What is a firewall and what does it do?
Firewalls monitor and control incoming and outgoing network traffic based on predetermined security rules. Typically, a firewall establishes a barrier between a trusted network and an untrusted network, such as the Internet.
A firewall defines a single choke point that keeps unauthorized users out of the protected network; prohibits potentially vulnerable services from entering or leaving the network, and provides protection from various kinds of IP spoofing and routing attacks. The use of a single choke point simplifies security management because security capabilities are consolidated on a single system or set of systems.
A firewall provides a location for monitoring security-related events. Audits and alarms can be implemented on the firewall system.
A firewall is a convenient platform for several Internet functions that are not security-related. These include a network address translator, which maps local addresses to Internet addresses, and a network management function that audits or logs Internet usage.
A firewall can serve as the platform for IPSec. Using the tunnel mode capability, the firewall can be used to implement virtual private networks.
Limitations of Firewalls
The firewall cannot protect against attacks that bypass the firewall. Internal systems may have the dial-out capability to connect to an ISP. An internal LAN may support a modem pool that provides the dial-in capability for traveling employees and telecommuters.
The firewall does not protect against internal threats, such as a disgruntled employee or an employee who unwittingly cooperates with an external attacker.
The firewall cannot protect against the transfer of virus-infected programs or files. Because of the variety of operating systems and applications supported inside the perimeter, it would be impractical and perhaps impossible for the firewall to scan all incoming files, e-mail, and messages for viruses.