Firewall

A firewall prevents unauthorized access to a private, commercial, or state network, even though (or precisely because) the network is connected to a public network. Once a TCP/IP connection is established, every data packet is transported. Unlike a firewall, a router is not interested in the content of the packages it transmits, even though their functionality is quite comparable.

In principle, a firewall functions by cutting off the outward connection and placing a computer with two network interfaces in between. This computer almost functions like a router. However, it does not send each packet to the other side, but rather checks based on its rules whether the packet is allowed to pass, whether it is sent back, or whether it is just discarded.

As each packet contains the IP number of the sender and the receiver as well as their port numbers, the firewall computer can detect the purpose for which the packet has been sent. Regarding web server requests on the Internet, for example, the receiver will have an IP number that does not belong to the local network (e.g. port number 80). The sender has an IP number from within the company range and a random port number (dynamic port) that is not one of the well-known ports. When the server responds, both the receiver and the sender are changed. An attempt to attack the company’s Intranet web server externally would look completely different, however. In such a case, the receiver of the packet would have an IP number from the company’s internal network and the port number would be 80. It is therefore possible to discern who the client and the server are.

Firewall rules are generally set up in such a way that they prevent any unknown communication. After that, the necessary harmless communication channels are gradually approved. Consequently, outbound access from the web server via port 80 needs to be explicitly approved, otherwise the packets may be blocked or rejected to conform to the rules.