|How to's - Routers & Networks
Questions and Answers About Computer Routers and Firewalls
I need to connect my office to the internet. Should I buy a router or a firewall or both?
Routers and firewalls both move information and insure that it gets delivered to the right destination. Much like the post office, every computer has an address and these devices are the postal workers that deliver the information. Also like the post office, information is delivered in packets, much like envelopes around a letter. In our analogy, the difference between a router and a firewall is like the difference between the regular mail carrier delivering every letter addressed to you, and hiring someone to open your mail and only deliver items that are not harmful. A firewall inspects every packet destined for your network and looks for things that could affect your network. Firewalls can be configured to look for viruses, block junkmail, and stop traffic with fake return addresses. It can also be setup to detect attempts to break into your network. In this article, we will discuss what these devices do, and how they work.
A router connects two or more networks A router is how we see the various parts of the Internet, Web pages, e-mail messages and downloaded files. Routers are specialized computers that send the messages of every Internet user to their destinations. When you send e-mail to someone, routers allow those message to end up at that computer, rather than on any other computer in the world. Two or more networks may be set up in the same office and connected through a router. A network may only be one computer, like the desktop computer you have at home.
A router acts as a gatekeeper in that it ignores data not intended for your network, and it properly addresses data for the computers on your network This is crucial for keeping large volumes of data from clogging the connections of "innocent bystanders." It also ensures information does make it to the intended destination. As the number of networks attached to one another grows, the processing power of the router has to increase. Regardless of how many networks are attached, though, the basic operation and function of the router remains the same. Since the Internet is one huge network made up of tens of thousands of smaller networks, routers large and small keep the data moving.
Routers: Hiding your Network
Network Address Translation or NAT, is a standard which allows an organization to present itself to the Internet with far fewer IP addresses than there are nodes on its internal network. NAT converts the private IP addresses on your network to one IP address or one of several IP addresses for the public Internet. It changes the packet headers to the new address and keeps track of each session, so that when packets come back from the Internet, it performs the reverse conversion to the IP address of the client machine. This is similar to having a Post Office Box that automatically forwards to your actual street address. You can receive mail at the PO Box without giving out your street address. This is also similar to having an unlisted telephone number. NAT provides protection by keeping internal addresses hidden from the outside world.
Hiding your network from the world is a big security step. Most hackers find your network and make it a target by using a port scanner. This is a device that searches for Internet addresses and openings in the router or computer at that address.
What is a Firewall?
A firewall's purpose is to keep individuals out of your network. It is simply a program or piece of hardware that enforces security between two networks, by filtering the information traveling through the connections. The firewall determines which traffic to block and which to allow. Many firewalls have default settings that provide little or no security unless specific policies are implemented by trained personnel.
What Can a Firewall Protect Against?
Some firewalls permit only e-mail traffic through them, thereby protecting the network against any attacks other than attacks against the e-mail service. Other firewalls provide less strict protections, and block services that are known to be problems. Generally, firewalls are configured to protect against unauthenticated logins from the "outside" world. Firewalls are also used to keep internal network segments secure; for example, the accounting network might be vulnerable to snooping from within the entire company. They can also provide important logging and auditing functions, reporting summaries to the administrator about what kinds of traffic are passing through it, and how many attempts there were to break into it.
Some Specific Protection Includes:
- Remote login - Connection to your computer without your approval.
- SMTP session hijacking - Access to a list of e-mail addresses on your computer, sending unsolicited spam.
- Operating system bugs - Remote access do to insufficient security controls or bugs.
- Denial of service – Hacker inundating a server with unanswerable session requests, causing the server to crash.
- E-mail bombs - Someone sends you the same e-mail thousands of times until your e-mail system crashes.
- Macros - Hacker creates macros that, depending on the application, can destroy your data or crash your computer.
- Viruses - Spreads quickly from one system to the next. Range from harmless messages to erasing all of your data.
- Spam - Links to Web sites can accept a cookie that provides a backdoor to your computer.
- Redirect bombs - One of the ways that a denial of service attack is set up.
- Source routing- Information appearing to come from a trusted source or even from inside the network!
What Can't a Firewall Protect Against?
Firewalls can't protect against attacks that don't go through the firewall. Proprietary data can be leaked through removable media very easily! A firewall can't really protect you against insiders with access to your network. For a firewall to work, it must be a part of a consistent overall organizational security structure. Firewall policies must be realistic and reflect the level of security in the entire network. Firewalls can't protect against tunneling over most application protocols. Having a firewall is not an excuse to not implement software controls on internal networks or ignore host security on servers.
Following are the techniques used in combination to provide firewall protection:
- Packet Filter Blocks traffic based on a specific IP address or type of application, specified by port number.
- Proxy Server Serves as a relay between two networks, breaking the connection between the two.
- Stateful Packet Inspection (SPI) - A method that doesn't examine the contents of each packet but monitors the state of the transaction by comparing certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
- Firewalls are customizable. This means that you can add or remove filters based on several conditions, such as IP addresses, domain names, protocols, ports or specific words or phrases.
While some firewalls offer virus protection, it is worth the investment to also install anti-virus software on each computer. And, even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail. The level of security you establish will determine how many of these threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as e-mail, can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through.
Routers are effective in protecting data by Elm City Computing recommends the installation and set up of a firewall for each company. Elm City Computing believes that protection is an essential ingredient of computer support and does everything they can to protect your computers, network and data from intruders trying to cause irreparable harm.