What is a firewall?
A firewall is software that is used to protect a single computer or an entire network from unwanted external access. A firewall is therefore an elementary element of any security system. A firewall is not used to directly identify and prevent attacks as such. Rather, a firewall is used to lay down very clear rules on how communication on the computer / in the network may work. All communication that does not comply with the rules is blocked, even if it were not harmful attacks at all. Basically, it can be said that all remote attacks on computers are only possible through security gaps in systems and various computer programs. In today's times, it is necessary for a number of programs to be provided with so-called network services. This means that, for example, a printer in the network can be used by different computers, but also access to data on another computer. These access rights can be used by malicious programs, but also specifically by hackers, to penetrate a network or a computer without authorization. This means that private data and documents can be stolen or viruses, malware and spyware can be installed unnoticed.
This is exactly where a firewall comes in. Due to the clearly regulated access rights, strangers or websites cannot usually access the computer. However, if access is permitted by the user (this is usually requested in a very hidden manner so that the average user has no idea what rights he is currently assigning), a firewall can no longer guarantee protection. This is why it is often ensured in large companies that the individual employee has no rights for changes to his computer, in the network and above all in the security systems. This is done centrally by IT technicians, the so-called admins. The firewall is then not installed directly on the computer of the individual user (personal firewall), but on a separate device that directly shields and protects the entire network from the outside (external firewall). A combination of personal and external firewalls is operated in most large networks. The external firewall is to protect the network from unauthorized access from outside, the personal firewall ensures that.
A firewall can use different methods to detect and prevent unwanted network traffic. The most common variant is the so-called packet filter firewall. All network packets are evaluated here and checked for the specified rules. With network addressing, the MAC addresses and IP addresses of the individual network cards in the network are assigned access rights. In this way it can be clearly regulated who has access to which functions and data. With a proxy firewall, the content of the network packets is checked in addition to the source, destination and service of the traffic data. Firewall software is usually reinforced with additional modules, which technically are not part of the firewall. These include IDS (detection of unauthorized access) and IPS (prevention of unauthorized attacks).