Firewall -- software for control and the filtration of the passing through net packets at different levels of OSI model in accordance with the assigned rules.
Depending on the tracking of active connections, firewalls can be:
-
stateless (simple filtration), which do not track the current connections (for example, TCP), but filter the flow of data exclusively on the basis of static rules;
-
stateful (filtration taking into account context), with the tracking of the current connections and the passage only of such packets, which satisfy logic and algorithms of the work of the corresponding protocols and applications. Such types of internetwork screens make it possible more effectively to fight with different types DoS- attacks and vulnerabilities of some net protocols.
Network layer firewalls operate at a (relatively low) level of the TCP/IP protocol stack as IP-packet filters, not allowing packets to pass through the firewall unless they match the rules. The firewall administrator may define the rules; or default built-in rules may apply (as in some inflexible firewall systems).
A more permissive setup could allow any packet to pass the filter as long as it does not match one or more "negative-rules", or "deny rules". Today network firewalls are built into most computer operating system and network appliances.
Modern firewalls can filter traffic based on many packet attributes like source IP, source port, destination IP or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes.
It is necessary to tune firewalls. All tested firewalls worked rather well, but only after tuning (training, the creation of tuning by hand - it is not important). The operation of not tuned Firewall can apply more harm, than the benefit (it it will pass dangerous packets and vice versa, it will interfere with useful programs)
After tuning Firewall and IDS it is necessary to test - this is also sufficiently obvious conclusion, but nevertheless it is important.
Personal Firewall is vulnerable before the harmful programs, which work from the context of useful. Conclusion - as the minimum remove different untrusted panels and others from the browser and the electronic mail. Before the installation of any plugin, panel, utility of expansion and the like it is necessary of ten times to think about their need, since they are not the separate processes of operating system and work from the context of parental program. Trojan program is easily detected by the personal Firewall - it "sees" that a certain process attempts to begin hearing the port of the xxxxx or exchange with the certain host. But if a Trojan program worked from the context of browser, then to the access of browser into the Internet almost for sure no one will turn attention.
Many personal Firewall are visible as the processes of operating system and can be stopped by virus. Conclusion - it is necessary to watch the operation of the firewall and its sudden completion can serve as signal about the penetration of virus. Some Firewalls (for example Kerio) allow remote control, which should be disabled or covered with a password.
|
