What is the firewall? Actually, firewall is a special word always used in construction field. It is a kind of walls that is made of fire-resistant material and built between buildings. When a fire breaks out in neighborhood building, it can retard the spread of the fire to other locations.
But the firewall used in Internet that provides similar controls is not a real wall. It is a component system of the computer hardware and software, which is used as the protection system of a certain network to prevent unauthorized users from accessing that networks.
A typical firewall always be “built” on the gateway point, where is the accessing point between Intranet and Internet, or the accessing point between a database (subnet inside the Internet) and Intranet. It controls the information services provided by the certain subnet or database. For example, some confidential databases can only be visited by the users who is specially authorized to do so.
Of cause, if the Intranet or host computer is totally isolated from network, the firewall will be no use. But in many circumstances, it is impossible for a company involved in electronic business to totally isolate their Intranet from Internet, and we know there are a lot of physical and cyber threats to be faced by Internet connected companies. At this time, firewall means a lot to them, that is, firewall plays an important role in controlling, monitoring the connections between the private network of a company and Internet (or extranet), and safeguarding the security and integrity of the documents of a certain company.
When the firewall is set up, all the outbound or inbound data flows (traffic) between the Internet and the subnet must pass through it, and it examines the traffic when pass through it.
It can let the inside authorized users use both inside and outside information service, while unauthorized outside users identified by its security policies are refused to access in the network.
There are many kinds of firewalls, such as “Simple traffic recording system”, “IP packets filter gateway” (or IP packets examine router”) and the “proxy application gateway”. Each provides different level of security checking. Which is the best? It is hard to say, because it depends on what kind of files (database) you want to protect and what kind of protect you want the firewall to provide, since we know that there are four kinds of documents: public used, copyrighted, secret and confidential. So, the users must think over all above factors and choose the most adequate firewall based on cost-effective rules, because the more powerful safeguard the firewall provides, the higher investment and maintain expenses for the firewall the company will afford.
Among all the firewalls, “Simple traffic recording system” is the simplest one. It is a kind of recording device that can keep all the records of passing through traffic in a database or document for auditing purpose. It has a database called “audit log file”, on which listed chronologically all the visiting records of every file of a certain subnet, including the name of visited files, the user’s address, the visiting time and times, and the amount of data transferred (downloaded). Actually, it can’t play a safeguard role, but only a recorder, it is often used for monitoring the using of public used data, such as advertisement or products list on a website, to provide the information about clients or consumers behaviors for decision making.
The rest kinds of firewalls are all structured on the base of packets filtering techniques, the packets are small subsets if data that travel through networks, each with the source address, destination address, protocol used, and part of the e-mail texts. This kind of firewalls has two functions: chokes and gates. When the packets sent to the firewall, the firewall chokes the data flow and examines them based on security rules that the firewall administrator designed and stored in the software of firewalls to decide whether or not the packets should pass through. If it could pass, the gate will act as a typical gateway to provide external connection. The level at which packets can be examined varies by the types of firewalls.
There are two kinds of rules used for examining the data traffic: one is called “default permit”, which allows all traffic except that explicitly blocked by firewall administrators; the other is called “default deny” which denies all traffics except that explicitly allowed by the firewall administrators. Generally speaking, the letter is better, for it doesn’t need to update it’s checking list often, because it only let the preauthorized users to access in and turn down all the unauthorized accessing, no matter what kind of intruders they are, known or unknown.