Make a history of all events and report to the administrator
Control and Manage Data Package Flow
The firewall functions as a controller and regulator of the flow of data packets that will be allowed into the private network by filtering through inspection of data packets and monitoring connections made from the source network.
Inspect incoming and outgoing data packets
The firewall inspects the data packet by blocking it to determine whether the data packet is permitted or denied to enter or exit the private network based on the access policy made by the administrator. To inspect a data packet, the firewall verifies the data:
• The source computer’s IP address (read: What is an IP Address?)
• The source port on the source computer
• IP address of the destination computer
• The destination port of data on the destination computer
• IP protocol
• Header information stored in packages
Authentication of Data Packages
The authentication process by the firewall is intended to avoid the entry of unknown networks to communicate with private networks that we have. There are several mechanisms that a firewall does in the authentication process:
1. Authentication method using user username and password. If the user enters the username and password correctly, then the user is allowed to enter the network. However, if the network is lost, the user must enter the username and password again.
2. The authentication method is by using digital certificates and public keys. This method is simpler and faster without user intervention like the first method. However, this method requires more complex components such as the implementation of public key infrastructure.
3. Authentication method with Pre-Shared Key (PSK) or key that has been notified to the user. Every time a user enters a private network it is required to enter a keyword or password. This is simpler than the two methods above, but this PSK method has a disadvantage that the key / password is rarely updated and users always use the same key every time they enter the network.
From the three methods above, it can be concluded to authenticate the user it is better to do a combination of methods 1 and 3 or 2 and 3.
Protecting Resources on Private Networks
A firewall has a function to protect resources from attacks or threats that may come from untrusted hosts or suspicious network traffic. Protection is done by setting the access control, SPI usage, application proxy, or various combinations to secure resources.