A firewall may be a secure barrier between your private network and the public internet, but it can’t do everything you might expect. A firewall by itself won’t necessarily have virus protection built into it, for example.
Misconceptions about firewalls
What firewall will not do:
- Scan for viruses
- Defect intrusions
- Detect misuse of ports
Let’s look at why to illustrate the point.
- Firewalls provide access control to ports
- Ports are assigned to services
- Protocols are also assigned to services
- If a port and protocol match a rule, the firewall acts
Traditional firewalls are strict
- Traditional firewalls are strict
- They do exactly what you tell them to do, even if it does not make sense
- Mail is a great example of port misuse, or redirection of ports to confuse attackers
A traditional firewall works by controlling access through ports at the entry and exit point to a device or network. Ever wonder why you need to configure a port number in your advanced mail settings sometimes to make your email client work?
Well, it’s because mail is a combination of usually, IMAP and SMTP, though there can be others. IMAP is for receiving and SMTP is for sending. So you could imagine that if there is a mail server being protected by a firewall, it’ll be important for the firewall administrator to configure the port for IMAP and the port for SMTP to pass traffic through those ports. Because everyone on the internet has agreed that there will be specific ports associated with IMAP and SMTP, traffic sent to those ports can be defined as being associated with those services. But, in its simplest form, a firewall isn’t looking at what is in those packets being sent through those ports. The firewall is just opening or closing the ports based on the rules you set. If some clever person decided to send another kind of traffic through those ports, or, if someone decided to send SMTP, for example, through an unexpected port, the firewall could be used to pass traffic only for devices configured with the uncommon port configuration for that service.
As long as the traffic that hits that uncommon open port on the firewall is forwarded to a port on the server that is configured to listen for the right kind of traffic on that port, it all works. In fact, this was, and still is, a technique some mail administrators would use to keep spam from entering their networks. They would close the standard ports for SMTP and custom configure uncommon ports to handle that kind of traffic only for their mail traffic. If the admins can control the devices being used to access mail on their network, everything would work fine, and the custom design would work pretty well at cutting out a common intrusion point onto their network.
Tricks to be played
- A firewall is not the end of your security story
- Firewalls need to be supplemented
- Some supplementations can even exist on top of the default traditional firewall, in the form of other security software.
There’re all kinds of tricks you can play with. Services, port numbers, routing, and firewalls. I just want you to understand that a firewall is not a panacea. Just putting a firewall in place and turning it on will not magically protect you from every possible threat. It will, however, give you one of the many necessary tools that you can use to protect the information for which you’re responsible.