Friday, December 8, 2006

How Firewalls Work

Firewalls protect intranets from any attacks launched against them from the Internet. They are designed to protect an intranet from unauthorized access to corporate information, and damaging or denying computer resources and services. They are also designed to stop people on the intranet from accessing Internet services that can be dangerous, such as FTP.

1. Intranet computers are allowed access to the Internet only after passing through a firewall. Requests have to pass through an internal screening router, also called an internal filtering routeror choke router. This router prevents packet traffic from being sniffed remotely. A choke router examines all pack-ets for information such as the source and destination of the packet.

2. The router compares the information it finds to rules in a filtering table, and passes or drops the packets based on those rules. For example, some services, such as rlogin, may not be allowed to run. The router also might not allow any packets to be sent to specific suspicious Internet locations. A router can also block every packet traveling between the Internet and the internal network, except for e-mail. System administrators set the rules for determining which packets to allow in and which to block.

3. When an intranet is protected by a firewall, the usual internal intranet services are available-such as e-mail, access to corporate databases and Web services, and the use of groupware.

4. Screened subnet firewalls have one more way to protect the intranet-an exterior screening router, also called an exterior filtering router or an access router. This router screens packets between the Internet and the perimeter network using the same kind of technology that the interior screening router uses. It can screen packets based on the same rules that apply to the internal screening router and can protect the network even if the internal router fails. It also, however, may have additional rules for screening packets specifically designed to protect the bastion host.

5. As a way to further protect an intranet from attack, the bastion host is placed in a perimeter network-a subnet-inside the firewall. If the bastion host was on the intranet instead of a perimeter network and was broken into, the intruder could gain access to the intranet.

6. A bastion host is the main point of contact for connections coming in from the Internet for all services such as e-mail, FTP access, and any other data and requests. The bastion host services all those requests-people on the intranet contact only this one server, and they dont directly contact any other intranet servers. In this way, intranet servers are protected from attack.