What is a "firewall" (in reference to computers)?

Question

I know it is device of some kind that is beneficial to the the computer in blocking viruses. However, I am curious and want to learn more about this.

Answer 1

A firewall is a piece of software which attempts to block hackers from accessing your computer. It doesn't block against viruses, per se: it regulates your internet traffic so only the stuff you want goes in and out of your computer. If you have high-speed, always-on internet access, you really should have a firewall.

An excellent free one is called ZoneAlarm, which you can download here: http://www.pcworld.com/downloads/file/fid,7228-page,1/description.html

Most routers also have built in firewalls. Meaning, if you're using a wireless connection at home, you are already pretty safe.

Answer 2

A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network which has different levels of trust.

I use and recommend both a hardware and software firewall especially with "always on" broadband.

A firewall's basic task is to transfer traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ).

A firewall's function within a network is similar to firewalls with fire door in building construction. In former case, it is used to prevent network intrusion to the private network. In latter case, it is intended to contain and delay structural fire from spreading to adjacent structures. An analogy of network firewall is a fire-resistance rated wall with a fire-resistance rated, self-closing, solid-core, inside unlockable, outside key-lockable door between a house and its attached garage.

Without proper configuration, a firewall can often become worthless. Standard security practices dictate a "default-deny" firewall ruleset, in which the only network connections which are allowed are the ones that have been explicitly allowed. Unfortunately, such a configuration requires detailed understanding of the network applications and endpoints required for the organization's day-to-day operation. Many businesses lack such understanding, and therefore implement a "default-allow" ruleset, in which all traffic is allowed unless it has been specifically blocked. This configuration makes inadvertent network connections and system compromise much more likely.

Answer 3

The best answer you have so far is from Robert S.

Just to add a bit of clarification -

Someone else mentioned ports. Ports are in reference to the applications that you run (such as email, web browsing, chat and so on).

You may also have heard about an IP address? Every computer on the Internet has a unique IP address, you get it from your service provider every time you turn on your computer. All communication from the computer uses that IP address as it's source address. Also in the message being sent is the "port number" or application that the message is from. There are literally 1000s of ports defined most of them unused by 99% of the general population. By default many of these ports are sitting "open" on a computer operating systems (windows/unix/linux etc..) network drivers (a.k.a. TCP/IP stack).

A hackers basic goal is to break into a computer and steal information or take control in some fashion of a remote computer.

One of the way hackers do this is to run programs that poll a particular IP address on the Internet (could be yours) for open ports that they can exploit. As stated by someone else a firewall closes down access to all these ports to the outside world.

Another way a hacker can exploit you is if you some how manage to install a piece of malicious software. This software if executed could send out information off your PC (like send SPAM email). In this case the firewall will notify you , via a very cryptic message that most people won't understand that application "X" is trying to send out on port "Z" do you want to allow that? This is a particular problem with peer to peer file sharing sites like Limewire. A hacker can take their malicious software and name it after the most popular song/video/movie etc.. of the day put it on limewire and every friggin kid in the world is going to download (firewall sees that you requested it so it let's it through) it and try to run it. As soon as they run the "malware" is installed, and the kid is complaining that the song they downloaded didn't work (or maybe it did and the kid is none the wiser).

A firewall does not have anything to do with viruses per say, but most people think of the malicious things that can occur to your computer as a virus.

A firewall's job is to keep the bad guys out and try to inform you if something strange is being sent out. They do this by monitoring the "ports" on your network protocol stack.

The industry giant regarding firewall technology is a company called Checkpoint Systems based in Israel.

Answer 4

Hello, here is an answer for your question.
A firewall is a hardware or software device which is configured to permit, deny or proxy data through a computer network which has different levels of trust.
A firewall's basic task is to transfer traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ).

A firewall's function within a network is similar to firewalls with fire door in building construction. In former case, it is used to prevent network intrusion to the private network. In latter case, it is intended to contain and delay structural fire from spreading to adjacent structures. An analogy of network firewall is a fire-resistance rated wall with a fire-resistance rated, self-closing, solid-core, inside unlockable, outside key-lockable door between a house and its attached garage.

Without proper configuration, a firewall can often become worthless. Standard security practices dictate a "default-deny" firewall ruleset, in which the only network connections which are allowed are the ones that have been explicitly allowed. Unfortunately, such a configuration requires detailed understanding of the network applications and endpoints required for the organization's day-to-day operation. Many businesses lack such understanding, and therefore implement a "default-allow" ruleset, in which all traffic is allowed unless it has been specifically blocked. This configuration makes inadvertent network connections and system compromise much more likely.
If you want a more detailed answer you can go here
http://en.wikipedia.org/wiki/Firewall_(networking)
The above were taken from there. It is a very good source of information.

Answer 5

Firewall is like a wall that is protective for your computer from others intruders and viruses. It may also block some programs there fore you have to make it adjustable to your needs.

Answer 6

well fier walls dont block vricers . they block stuff comming in unused ports. some hackers user uncommen ports so that is how they get in
all so some apps need a port to go on the net and you have to get the fire wall to do it. if you have a router you are fine bacuse they are just like the windows fire wall but better

Answer 7

Be careful not to plug too many computer components into one electrical outlet. If you do, the outlet could overheat and you will end up with a firewall.

Answer 8

It's like a wall that protects your computer from hackers and spyware. So that people don't know what your doing on the computer.

Answer 9

I think it just helps prevent viruses and pop ups into ur comp.

Answer 10

FIREWALL

A must have for every network. Firewall is like a shield, which protects your network from the outsiders. It makes sure that only the authorized persons are be able to access the network and keeps the unauthorized ones out. It acts as a barrier between the outside world and your internal network, deciding which network traffic to come in and which to go out on the basis its rule-set.

Protection From The Day One
Nebero has a built-in firewall which protects your network from the day one. Nebero integrates both network and application-layer protection and more applications and protocols can be added to suit your environment. Nebero Firewall protects your network from both internal attacks and external attacks. It does so by blocking invalid connections. Statefull packet inspection and layer 7 filtering which out beats most of the industry standard firewall and UTM (unified threat management) devices. The flexibility of Nebero allows administrator to specify Firewall at the user level. The core of Nebero firewall is, its strong rule-set which is tweaked down to the maximum by our experts to gain high level of security. And the best part is that this rule-set is fully customizable to accommodate any future needs of your network. Nebero makes the job of adding new rules to the rule-set very easy.

DMZ and Perimeter Network Area – Dead end to a disaster.
One of the biggest threat to an organization's network is due its server being directly exposed to the internet. Such directly exposed servers are like a disaster waiting to happen. Any mischievous hacker or script kiddie can target them to enter your network, which is then at his mercy. Nebero Firewall protects such critical servers by defining a DMZ (demilitarized zone) and Perimeter Network Area within your LAN. DMZ is a separate area of your LAN which sits between external network and the internal network of an organization. The connections from external network as well as from the internal network are permitted to the servers lying under DMZ, but not from the DMZ to internal network. This setup ensures, that in case the security of DMZ server is compromised, intruder will not be able to access the internal network. DMZ acts as a dead zone or dead end for an intruder. Defining and managing DMZ through Nebero's management console is very easy. E-mail, DNS and Web servers can easily be put into DMZ.

Tweak It The Way You Want
More applications or protocols, can be integrated into Nebero to support the new environments in an organization. Nebero offers comprehensive intelligent firewall which will control all the Internet traffic. Pre-built templates for firewall rules thus makes it easy to deploy firewall as per your own needs, where in you can also create your custom templates. Nebero Firewall allows you to completely customize the access of all the users or a group of users, to the Internet, according to policies of the Organization. Nebero allows the administrators to set policies according to his own organization, wherein he can give a restricted access to both the external and internal users.

Time Based Policy Switching
Nebero allows Time based Policy Switching for Groups, i.e multiple firewall Policies can be attached to a Group or a number of Groups. For example, Four policies depending upon the level of Internet Access have been created, now these policies can be attached to a group or a number of groups, so that each group can have different access rules at different points of time.

Statefull Firewall
Nebero employs a statefull firewall which keeps track of the state of network connections. The firewall is programmed to distinguish legitimate packets for different for types of connections. It examines every packet entering the network very carefully and determines whether it is the new packet or packet from the already established connection. Only packets matching a known connection state will be allowed by the firewall, others will be rejected. Thus ensuring a very high level of secure environment for your network.

Bandwidth Abuse: Nightmare of an Administrator
With growing bandwidth power in an organization, misuse of the bandwidth is also increasing. Every year the requirement of bandwidth increases putting extra burden on an organization's budget. But beware this need for extra bandwidth could be due to its inappropriate uses than the actual genuine requirements of the organization. In todays hi tech lifestyle, Internet has become a necessitate and the benefits and joys it can provide is no more a secret. Employees want to surf the net, share emails, download games, mp3 and latest Hollywood flicks from their favorite P2P application and that too at the expense of their organization. They watch porn goto warez sites and often unknowingly put their network at the risk of malware, spyware and trojans. Unaware of these activities network administrator are busy plotting proposals for the purchase of extra bandwidths. In most of the cases administrators have no idea about whats going on in their network because some of these actives are not visible by conventional means. And even if they are aware of these activities they are incompetent to block them by traditional port blocking mechanisms of so called UTM devices. Specially the P2P applications which makes connections on different arbitrary ports every time. And some users are clever enough to bypass the blocked site and use proxy site. But that was the story until now.

Nebero Firewall the ultimate solution to Bandwidth Abuse
With the use of Nebero firewall administrators are easily able to block communication applications like yahoo, msn, aol messengers, plus more and P2P software like bittorrent, kazza, and more by name and that too for all or specific users. Administrators can block/open access to application ports. Nebero comes with a preloaded database of 2.5 million website categorised under different heads like Porn Adult, Online Gaming, Job, Ads.. etc. Administrators can disable access to these website categories with a few mouse clicks. And all the website under the disabled categories will no more be accessible to the users. With the advance features of Nebero Firewall administrators can even block or allow download of file types like exe, mp3 and zip etc as well as can block upload of files. Upto what maximum size a user can download a file can also be specified. No more proxy tricks. Nebero Firewall puts end to such loopholes. Inappropriate words can be blocked from searching. Users can't search a blocked word.

Nebero Firewall in a nutshell
# Protects your Network computers and Servers from Internal and external attacks, by blocking invalid connections.
# Stateful packet inspection and layer 7 filtering which out beats most of the industry standard firewall and utm devices.
# Perimeter network area and DMZ capabilities to protect your critical Servers from being directly exposed to Internet.
# Block yahoo, msn, aol messengers etc, P2P software like bittorrent, kazza etc by name, for all or specific users or group of users.
# Block/open access to application ports.
# Add ports to Block/Open specific to applications used within the Organization.
# Firewall configurable to user level.
# Block over 2.5 million of websites spread across different categories like Porn Adult, Online Gaming, Ads.. etc, with a few mouse clicks.
# Block/Allow download of File types, for a group of users.
# Block Upload of Files.
# No more proxy tricks.
# Search engine filtering. Inappropriate words can be blocked from searching.