With a firewall in place, the landscape is much different.
A company will place a firewall at every connection to the Internet (for
example, at every T1 line coming into the company). The firewall can
implement security rules. For example, one of the security rules inside the
company might be:
Out of the 500 computers inside this company, only one
of them is permitted to receive public FTP traffic. Allow FTP connections
only to that one computer and prevent them on all others.
A company can set up rules like this for FTP servers, Web
servers, Telnet servers and so on. In addition, the company can control how
employees connect to Web sites, whether files are allowed to leave the
company over the network and so on. A firewall gives a company tremendous
control over how people use the network.
Firewalls use one or more of three methods to control
traffic flowing in and out of the network:
- Packet filtering - Packets
(small chunks of data) are analyzed against a set of filters.
Packets that make it through the filters are sent to the requesting system
and all others are discarded.
- Proxy service -
Information from the Internet is retrieved by the firewall and then sent
to the requesting system and vice versa.
- Stateful inspection - A
newer method that doesn't examine the contents of each packet but instead
compares certain key parts of the packet to a database of trusted
information. Information traveling from inside the firewall to the outside
is monitored for specific defining characteristics, then incoming
information is compared to these characteristics. If the comparison yields
a reasonable match, the information is allowed through.
