I’m sure you’ve all been to at least one jewelry store that has a mantrap security door. This is an entry system that has two remotely controlled locked doors separated by a chamber. When you buzz you are let in the exterior door and enter the chamber. The person controlling the locks checks you out and decides whether to open the interior door. Only when the exterior door is locked behind you can the interior door open. When exiting – you can open the the interior door into the chamber, but the exterior door won’t open till the interior door is locked.
This is a security method to control traffic in and out of the jewelry store. An unsuspicious looking person can’t ring the bell and then when the door is open, hold it open for their criminal friends.
With computer networks the equivalent of the mantrap is a FIREWALL. A firewall is ether a program running on a computer or a hardware device that examines the traffic in and out of the computer and network and, based on pre-defined rules, controls what goes in and out.
What a Firewall Does
At it’s base, a firewall is similar to an Internet router. I connects an internal network – the LAN of Local Area Network – with the outside Internet. It isolates the LAN’s private address from the Internet’s public addresses while routing traffic between the two.
The typical home or business router allows all incoming and outgoing traffic to pass between the LAN and Internet. A firewall adds on to this basic feature.
Controlling What Comes In and Goes Out
A firewall does stateful packet checking – a process that looks at the data coming in and based on rules decides what to do with the information. Some examples might make this easier to understand.
Windows has a feature that allows remote access to a PC from another PC in a different location. Cybercriminals use this feature to break in to computers and install ransomeware. Remote access uses a standard TCP/IP port. A firewall can block all incoming traffic on that port. BUT – if the port is blocked how do you remote in to the PC? The firewall allows you to select a different, non-standard port on the outside and redirect it to the standard port on the inside. While the cybercriminals keep looking for the open standard port you are using a completely different port. Also, if you have multiple computers on your LAN but only have one public IP address, you can assign a different non-standard port for each computer.
For another example – your business has its own Exchange email server to receive and send out mail. Outgoing mail uses a standard port to communicate with other email server. Some viruses, after infecting a computer, send out spam email from that PC using the standard port. This is the number one reason why companies email servers get blacklisted. This can be completely stopped using the firewall. Programming the firewall to only allow the email server to send by that outgoing port and blocking that port for every other computer, even if a PC is infected and tries to send out spam, it can’t.
Additional features of the firewall includes blocking malware before it reaches your network, blocking access from foreign countries, blocking access to dangerous web sites and much more.
Contact RSETech if you would like more information on firewalls for your business.