| Chris Owen
is President and founder of Hubris Communications. Until the opening of Hubris' Wichita office, Mr. Owen was the sole network technician and systems administrator of the company. Hubris Communications is a provider of premium Dial-Up, ADSL, SDSL, Wireless, and dedicated Internet Services. Founded in Garden City, Kansas and doing business since July 1995, Hubris Communications, Inc. serves over 3,200 customers in south central and southwestern Kansas. Chris can be reach at (316) 858-3000 or owenc@hubris.net |
Computers & Software
2002-07-01 15:42:00
What is a firewall? Is it fail safe?
Question: What is a firewall? Should everyone have one? Does it prevent all types of hacking into a system?
Answer: The standard definition of a firewall is a device that protects a private network from a public network. In reference to internet access it is usually designed to keep a private home or business network separate from the public internet.Any business connecting its internal network to the public internet should definitely have some sort of firewall to keep the two separate. Home networks with a "always on" internet connection (such as DSL or cable access) should also have some sort of firewall, although it can usually be much simpler than for a business network.The type of firewall that is required (and therefore the cost of that firewall) is largely a function of how much access you want that outside world to have to the internal network. If you have a number of computers inside your private network you want the outside world to be able to access you may need a more complex firewall. This is because the firewall has to monitor and control access to some machines inside the office (say a corporate web server or email server) while preventing access to others (your accounting computer or personal workstations). The less access you allow from the outside the less complex the firewall.For this reason, most small businesses will outsource the public parts of their network to someone else (for instance to their Internet provider) and then deny most or all access to their internal network. Alternatively they may put this public services on a public network and then put the firewall between this public part of their network and the private part.For home networks a similar approach is recommended. By not running any services on your home network you can use very simple but very effective devices to deny all access from the internet to your private network.The firewall required for this type of solutions is quite simple and inexpensive. Usually marketed with descriptions such as "DSL/Cable sharing device" these devices usually cost less than $100. In many cases this type of firewall may even be built into the router that you use to connect to your provider. As their name would suggest these devices also allow you to share a single high speed connection between all the computers on your network.These type of firewalls use a protocol known as "Network Address Translation" (NAT). NAT sets up a simple "one way doors" from your network to the public internet. Computers inside the network can make connections out but no one outside can initiate a connection into the network. Potential bad guys on the outside only see the firewall and nothing beyond it.NAT devices do have their downside however. Some applications such as Internet telephony require that outside computers be able to initiate connections into the private network. However, NAT devices are ideal for normal web "surfing" and email use and should prevent anyone from outside the network from getting into your private network.