A firewall is a hardware device or software application that looks at all raw data transferred to the server from the public Internet. Its purpose is to protect the data stored on the Web server, or any server attached to the network for that matter, from external (cracker) attacks. It is possible to configure the firewall software to look for particular types of data, for example, specific commands that are not permitted on your server. Furthermore, it is even possible to block data that comes from a particular source, like a country or individual user.
Firewalls are used by organisations who run their own Web servers like Microsoft or IBM. They are also used by ISPs (Internet service providers) and domain hosting services. In fact, any organisation large or small, connected to the Internet, should install a firewall.
When a user, friendly or malicious, tries to access your Internet server, they send commands to the server requesting that it carries out actions. If a user wants to view a Web page, the client’s Web browser sends an HTTP command to the server asking it to send back the data for a particular page, which it can then display. This transfer is transparent to the user, and if it were only friendly users who accessed your server, the use of a firewall would not be required.
The job of a firewall is to block the attempts of a cracker, who attempts to view more than is authorised, by blocking the commands used. The firewall whilst blocking these illegal attempts, must allow legal traffic to go through unhindered.
Generally, there are two types of firewall that are available. The simpler of the two is called a packet filter. This method examines each bit of the raw data that comes in from the Internet. Configuring a packet filter requires that you edit a table, called a filter table, which contains various rules, either denying or permitting packets. For example, you could configure it to block packets from a particular address, or define rules that prevent access to certain parts of the server.
Probably the simplest way to set up a firewall is to have a router that sits between your server and the internet connection, which will filter out unwanted traffic to the server. The second, and more complex type of firewall is called a bastion host. This is a dedicated computer that also sits between the link to the Internet and your Web server. It has a basic configuration, containing a minimum number of data files and spends its time continually checking incoming data. If the incoming data satisfies the firewalls rules, it is passed onto the Web sever for processing.
The bastion host can examine traffic at the application level, rather than the IP level of the simpler firewall. It can also generate logs and alerts to show who has tried to hack into your network, providing a further layer of protection.
Using a bastion host, means that your network will likely have a minimum of three dedicated machines; the network server, the Web server and the bastion host.