Each firewall system is based on a software component that is part of Network Configuration Management. The firewall software is used to restrict network access based on sender or destination address while permitting authorized communications.
It monitors and filters traffic based on defined rules to determine whether certain network packets can pass through or not. In this way, it prevents unauthorized network access. Depending on where the firewall software is installed, a distinction is made between a personal firewall (also desktop firewall) and an external firewall (also known as network or hardware firewall).
In contrast to the personal firewall, an external firewall does not work on the protected system itself, but on a separate device. The function of a firewall is not to detect attacks. IDS modules are responsible for the detection of attacks, they do not belong to the firewall module.
The external firewall exists between different computer networks. It restricts network access of the Internet (Network Configuration Management) to the personal (self-contained) network (internal network, LAN).
It bypasses packets that were requested from the internal network, and blocks all other network packets. The software of the personal firewall runs on the protected computer system and there is limited access to network services on the computer.
General principles
A network service is a computer program that provides access to resources such as files and printers on a network. For example, web pages are stored as files on a computer system. Only one running network service (in this case a web server software) is needed to be able to access the network and thus view a website on a remote system.
For this, special computer programs are accessible from the network, they bind each to a port of the network interface. It is said that they open a port, which means, conversely, that an open port always belongs to a computer program.
A vulnerability in a network service can provide the basis for this to run in excess of permitted access functions, actions on the computer. Note : A service (on Microsoft Windows; Unix Daemon) is characterized in that it is executed at every system startup, regardless of whether a user logs on to the computer.
The way back from the remote network service towards the inquiring PC (specifically the client) that accesses the service can sometimes be used for an overarching remote access. To continue with the above example, the user starts a browser that is supposed to represent on his PC Web pages from the Internet.
In the worst case, the mere invocation of a specially crafted website is enough to even secretly install malicious software on the PC. A malicious software can work as a network service on the PC and so enable the continuous remote access to the PC.
No Comments