A typical firewall can perform a number of
tasks depending
on the complexity of the firewall itself. The basic functions of a
firewall are
as follows:
2.2.1
Stealth Mode -
Discarding Pings
This requires a little
explanation. There is a common
mechanism in networked environments for finding out if a particular
system is
up and running and connected to the network. Typically a utility called
ping is given the IP address of the
remote system. The ping utility sends a data packet to the remote
system
represented by the IP address and waits for a reply. If it gets a reply
then
the user knows that the system at that address is available on the
network.
Whilst this seems innocuous enough there is
actually good
reason to configure your firewall to not respond to ping requests.
You’ve
probably seen the old war movies (and some new ones too) where the
destroyer on
the surface of the ocean uses sonar to try to locate a submarine
somewhere in
the depths below. The sonar sends out pings and waits to see if the
sounds
bounces back off the hull of the submarine. When the destroyer gets an
echo it
drops depth charges in an attempt to destroy the submarine. Compare
this to
your Linux system. The hacker will send out ping packets to every IP
address on
the planet and attack those that reply. By not responding to the ping
packet
you have a greater chance of remaining anonymous to the attacker –
rather like
a stealth submarine that is impervious to sonar.
Don’t be fooled by “experts” who try to tell
you that ping
stands for Packet Internet Groper. This just an attempt by those experts to make
something
sound more complicated than it is. The author of ping
states that he chose that name because of the noise made by sonar.
2.2.2
Port Forwarding and Blocking
Port blocking is the most
fundamental level of firewall
security and will be used by most home or small business users to
protect their
systems.
As we mentioned previously computer systems
communicate
through ports. A firewall can be used to block any ports that you do
not want
to be open to your systems inside the firewall. For example FTP
operates
through port 21. If you do not wish anyone on the outside to have ftp
access to
your systems you will need to configure your firewall to block port 21.
Conversely, Port Forwarding is also a very
useful tool to
have. Suppose you have three Linux systems on your internal network and
want to
be able to telnet into one of those systems when you are outside your
firewall
(perhaps at the local café using the free Wi-Fi connection while
you drink your
coffee or while in a hotel on a business trip). In this situation you
will
configure your firewall to forward port 21 connections to the system
you want
to access from outside. When you connect to your IP address using
telnet the
firewall will see the packets arriving on port 21 and know that it must
forward
them to the IP address of the machine you have designated. If you have
more
than one system on your network it is essential that you set up port
forwarding
to handle this. After all, without port forwarding how would the router
know
which internal system you wanted to connect to?
2.2.3
Packet Filtering
Packet filtering is a much more advanced
mechanism for
providing security and is not available in typical small business or
home use
router devices.
Data is transmitted over networks and the
internet in what
are called packets. Each packet contains information about where the
data came
from and where it is going to (i.e the IP address of the sender and the
your IP
address). In fact a packet contains a great deal of information about
the nature
of the data being transmitted and many advanced firewall solutions
allow you to
filter the data packets coming in through your internet connection to
allow or disallow
packets depending on what are called filtering rules. For example you
might
allow a telnet session (which allows you to log into your Linux system
from
outside) but disallow ftp packets (which allow files to be transferred
to and
from of your Linux system). You may also choose to block packets
arriving from
an IP address that you know to be suspicious.
