A Brief History of the Firewall: While many of us know "what" a firewall is in terms that it sits on our desktop and protects us fromoutside intruders on our networks but do we truly know what it is, where it came from or where it's headed in the future? In this 3 part summary on firewalls, we will address these very questions.
Let's begin by asking what a firewall is in terms of "definition". There are a few and some vary for our purposes we'll go with the Wikipedia version to start.
In computer science, a firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewalls in building construction. A firewall is also called a Border Protection Device (BPD), especially in NATO contexts, or packet filter in BSD contexts. A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust). Theultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle.While this may seem confusing, let's try to explain it in more basic terms, a firewall is a barrier, or protection that information between computers on a network must pass through. So a firewall protects between point A and point B. We will get into further detail later in the next section.
So where did the firewall come from? Beginning in the 1980's, at the NASA Ames Research Center in California a memo was sent by email that read, "We are currently under attack from an Internet virus!" The virus had spread and was known as "The Morris Worm". This was considered the first large scale network attack. At the time, this was a very unexpected occurrence, but an eye opening one nonetheless. It was time to do something being network securities, companies and home users alike, were now threatened and so began the trek to secure the future of networks.
In 1988, Jeff Mogul from Digital Equipment Corp. had developed the filter system. These filter systems were known as "packet filter firewalls". The evolution begins. From the late 80's into the 90's, two men from AT&T Bell Laboratories, Howard Trickey and Dave Presetto, brought into light the second version of the firewall, the"Circuit Level Firewall". From this a third generation firewall began to emerge, the "proxy firewall" or "application layer firewall" brought forth by Marcus Ranum. His work eventually brought about the first commercial firewall. This commercial firewall was released by Digital Equipment Corporation's (DEC) and gave it a name, SEAL. The ball was now rolling and by 1992 the first visual firewall that users could see, color, iconsand be accessed from an operating system, was called "Visas". By 1994 , Check Point Software Technologies had built this into the readily available firewall called "firewall-1".
The second generation of the "Proxy" firewall was under way and was based on"Kernel ProxyTechnology". Cisco, considered one of the largest security companies, released this product to the public in 1997. Not long after, deep packet inspection engines were merging with the intrusion prevention systems for better security and firewalls are on their way to becoming a standard security.
If you don't know what a firewall is, don't feel ashamed. Back in 1999, I didn't even know the Internet existed. One day my brother-in-law had shown me his new computer, brand new Athlon 1gz processor, 512 RAM, wow! I had no idea what it meant at the time but it sounded good. He then decided to show me a couple of joke sites on the web. The what? The web. I was amazed and never knew it existed, perhaps working construction hours for 10 years had a bit to do with this, work and sleep, no time for technology. Whatever the reason, I bought my own computer, a whopper nonetheless, 850Mhz AMD Athlon, 30 gig hard drive along with an amazing 128 RAM! While I quickly became used to the WWW, I never used a firewall, nor did I know what it was. I had a friend yell at me,"You don't ever stay on the web without a firewall!". While he was right, I had no idea why and no one would explain this in detail, so I ignored it. After a while, my pc became infested with all sorts of baddies and I ended up re-installing my OS for the first time. So after losing all my new found information I had tucked away safely on my hard drive, me and firewalls became acquainted quickly.Yes, there was a need for it.
So now that we have a basic understanding on the history of a firewall, and what it's definition is, do we know what it is in terms of functions and security? The inner workings and what they protect against? Next we have a look into what it is this little icon in our system tray does and how important it is.
A Note to Newbies:
If you are new to using a computer, or don't know yet what a firewall does, or are waiting until the 2nd part of this article comes into play, I suggest getting and installing a firewall immediately. XP comes with a firewall in most cases, "if the pc is updated" and is usually on by default. This will get you through for now but I would suggest getting a better firewall onto your pc as soon as possible. In many aspects, Windows XP firewall is there to give you a layer of protection while connecting your pc to the Internet but falls very short in accomplishing true security needs. The Comodo Personal Firewall, (CPF) is a full, free, version and works extremely well to protect your pc. If you are new to firewalls and do not know how to set firewall settings, or new to computing at all, I suggest the auto configuration method as it installs the security settings best seen fit for your computer. I use the auto configuration even though I know how to configure my settings and it still passes all leak tests and provides a very high level of security.
What is a Firewall? In part one we covered a bit of history about firewalls and touched on why they were made. Most should have a fairly basic idea of why we use them so let's move on to the workings of a firewall. What makes them tick? What are they doing to block the "baddies" from our computers?
First of all, let's cover a few basics. Since most of us have heard the term blocking "Network ports, or (ports)" , then what exactly is a port? Well, in very basic terms, (Network Ports) or numbers, that are recognized by (network protocols) allowing computers to communicate. An example would be "me" calling "User Dude Pizza", but the phone line is numbered, ( 1-6 ) we'll say. While phone wires are not (actually) numbered as such, let's just say I have to use port 4 which is the port number of "User Dude Pizza", in order for us to communicate. I dial the number on port 4, they pick up the phone and respond to me on the same port, me giving my order, them taking my order and responding. We then hang up. The communication was made on (the pretend) port 4, so if someone was using port 5, or if I had dialed on port 5, they would not be able to communicate with us.
NOTE: These are mainly TCP\UDP ports and are not PHYSICAL ports which are eg..( peripheral ports) like a "mouse port" on the back of the computer.
For more on Network Ports, click
here For more on Protocols, read more on them
here To begin, let's boggle the mind a bit. Did you ask how many ports there are? Good, because there are a few, as a matter of fact there are 65,535 ports. Keep in mind that not all these ports are in use. For the sake of this article, we will simply say a firewall blocks most of them for us, but keep in mind, if we blocked ALL ports completely, we would end up with nothing better than a standalone computer, there have to be some open ports to allow for communication. HTTP port 80 is worth a mention since this is the Internet protocol which we browse the web on and will be using it as an example later on. On these lines of communication, we chat, send e-mail, browse the web or do personal tasks such as banking. Unfortunately, along the same lines of communication are those who exploit this communication for wrong doings. This is where the firewall comes in.
So what is the firewall doing to protect us? Well, applications "listen" to the port they are assigned, eg..port 80, but when doing so, security is not implemented and the port is then open to incoming signals, which leaves it vulnerable to attack. So if we have an application listening on port 80,(assuming no firewall) a
"cracker" scanning for open ports, can exploit your computer by way of this open port. A firewall filters the port, allowing only "wanted traffic" and block the baddies from getting in.
Firewalls also keep information from getting out. If you have a baddie on your computer, it may try to grab personal information and leak it out to the source of it's origin, possibly leaving your bank account information for thieves to use at their own accord. This is one way identification theft can occur so keeping your information ON your computer is extremely important. In some ways this goes hand in hand, allowing an attacker to get in can also allow them to take information fROM your computer.
With this in mind, a firewall examines and filters both incoming and outgoing traffic routed between networks, if the information doesn't meet the standards of being "safe" it is blocked and "good" information is let through. A firewall will alert you , usually by pop up, telling you something has happened. It may be an unwanted application trying to access the Internet, or trying to worm it's way in. Either way, this means the firewall is probably doing it's job by letting the user know "something" be it good or bad has or is happening. A firewall usually logs information as to what has been going on, allowing the user to further examine these logs to determine what is trying to get in/out or what has been blocked/allowed.
Firewalls do this a number of ways and use a number of techniques as listed below. Attacks can happen from anywhere in the world and while the above scenario is an extremely basic one, I would hope the technically challenged may get a "basic"understanding from it.
Definitions courtesy of Webopedia.
# Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it
based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
# Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
# Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
# Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.
Note: many firewalls may use these in combination.
This has much to do with the OSI model and is suggested reading to better understand firewalls
click
here For more on packets click
Data packet Also, for a list of ports that can be used by Trojans and Trojan listed, see
here What about home networks? While I do have a home network, my son with his computer and Internet, and I with my computer and Internet, I have firewalls set on both computers. But what if I didn't have Internet on mine?
Let's assume I have no Internet connection but my son does, would I trust the fact I am only connected to his pc and not the Internet enough as to drop my firewall ? Probably not. Not that he is a bad browser you see, but assuming he somehow has an attack on his computer, this can filter down through the network leaving me open for attack. As long as I am networked, I keep practice to have an active firewall.
Seeing as how there are so many ports, ports under attack, the firewall seems to have it's work cut out. There are varieties of firewalls as well but we will stick to 2 basics being, a software firewall and hardware firewall.
Hardware firewalls are typically part of a router and mainly uses packet filtering and more advanced stateful packet inspection, (SPI) Hardware firewalls do provide a decent level of safety. Many will say that a residential hardware firewall has a weakness by allowing all outgoing traffic from a local network to go through as "safe", so in turn being let through to the Internet unchecked. The scenario? A baddie on you pc wants to communicate with someone/cracker , outside of your pc,they gather all your private info and send it out onto the Internet This will not be regarded as"bad"or blocked. Out of the 65,000 odd ports, would you be able to guess which one they are using? I know I wouldn't so this is a big consideration. With hardware firewalls that DO have outgoing blocking capability, they lack the ability to alert the user as to what is happening and repeated attempts are not known as well are not very"user friendly".
Software firewalls typically reside as an installed application on a computer. When you download and install Comodo Personal Firewall, this is a software firewall. Software firewalls are much easier for the user to access, as most have an icon right on the desktop. The configuration is more versatile as well and many settings can be customized to fit a user's needs. A software firewall also monitors incoming/outgoing traffic and alerts the user, which very important. A software firewall is far better protection against worms, Trojans, and other malicious beings. The downside that most will tell you is that software firewalls only protect the pc they are on, hardware firewalls protect all. But as with Comodo Personal Firewall, it's a FREE , FULL version firewall so this would not be an issue as it would cost nothing to be installed on each computer on a network. Some firewalls are made from a, perhaps older or at least some type of running computer which you then install a special firewall software on. These seem a mixed breed between hardware and software. While I won't get into the depths of these, in my opinion, they will remain a mixed breed. They are very safe as well but obvious downsides are, not easy to configure for many, need of another running pc, obvious power usage increase, and a few others.
So while both have good and bad points to some extent, it is best IF you have a hardware firewall, to also have the software firewall. Those who are behind some kind of router with a firewall, are not 100% safe. A software firewall is ALWAYS a good idea to have with or without a hardware firewall\router. If you ever hear someone say to you, “I never use a firewall, if you don’t do anything illegal, what are you worried about?” This is a comment I have heard time and time and I regard them as statements from a “garbage can“. All one would have to do is lookup hijacking, hackers, viruses, Trojans, among others to get a good glimpse as to why you need a firewall. Whether you do legal or illegal computing isn’t for me or a firewall to determine, nor does it set a standard as to who gets hacked or attacked. If there are illegal activities going on, that’s for the law to decide, but hackers/crackers don’t discriminate.
My attempt thus far has been for those who may not have a technical understanding, to understand a firewall a bit better. Currently, if you can now look at your firewall and think, wow, I know what this is TRULY for, then I have accomplished this task.
In the next and final section, we will be touching on what the firewall is becoming, what it's future is and explore a few possibilities of what to expect from future firewalls.
The Future of Firewalls: Now that we have learned a bit about the history, making, and reasons to have a firewall, there remains another question, what is the future of the firewall? I would think anyone would be hard pressed to give this answer as I don't believe there is any certainty to how long we will indeed need a firewall or how long the current firewall technology will be in place. In the technology world, things change at a rapid pace and leaves such a prediction a mere guess at best. We can take this mere guess and much of this will be based on numerous readings and somewhat MY opinion.
Let's begin by stating how fast the Internet is growing, threats are growing, and the need to cover all these threats are growing. We can look at it in this way, at one time the firewall was a basic packet filtering device and took little to no resources to do it's job. Now, many firewalls have become ever so packed with security technologies to keep up with the growing threats, hence taking up more resources on a computer. This is no surprise and is currently unavoidable. Much like Anti virus software, the more threats, virus definitions, different types of attacks, the AV needs to keep up with and monitor all these new threats. This is what I call in my own words, "unavoidable bloat". As the threats grow, so does the software and resources.
Many will ask for ALL-IN-ONE firewalls, firewalls that may do other monitoring jobs like block pop ups, scan for viruses, etc...The problem is that security suffers because of this as do resources. This is what I would call "true bloat ware". It seems in the competing market,it's not the quality as it is the "what you can get for your buck" situation. The more glamorous the software, the more options, the more hype, the more people will think to buy it. I for one choose to keep my securities in particular, separate, for this reason.
Internet speed is ever increasing and detection systems must keep up. It would do no good to have a eg...1.5 meg connection with a firewall that filters at a 56k rate. One concern is “bottlenecking” from all the increasing speeds and blocks being put on at one level or another, firewalls are required to keep up the pace while being thorough. Perhaps this fits in with the suffering security from bloat ware and to coin an old phrase, "less is more". Or at least keeping to the strictest of needs and not far beyond that.
So where does this leave the firewall? Currently, I would think the firewall is steady but in the very near future, may have to do some rebuilding, although it has done just that since it's early days. Other mentions are implementing more, smaller and specific hardware devices to do specific jobs instead of the burden of passing through a typical software firewall. We may call these "edge networks".This doesn't mean getting rid of the firewall, it means easing the burden on the firewall and increasing speeds by taking away some of the bottleneck effect.
A view and description on an edge network
hereOr
here If we don't know where the firewall is headed, we can at least get an idea from yearly projections of sales. I won't go into such detail but so far it seems the future sales projections are very high and will remain so for a few years to come. Does this indicate quite some time before the software firewall needs to be anything other than what it is now with "some" changes along the way? It's hard to say as projections are just that, projections.
What we DO know is this, there are growing threats every day, faster than any firewall can keep up with and as with any protection software, is always a step or two behind the threat. Without knowing what types of threats will be created, it's almost impossible to put a stop to them ahead of time. Instead many remain addressing the threats as they come but the speed of responding to these threats is key.
As I mentioned about the "bloat" and "bottlenecking", this may only get worse until eventually the firewall gets a little helping hand or is forced to become something altogether different. I don't feel it's a question of "IF" it will happen as it is "WHEN" it will happen. The biggest change may come when we begin changing the way we communicate, the threats change as well and computers themselves. With a few articles floating around the Web about Microsoft going on a "rent an Operating System" based structure in the future, we would no longer be installing the OS on our systems as we would be opening up a browser to our OS's. This alone would impact our firewall security dramatically, what would we install the firewall on? Would it be on the MS server? Ok, this may be down the road a bit and not anything MS has anything "final"up their sleeves, truthfully I don't know but just a bit of food for thought. It's not just the firewall we need to think about with future changes but everything from desktop computing to communication methods.
So this leaves us still wondering perhaps where the firewall will be in years to come but it's obvious to see that no one can tell exactly when or where it may change or perhaps not be needed at all one day. When will it take up too many resources? Will it become too bloated or no longer be a viable option? Only time will tell. Until then, I will sit back with my coffee, run my Comodo Personal Firewall, and as anyone else, deal with it one day at a time and attempt to keep up with security news and changes.
Paul
We hope the above article was useful to you and would like to invite you to join our forums and discuss this or other issues you may have with security, get your questions resolved or just help Comodo community.
Author