How Firewalls Work
All intranets are vulnerable to attack. Their underlying TCP/IP architecture is identical to that of theInternet. Since the Internet was built for maximum openness and communication, there are countless techniques that can be used to attack intranets. Attacks can involve the theft of vital company informationand even cash. Attacks can destroy or deny a company's computing resources and services. Attackers can break in or pose as a company employee to use the company's intranet resources.
Firewalls arehardware and software combinations that block intruders from access to an intranet while still allowing people on the intranet to access the resources of the Internet. Depending on how secure a siteneeds to be, and on how much time, money, and resources can be spent on a firewall, there are many kinds that can be built. Most of them, though, are built using only a few elements. Servers and routersare the primary components of firewalls.
Most firewalls use some kind of packet filtering. In packet filtering, a screening router or filtering router looks at every packet of data traveling betweenan intranet and the Internet. See Chapter 13 for more information on filtering.
Proxy servers on an intranet are used when someone from the intranet wants to access a server on the Internet. Arequest from the user's computer is sent to the proxy server instead of directly to the Internet. The proxy server contacts the server on the Internet, receives the information from the Internet, and thensends the information to the requester on the intranet. By acting as a go-between like this, proxy servers can filter traffic and maintain security as well as log all traffic between the Internet andthe network.
Bastion hosts are heavily fortified servers that handle all incoming requests from the Internet, such as FTP requests. A single bastion host handling incoming requests makes it easier...