What is a firewall? Here is the layman's explanation :)

What is a firewall?

Let’s start with the Webopedia definition:

(fīr´wâl) (n.) A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
There are several types of firewall techniques:
Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

In practice, many firewalls use two or more of these techniques in concert.

A firewall is considered a first line of defense in protecting private information. For greater security, data can be encrypted.

Eh? What? Who?

I hear you; we need someone to explain what the heck a firewall is, but in laymen terms.
First of all, there are two kinds of firewalls, the ones we all use on our PCs (known as Personal Firewall or Desktop Firewall ) and the others that are hardware based, in your router or where enterprises deploy in their operations (these cost a lot of money to buy, up to thousands of dollars). Both are integral to the everyday maintenance and security of a PC.

So why have two?

Because there are 2 things that a firewall does.

First, it acts as a prevention tool, and makes you invisible on the Internet. Imagine the Internet as a highway (literally) with houses scattered all around it. Each one will have its own number, as well as doors, windows, etc. Each house represents a computer connected to the Internet. Now, wouldn’t it be cool to have “invisible paint” that I can paint my house with on this highway, so that people can’t see me ? Yup, that’s one function of a firewall. It makes you invisible on the Internet highway so that hackers don’t know where you are and they can’t hack in to your machine. Hackers are like the nasties on this highway, who go knocking on your door to see if anyone is in, even try to open the door to see if they can get into your house. After all, in the virtual world, hackers get in to your house (your PC) and take over as you have much less visibility to what’s happening in your PC than your house!

Yes, but the firewalls in our routers have some firewall functionality to stop hackers from getting in to your PC, don’t they?

Yes sir, you are right. Some hardware firewalls do have this functionality. That is why firewalls (the PC firewalls) have evolved to offer the 2nd functionality, “detection”.

Huh?

Okay, let me think . . . got it! Making yourself invisible only protects you against one type of threat. There are numerous others. Think of them like this:

  1. The hacker throws a hand bomb through a window he manages to open.
  2. The hacker puts a nasty bomb in your shopping bag without you realizing it. You take the shopping bag home.
  3. The hacker drops a package at your front door and you open it.
  4. The hacker gives you a really nice present that you will be proud to display as a piece of furniture. It looks a bit like a Trojan Horse, but you like it.

Protecting your PC against these attacks is tough, because they are not thoroughly understood. The idea is to prevent your stuff from being stolen, right? So how do you do that in the PC world? Let’s serve this up in the “real world”. It looks something like this.

You are shoplifter and you go to a retail outlet and identify some nice clothes to steal. You are wearing a huge coat so that you can put some of these clothes on you in the dressing room and simply walk out with them. Good plan so far. >:-D Ok, you go pick 5 items, go to the dressing room, and put them on. You feel like smiling, but don’t! You will give yourself away. Just walk towards the door as if nothing has happened. DO NOT WHISTLE! You are making it too obvious. Just walk normally. OK, great, almost there. Keep going…

BEEP…BEEP…BEEP … OOOHHHH NOOOO!!!

You forgot to remove the tags! Oh well, try telling the police this was just an experiment to show how PC Firewalls work, and see if they buy it. No, we can’t visit you in jail. :slight_smile:

Tags? What tags? Those electronic tags on the clothes I stole?

BINGO!

This is a tag alert system. It stops valuables from being stolen. If you have something being taken out of the shop without authorization, it sounds the alarms. Well this what your firewall does. It stops thieves from stealing, literally. If you have somehow managed to get malware on your system and that malware is trying to make a call home and steal information from you, the firewall will warn you. This is why your firewall must not “leak”; otherwise, malware will be stealing stuff out of your machine, without your firewall alerting you. A leaky firewall is like a tag that doesn’t work, shoplifter will take it out of the store without sounding any alarms!

There are many ways to get something nasty into your house, and guess what? In the virtual world it’s even easier! It’s easier because not many people understand “what is what”. What may look like an Email or something else innocuous could spell disaster for your PC. Having both firewalls in place gives you both prevention and detection, so a hacker is outsmarted, both coming and going.
Now I hope I have been able to give you a good security briefing with this article. If you take nothing else away from this,

“Put tags on your stuff, or it’s going out the door, people!”

Melih

Great explanation, Melih! (:CLP)

Very good use of illustrations.

LM

Thanks LM :slight_smile:

Now I hope people understand the importance of leak tests! A leaking firewall is like those electronic tags that don’t work! Shoplifters will have a field day!

Melih

Nice one Melih, but what about that tag, what if either the thieve bring scissors and cut the string attached to the tag and pass the security, or bring a hammer and ■■■■ that security check? Back to computer, what if the “virus” either cloak itself (don’t know how), remove the installed virus definition, or simply terminate the antivirus?

that is why firewall alone cannot provide you all the security you need.
That is why you need a layered security architecture (you can read about it in my blog at www.melih.com )
Melih

That is a great story! I really really like it! very funny, most of all it helps people understand the dangers of the virtual world… Knowing how stuff works is one of the best defense systems people can have! :wink:

Several posts relating to CIS Operations have been moved here so that the user’s questions can be answered without disrupting the original thread.

LM

Excellent way of defining a firewall Melih! (:WIN)

Thank you Jesant13.

Melih

Very good explanation Melih, thnx

Nice one

Here is my explanation

In simple a house with many doors without compound and a security [ is a system with no firewalls installed ]

A house with many doors with compound and allows entry and exit through one door with a security check is a system with firewall [ a simple port blocking and packet analysing ].

Is anything wrong let me know.

Thanks

Regards
MuthusrinivasaN :slight_smile:

Really appreciate this explanation !! Many thanks !!

I think so,
This article (isn’t it ?) should have illustrations.

nice explanation:)

Finally…an explanation that actually makes real sense - Thank you! I am such a n00b to Comodo, I was wondering if there is a Comodo 101 section somewhere that I could study. I’m confused ??? I thought I downloaded just the firewall, but, have found some antivirus events that were found and isolated.

One of my main sources of confusion is what to do with something that the firewall doesn’t recognize. That nifty tab slides up and announces the file or whatever it has found and asks me what to do with it. Sometimes I’m sure I know what it is, and click the “allow” button. Many other times, It’s a funky (to this n00b) string of letters/numbers with .exe or some other extension, and I really don’t have a clue what it is. These usually end up in the sandbox - even though I don’t yet really understand just what that is (my cats know), or how to get said ap out of there if I find I need it later 88)

Other times, it will send something I absolutely recognize (such as my web cam, or, an update from my antivirus program) to the sandbox, even though I’ve told it repeatedly that I know and trust the application!

My son pointed out yesterday that he couldn’t update the virus definitions (not Comodo) because he couldn’t find the program! When I did some looking around in the firewall logs…there were a lot of isolated items that should have gone through cuz they were from my antivirus program and should have been trusted :-\

It should be obvious by now that I need to be directed to a place where I can study how to use this firewall product.

I’ve been putting off asking about this because I keep thinking that even though I’m new to this product, I should be able to figure it out.

Friends ask me “Why use a product that you don’t know how to use? Couldn’t that end up doing more harm than good?” They have a point. Any chance of meaningful guidance for this n00b?

Confused, but, trainable

~p-d~

Hello at all Very very excellent :-TU way of defining a firewall Melih Kind regards

This is a very extensive guide to Comodo Internet Security, it should help alot and it’s from comodo’s own site so it’s safe. also it is organized well so you can easily read what you want by subject instead of scanning through the whole help page.

http://help.comodo.com/topic-72-1-155-1074-Introduction-to-Comodo-Internet-Security.html

Also i have to ask what Antivirus are you using because it could be a fake antivirus that comodo doesn’t know about therefor going to the sandbox which puts strict limits on what files can do. if the file is unknown and in the sandbox i believe it automatacly submits the file to comodo’s lab to test the file. if it’s good then it lets it free. if its bad then it get’s rid of it.

if you have a well known antivirus make sure you downloaded it from the antiviruses real site. also if it is a well known antivirus but someone deleted the antivirus vendor from your trusted vendors list which comodo will allow then it will block it or sandbox it.

also if files aren’t digitally signed then comodo may sandbox it or prompt you to do something. i can’t remember which. usually software is digitally signed. malware i don’t think can get signed. if it can then it is really hard for it to get signed but that’s why comodo only trust files if it is both on the vendors list and signed. if it doesn’t have both then comodo doesn’t allow it unless you tell comodo to allow it or to take it out of the sandbox.

if you can get how to work comodo and i think you can then you will have the best security in the world.
comodo is soon adding the ability to scan with all antivirus scanners at once in comodo internet security even the ones you have to pay for and they’re giving it all to you for free. you seem to know a little more than the average user and don’t sound like you’re intimidated by things you don’t understand. i applaud you for learning.

also if you need more help you can ask Melih the founder of comodo directly for advice and help through this link

also add him as a buddy through this link

https://forums.comodo.com/profiles/Melih-u3.html

and feel free to ask me questions directly as well if you want to

Very good, but then you need to also have a version of this to deal with all thost times that CIS thinks there is an electronic tag, but it is a false positive. I guess a bit like going through airport security and the system bleeps because you left a coin in your pocket.

That’s an easy illustration, but how to deal with the one where you know you are 100% squeaky clean but the system still thinks you are a terrorist, the alarms go off, hell breaks loose, the police grab you and stick you in a cell until your lawyer can get to you or they send a photo and dna prints of you off to their HQ. This of course, is D+ and the sandbox. Assumed guilty until proven innocent, sometimes at great time and expense.

;D