2.5. Implementing Firewalls
A firewall is software or hardware designed to stop information from reaching your system unless you selectively choose certain pieces of information to pass through. This information is sent in the form of network packets (pieces of data) that are broken down into three parts:
Header: Contains address information, such as source and destination addresses.
Body: Contains the packet data, known as the payload.
Trailer: Contains checksum information, which is a value calculated off the data in the packet and helps ensure that the data has not been tampered with or damaged in transit. If the receiving system calculates a different value based on the data it receives, and that calculated value is different than the checksum value, the receiving system knows that the data has been altered in transit.
2.5.1. How a firewall works
A firewall is designed to look at the contents of the packet — specifically, the header information — to decide whether the data should be allowed into the system or discarded. The firewall uses the source and destination IP addresses from the header, as well as the port number, to help make this decision. A port number represents an application that runs on the system. For example, the Web server installed on my system runs at my IP address on port 80. The FTP server I am also running on my system uses my IP address but uses port 21 instead of port 80. If I want to allow the public to see my Web site but not my FTP site, I configure ...
Get CompTIA A+® Certification All-In-One For Dummies®, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
