Skip to main content

About this free course

Download this course

Share this free course

Introduction to cyber security: stay safe online
Introduction to cyber security: stay safe online

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

1 Firewall basics

A photograph of a building on fire, with a firefighter looking on.
Figure 1

In a building, a firewall is a reinforced masonry wall that is designed to prevent a fire spreading through the structure, allowing people time to escape. Similarly, in a computer network, a firewall is a barrier that blocks dangerous communications from spreading across a network, either from the outside world into a local network, or from one part of a local network to another.

Firewalls can be supplied as dedicated network devices or they may form part of a network router. A firewall might also be included as part of a computer’s operating system.

The internet existed for a long time before firewalls were invented. The first discussion of the necessary technologies took place late 1988, and came about after several attacks from organised groups of hackers and the very first malicious software.

At their simplest, firewalls block network communications by looking at the addressing and protocol information in the data packet’s header. As a data packet (or datagram) arrives at the firewall’s interface, the addressing (usually IP) and protocol information (usually TCP or UDP) is compared to rules programmed into the firewall’s software. These rules can be supplied by the firewall’s manufacturer, or more often they are created by an administrator or sometimes the user.

So if a packet originating from a hacker conducting a scan of your network or computer arrives at a firewall, it will inspect its addressing and protocol information and then compare this against its set of rules. If the set of rules say that packets from an unknown address (the hacker) are to be blocked, then the firewall may either discard the packet ‘silently’ or ‘close’ the connection with the hacker.

Most firewalls store the state of connections to determine if they represent new or existing connections. They will only allow packets belonging to a known, active connection to pass (provided the rule set allows this). More advanced firewalls can identify the applications responsible for sending and receiving packets, allowing network managers to block applications that use excessive bandwidth – such as media players, or those widely used for distributing copyright infringing content – such as BitTorrent applications, as well as protecting from application attacks.

You’ll learn what a personal firewall protects against in the next section.