IT Security

Primarily, firewalls allow or block network traffic between devices based upon rules set up by the firewall administrator. Each rule defines a specific traffic pattern you want the firewall to detect and the action you want the firewall to take when that pattern is detected.

Note - A firewall can only operate on communications traffic that physically passes through it. A firewall has no impact on traffic between two devices on the same "side" of the firewall (i.e., both connected to the same firewall network card or port).

When the firewall receives a request from a device on one side to communicate with a device on a different side, it compares information about the request against each firewall rule in sequence until a match is found. The following information is considered:

• The network address of the device initiating the communication ("source") is compared against the list of sources contained within the rule.
• The network address of the device whose services are requested ("destination") is compared against the list of destinations contained within the rule.
• The service being requested (e.g., Web, mail, file transfer, terminal session, etc.) is compared against the list of services contained within in the rule.

Some firewall products can also consider not only the service type, but also the specific actions, files or elements involved. For example, between specific sources and destinations, a firewall may:

• allow Web requests to proceed except for certain Web pages,
• allow file transfers to proceed from destination to source but not vice versa,
• allow file transfers to proceed except for certain named files.

If an attempted communication meets all the criteria specified in any rule, the firewall will take the appropriate action specified in the rule. After a match, the firewall will not review any subsequent rules in the ruleset for that communications session. Depending on the vendor, the actions may be taken:

• allow the communication to occur,
• block the communication without notifying the source,
• block the communication and notify the source,
• require the user to provide valid authentication information (e.g., user ID and password, smart token or biometric data) before allowing the communication,
• set up a Virtual Private Network (VPN) to encrypt the communication session between the source and the firewall.

Additionally, rules contain information regarding whether or not information about specific types of communications sessions should be captured to a log file.