What does a Firewall do?

To answer that question, some networking background information must first be outlined. I will try not to get too technical in this area by simplifying the explanations and examples. When information is sent across the internet or a network, there are two very basic items that are required to make sure the information gets where it is intended to go and processed properly. They are:

  • An address – An address is basically an indicator which enables data intended for a computer to locate it. It is similar to an address on a letter which is used by the postal service to find the right house number that a letter in being sent to. Each computer has an address which is used to locate it when information is being sent to it.
  • A port – A port is a networking reference number used with the TCP/IP networking protocol which associates network packets (information sent over the network) with services or application programs. The port number helps indicate which program running on a receiving computer will process the information received.

When a computer is operating, there are usually many programs running on it at the same time even though some of these programs may be running in the background and the computer user is not aware of all of them. Some programs “listen” on one or more ports for information intended for them. One example of this is your internet browser. After it has requested a web page, it sets up a return port number for the information sent back to it to be received on. When the data arrives on the expected port, the internet browser program knows that it should process it. It receives the information, formats it, and displays it on your computer screen.

To put it simply, there are two main types of firewalls. They are:

  • Packet filtering
  • Application Firewall

Packet Filtering Firewall

Generally and simply put, a packet filtering firewall examines the ports that the information is intended for and will either allow the information to be sent through or prevent the information from getting to the computer and specific program that may have processed it.

The firewalls I refer to as corporate firewalls are used to protect what is called a private network. A private network is a special network which is hidden behind one network device (usually a firewall). The firewall may use only one address on the internet or only a handful of addresses on the internet while there are hundreds or thousands of computers behind the firewall on the corporate network. The figure below illustrates this. Each small box represents a computer which may be a computer used by an employee of the organization that owns the network.

firewall in network

Many corporate firewalls are packet filtering firewalls. They filter network traffic based on a set of rules set by the network administrator and they filter based on both address and port information. The firewall will allow some data packets into the network and other packets will be denied. You could think of each port as a potential “hole” in the firewall. If there is a hole at the port number, the packet will go through, if not, it will be denied.

firewall holes

Application Firewall

An application firewall typically keeps a list of computer programs that can receive and transmit information across the internet or network. If the program is not given specific permission to use the internet, the firewall will not permit the access. Most personal firewalls work this way. This is why personal firewalls can prevent adware and spyware since if the program has no permission to use the internet, it cannot send information back to their creators, and cannot download any other additional programs on your computer.