8/18/2020 – 9/29/2020 – Jeff Schneider – “The IT Department”
Everybody knows what a firewall is, right? Even if you have no idea, it’s one of those technology things you can pretend you understand because the definition is in the title. It’s a WALL OF FIRE! Of course! And nobody wants to mess with that. Or, maybe it’s a wall that prevents fire from getting to you? (This is actually where the definition came from). Back when it was more common for things that used combustion to catch fire, like the engine of a car, plane, train, etc…, the “wall” was important.
Let’s examine the wall concept. To keep from getting burnt, it would be easy to just build, nice solid brick or steel wall. But in reality, you need to have a relationship with things on the other side of the wall. Front wheels; maybe a steering wheel needs pass through the wall. The throttle control? Maybe things on the “hot” side of the wall need to give you information too? Next thing you know, your firewall has holes in it! If there are holes in it, then it is possible for the fire to get through and harm you. This analogy carries right into technology’s version of a firewall. A perfect firewall would be the equivalent of not connecting anything on your network to anything else on the other side. This makes your technology a stand-alone device. And alone it would be. Computers, washing machines, refrigerators, toasters, etc… will hardly function today without being connected to the Internet. Social media is all about telling everybody just how you like your toast done and that is absolutely necessary to our very survival. Also, you want information from the HOT side of the Internet too. I’ll let you carry that analogy on further on your own time.
In a world without firewalls, each device would have full/free access to the Internet, and the Internet would have full/free access (24 hours a day) to the device. Skipping ahead here: Since all of the software that makes these devices work potentially has flaws, the first thing a firewall needs to do is prevent the Internet from poking at your device to exploit those flaws. In the best case of an “exploit” the device gives up what it knows. In the worst case, the exploit shuts down the device, or worse yet, somebody else takes control of the device and burns your toast. You don’t want your personal computer files available to the world, and you don’t want everybody to know when the last time you did laundry was. My Grandmother told me stories about when TVs first became popular and how people would dress up before watching a show. That’s right, people thought that the people they were watching, in/on the TV could see them too. Without proper security, starting with a good firewall, this is more likely a reality today than it ever was 80 years ago. So, you need to have a firewall… with holes in it. Better than nothing right?
Any Internet service you sign up for today automatically comes with a basic firewall. The two primary reasons are because your Internet services provider doesn’t want to be responsible for your neighbor watching Netflix and YOU too. The second is, because most firewalls have the additional bonus of making your 253 devices appear as a single unique address, thus your ISP (Internet Service Provider) doesn’t exhaust their pool of addresses on everybody’s ovens and toasters. In fact, most homes’ toasters will live within the same “block” of addresses. This makes it difficult for the bad Internet to single out your particular toaster. To summarize, the firewall solves a number of problems at the same time and you need one.
I skipped over some important things here and that might be causing you to ask questions. Like, if my toaster and my neighbor’s toaster has the same address… and if my refrigerator, dryer and toaster appear as the same address unique address how does any of this work? Please accept that this is magic, and it all happens inside the firewall.
It is generally true that the better the firewall, the safer you are. A basic firewall will prevent a “bad guy” from having direct access to your stuff. A good firewall can do much more. A good firewall will “watch” what is going on. Let’s say you want to check and see if the laundry is done. Your dryer talks to a server somewhere that you can access with your phone app. The server then sets up a connection directly between your phone app and your dryer. Your firewall tolerates this because the dryer started the conversation from “inside” or “behind” your firewall. However, your firewall notices that your phone app happens to be in Switzerland, but you are not. The firewall shuts down the conversation and prevents the Swiss from manipulating your washing machine. The firewall sends you a message about this, and it is time to change the password on your washing machine. This isn’t the greatest example, but you get the idea that a firewall needs to know something about you and your technology to be effective. In fact, the best firewalls know a lot all because you educated it. Rather than allowing everything and preventing what is bad, the best firewalls ONLY allow what you want and prevent everything else. This of course requires some effort on your part. If you add a new device, you need to tell your firewall about it. The more effort you put into managing your firewall, the safer you are.
One last thing about firewalls. Just because you are in the same building or home, doesn’t mean you only need one firewall. You can have multiple firewalls, or a firewall that handles separate private connections. Imagine you are a small business and want to provide Internet access for your Customers when they are at your location. The same applies for guests visiting your home. You don’t want foreign computers, phones, etc… poking around on your network with direct access to your important appliances, and personal data. These days, everybody needs a guest network.
This is a mile-high view of firewalls, but hopefully it starts to answer the “What? and Why?”. The “How?” is at least a technical book, if not a complete college course. There are good firewalls out there, and good services that will help your install and maintain your firewalls. If you do a little research, you will find that firewalls do not have to be expensive or too time consuming. The more sensitive your data is, the more I recommend upgrading and managing (or having someone manage) your firewall. If you are a small business with Customer records on your computers, or have machines that take credit card numbers, a firewall is critical (and most likely required by your bank and insurance company).