Firewalls
A firewall is a networking device, either hardware or software based, that controls access to your organization’s network. This controlled access is designed to protect data and resources from an outside threat. To do this, firewalls are typically placed at entry/exit points of a network—for example, placing a firewall between an internal network and the Internet. Once there, it can control access in and out of that point.
Although firewalls typically protect internal networks from public networks, they are also used to control access between specific network segments within a network—for example, placing a firewall between the Accounts and the Sales departments.
As mentioned, firewalls can be implemented through software or through a dedicated hardware device. Organizations implement software firewalls through network operating systems (NOS) such as Linux/UNIX, Windows servers, and Mac OS servers. The firewall is configured on the server to allow or permit certain types of network traffic. In small offices and for regular home use, a firewall is commonly installed on the local system and configured to control traffic. Many third-party firewalls are available.
Hardware firewalls are used in networks of all sizes today. Hardware firewalls are often dedicated network devices that can be implemented with very little configuration and protect all systems behind the firewall from outside sources. Hardware firewalls are readily available and often combined with other devices today. For example, many broadband routers and wireless access points have firewall functionality built in. In such case, the router or WAP might have a number of ports available to plug systems in to.
Table 3.4 provides a summary of the networking devices identified in this chapter.
Table 3.4 Network Devices Summary
Device |
Function/Purpose |
Key Points |
Hub |
Connects devices on a twisted-pair network. |
A hub does not perform any tasks besides signal regeneration. |
Switch |
Connects devices on a twisted-pair network. |
A switch forwards data to its destination by using the MAC address embedded in each packet. |
Bridge |
Divides networks to reduce overall network traffic. |
A bridge allows or prevents data from passing through it by reading the MAC address. |
Router |
Connects networks together. |
A router uses the software-configured network address to make forwarding decisions. |
Gateway |
Translates from one data format to another. |
Gateways can be hardware or software based. Any device that translates data formats is called agateway. |
CSU/DSU |
Translates digital signals used on a LAN to those used on a WAN. |
CSU/DSU functionality is sometimes incorporated into other devices, such as a router with a WAN connection. |
Network card |
Enables systems to connect to the network. |
Network interfaces can be add-in expansion cards, PCMCIA cards, or built-in interfaces. |
ISDN terminal adapter |
Connects devices to ISDN lines. |
ISDN is a digital WAN technology often used in place of slower modem links. ISDN terminal adapters are required to reformat the data format for transmission on ISDN links. |
WAP |
Provides network capabilities to wireless network devices. |
A WAP is often used to connect to a wired network, thereby acting as a link between wired and wireless portions of the network. |
Modem |
Provides serial communication capabilities across phone lines. |
Modems modulate the digital signal into analog at the sending end and perform the reverse function at the receiving end. |
Transceiver |
Coverts one media type to another, such as UTP to fiber. |
A device that functions as a transmitter and a receiver of signals such as analog or digital. |
Firewall |
Provides controlled data access between networks. |
Firewalls can be hardware or software based and are an essential part of a networks security strategy. |