Firewalls
...om outside the company is reading too many files from a server then the firewall may block all transfers with that address. Domain names: It is harder for humans to remember a string of numbers, and sometimes IP addresses need to change, servers on the Internet have domain names (www.google.ca) instead of its IP address. A company may block access to some domains or only allow access to specific domain names. Protocols: The pre-defined way a browser who wants to use a service talks with that service. Protocols are often text; it describes what it will be doing. Common protocols: IP (Internet Protocol) the main delivery system for information, TCP (Transport Control Protocol) used to break apart and rebuild information, HTTP (Hyper Text Transfer Protocol) used for web sites, FTP (File Transfer Protocol) used to download and upload files, UDP (User Datagram Protocol) used for information that requires no response, ICMP (Internet Control Message Protocol) used by a router to exchange information with other routers, SMTP (Simple Mail Transport Protocol) used to send text-based information, SNMP (Simple Network Management Protocol) used to collect system information from a remote computer, Telnet used to perform commands on a remote computer. Most companies only set up one machine to handle a specific protocol and ban the other machines from using that protocol. Ports: All server machines use ports to make its services available to the Internet. If a server is running a HTTP and FTP server then HTTP could be on port 60 and FTP could be on port 21. A company would block access to port 21 on all machines except one. Words/Phrases: The firewall can look through every packet for an exact match of the text listed in the filter Firewalls protect you from many things that people use to access/abuse your computer. The things that it protects you from are, Remote login: When someone is connected to your computer and can control it in some form, such as accessing files or running programs. Application Backdoors: Some programs have special features that allow for remote access and other programs contain bugs that provide a backdoor/hidden access. SMTP session hijacking: SMTP is a common way to send e-mail over the Internet. After gaining access to a list of e-mail addresses a person can send spam to thousands of users, it is done by redirecting the e-mail through the SMTP server. Operating system bugs: Some operating systems have backdoors others provide remote access with insufficient security controls or have bugs that experienced hackers can take advantage of. Denial of Service: This attack is nearly impossible to counter; a hacker sends a request to the server to connect to it. When the server responds it will not be able to find the system that made the request. Doing this will slow down the server enough to make it crash. E-mail Bombs: E-mail bombs are just someone mailing you hundreds of emails so that you cannot receive any more emails. Macros: In order to simplify complicated procedures, applications have a script of commands that the application can run. Hackers have created macros that can destroy data or crash your computer. Viruses: A small program that can copy itself into other computers, spreads quickly through computers. Viruses can just output a simple message or delete all of your data. Spam: Spam is harmless but very annoying, but they often link to websites that have a cookie that provide a backdoor to your computer. Redirect Bombs: Hackers use ICMP to redirect the information to a different router, one of the ways a denial of service attack is set up. Some of the items listed are hard/impossible to filter using a firewall. If people want complete protection they could set it on the highest level of security, but that would block everything. Experienced administrators block everything ...