The data packets that come and go between your PC and the outside world can be defined by a set of rules. These rules state whether a packet has access to the system in the first place, then whether or not it can gain access to its destination program. Collectively, these rules make up a Firewall.
The term firewall comes from fire prevention, where a physical wall is constructed in order to halt the spread of a fire. In digital terms, the physical wall stops malware and other threats from spreading into the system.
Some form of digital protection against unwanted entry into a system has existed for many years but the more recent software side of a firewall, one that we’re reasonably familiar with, has only been around since the ‘80s.
Prior to the modern firewall, system administrators blocked unwanted access through various stages of hardware layers. Long lists of allowed computer addresses were painstakingly entered into mainframes and routers, where programmable chips filtered the white list and simply stopped all access to addresses that weren’t on the list; think of a nightclub bouncer, if your name’s not on the list you’re not getting in.
In its simplest guise, a firewall will look to a defined set of rules then apply those rules to any data packets that pass through it. For example, if you’ve created a rule whereby all Telnet traffic is blocked, any packet that’s trying to reach port 23, the port that Telnet applications listen on for data, will be blocked. While suitably effective this low-level packet filtering does have its Achilles heel, in that it treats each packet as an independent piece of data: not knowing whether it’s a part of an already established stream of data. This can be targeted by hackers who want access to a system with a firewall in place. The clever hacker is able to spoof a packet and thus tricking the firewall into letting it pass. It takes some time, and it’s a bit hit and miss, but most hackers have plenty of patience when it comes to getting into a network. Therefore a much needed higher degree of firewall monitoring is called for.Stateful Inspection firewalls were introduced in the mid ‘90s and enabled a firewall to log all the connection that passed through it determining what was the start of a new packet stream, part of an existing packet stream or something random. This allows a firewall to allow or drop any access based on a data packet’s history. In terms of effectiveness, this makes the firewall more efficient and faster at dealing with connection requests as it doesn’t need to continually analyse each packet as an individual but rather as a whole stream. For added layers of protection, if a packet doesn’t match any of the connection histories, then it can be evaluated and filtered through the various rules to determine its legitimacy.
A further layer of protection was included into the basic firewall early in the 2000s. Application-layer analysis enabled firewalls to inspect packets that were targeting individual applications within the operating system. Each program or application installed in the system will use a set of protocols to communicate with the outside world.
When an application is installed, on a Windows 10 system for example, the installation mechanism will automatically add an instance of it to the Windows 10 firewall. This means that it is able to send and receive information successfully through the Windows firewall without any of it being blocked. By blocking an application’s access to the outside world, the user could miss out on regular updates, fixes, patches and so on.
One of the key benefits to an application-layer firewall is that it’s excellent at blocking specific content, such as known malware and viruses or dangerous websites. It’s also capable of determining when a particular protocol is being misused by a rogue application.
Where the firewall proceeds from this point is unclear. However many experts agree that although we’ll always need a firewall, the modern systems, networks and devices have so many potential access points that it’s fast becoming less efficient to run the standard firewall model. In effect, the modern firewall, regardless of how complex and efficient it has become over the years, is quick becoming a bottle-neck for the operating system. What some experts are theorising is that at some point in the future, the need for a single, overall firewall will be outdated and that the next generation operating systems will require each program and application that can be installed to act as its own firewall. Whether this will come about is pure fantasy at the moment but at the speed digital technologies grow and evolve there’s a good chance of finding out soon enough.