A Note About FirewallsA firewall is a system that protects a local network from attack by unauthorized users attempting to access the LAN from the Internet. The word firewall has entered the lexicon of Internet jargon, and it is one of many computer terms that can fall within a wide range of definitions. Firewalls perform a number of functions. However, one of the most basic features of a firewall is something that is pertinent to this hour. That important feature is the capability of a firewall to block off access to specific TCP and UDP ports. The word firewall, in fact, is sometimes used as a verb, meaning to close off access to a port. For example, to initiate a Telnet session with the server, a client machine must send a request to Telnet's well-known port address, TCP port 23. (Telnet is a utility that lets the client computer serve as a terminal for the server. You'll learn more about Telnet in Hour 15, "Remote Access Utilities.") Unauthorized use of Telnet can sometimes pose a security threat. To increase security, the server can be configured to stop using port 23 to access Telnet; for that matter, the server can simply stop using the Telnet application, but that extreme solution would prohibit authorized users on the LAN from using Telnet for authorized activities. (Why have it if you're not going to use it?) An alternative would be to install a firewall as shown in Figure 6.10 and configure that firewall to block access to TCP port 23. The result is that users on the LAN, from inside the firewall, have free access to TCP port 23 on the server. Users from the Internet, outside the LAN, do not have access to the server's TCP port 23 and therefore cannot access the server through Telnet. In fact, users from the Internet cannot use Telnet at all to access any computer on the LAN. Figure 6.10. A typical firewall scenario.This scenario uses Telnet and TCP port 23 as an example. Firewalls typically block access to any or all ports that might pose a security threat. Network administrators often block access to all ports except those that are absolutely necessary, such as a port that handles incoming email. You often find devices that provide the company's Internet presence, such as a Web server, placed outside the firewall, so that access to the Internet device will not result in unauthorized access to the LAN. By the Way Just as a firewall can keep outside users from accessing services within the network, it can keep inside users from accessing services outside the network. |