If you have a firewall solution for your PC and/or network, hopefully it’s doing its job of stopping potential intruders.  But how does it actually work?

4D’s Founder and Technical Director, David Barker, gives his explanation in this latest instalment of our Cyber series, ”How does a firewall work and what to know before your next attack.”

The term, ‘Firewall’, comes from the building industry where it literally means a wall designed to stop fire spreading to other parts of the building.

In computing and networks, it’s hardware or software which prevents one part of the network from talking to another part, or one device from talking to another device in the network.  As well as separating one part of the network from another, the firewall allows you to control what traffic can pass through it - to keep the good things in and the bad things out.

Take, for example, a home PC:

home pc firewall setup

On the home PC above, all incoming traffic is blocked by the firewall but all outgoing traffic is allowed through it - including website visits like Facebook, YouTube, Google or the 4D website.  Bear in mind that responses to that outgoing traffic are allowed back in.

Now, let’s look at a typical server deployment:

In this scenario, you may see a hardware firewall or a more advanced software firewall.  With a server, either in a data centre or in the cloud, you’ll want to allow certain services inbound through your firewall - for example, SSL (Secure Sockets Layer) protected web traffic, SSH, email or FTP.

In the diagram above, we’ve got HTTPS (SSL on port 443) and SSH (on port 22) open and allowed through the firewall.  Thus, these are configured so their inbound connections are allowed through the firewall and they can then connect to the application on the server.

Conversely, MySQL traffic (on port 3306) is blocked on the firewall - this may be the case because MySQL lacks strong enough encryption, therefore blocking this traffic helps to prevent a potential hacker from reading sensitive data.

All outgoing traffic from the server is allowed through the firewall.  However, you can setup rules which block and filter certain outgoing traffic.

How would you specifically control this traffic?

You'd usually control the traffic passing through the firewall by opening and closing certain ports for the application you wish to let talk.

If you’re still concerned about threats creeping in, there are more advanced features such as intrusion prevention and intrusion detection, which will actively analyse the traffic going through the firewall and actively block any potential threats.

To learn more, see our information on 4D's managed firewall solutions.