Just like a literal “fire wall” is designed to contain the spread of a fire within a building, firewall technology exists to stop security threats passing through to your computers and devices. When you use the internet, your firewall acts as a barrier that filters data between your secure, internal network and the less trustworthy worldwide web.
Advanced firewalls that we use today are based on “application firewalls”, which intercept and “understand” all the protocols that pass through the system. These firewalls work by blocking unauthorized processes, rather than just unauthorized ports. This means they are able to detect unwanted protocols that are trying to bypass the firewall through an allowed port, or protocols that are being abused in way that could harm the system. By being able to scan for malicious processes, application firewalls play an important part in blocking computer viruses, worms and Trojans from gaining access to your network. Before making any decisions, make sure to research the options available for protecting your home network.
As a general rule, firewalls have proved to be successful and reliable in providing protection. However, as security technology evolves to new levels of sophistication, the threats facing this technology become similarly complex. It is important to be aware of new threats that are arising which pose a risk to firewall technology.
Inside Out, and Outside In
Firewalls are designed to filter information that is entering your network from the outside. What is lacking is some kind of protective scanning of data that passes out through the firewall from an internal host. This sort of threat applies less to home networks of one or two devices and more to corporate infrastructures, where a great deal of sensitive information is being handled. Companies can be at risk of imparting data of enormous value to the outside if problems with their hardware cause information to be leaked out through the “back door” of a firewall.
Devices exist which fight this sort of threat by inspecting every packet of information before it leaves a network. It might be worth investigating trafficking tools such as NTop, or Niksun’s NetDetector, to help you keep track of your outgoing data.
Another hole in the armour provided by a firewall is attack via email. “Phishing” is the term used for hackers sending out mass emails that will harm anyone who opens it. This doesn’t pose a particularly high risk as a basic spam filter will deal with such emails. However, “spear phishing” is a specific malware attack that targets people on an individual level. Information is gathered by the hacker about a certain person, and then the hacker sends an email that is designed to look like something they would ordinarily receive. It might be an email from a colleague asking them to check something in an attached file. When this file is opened, the spreadsheet software attacks and infects the computer.
Just as a firewall cannot protect against information coming into your system via email, it also is unable to detect malware that installs itself onto your computer from an infected website. If your internet browser, or Java, is encountering a threat to security, then visiting an infected site will spread the malware onto your system. Of course, it is possible to set your firewall only to allow visits to reputable sites – but even the most trusted sites can sometimes fall prey to security threats.
How much protection does your firewall provide? Check out these reasons why a firewall alone is not enough.