Firewall Basics
A firewall is a network security device or system that allows (based on a set of rules) to control traffic entering and leaving the network. Generally a firewall creates a barrier between a network that is considered secure (usually the internal network or LAN) and another network that is assumed to be unsecure (commonly an external network, and/or the Internet). The firewall filters traffic between two or more networks.
Routers that manage traffic between networks contain firewall components, and likewise some firewalls can perform certain routing functions, and can even provide tunneling services (VPN), DHCP address assignment, and others.
- Nowadays, a firewall is an essential tool to protect our Internet connection. The fact of using an Internet connection can be the cause of multiple attacks on our computer equipment from outside. The longer we are online, the greater the probability that the security of our system will be compromised by an unknown intruder. . Therefore, it is not only necessary to have antivirus software and antispyware software installed and updated, but it is also highly recommended to have firewall software installed and updated.
- A firewall is a system designed to prevent unauthorized access or access from a private network. Firewalls can be implemented in hardware, software, or both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet.
- The MikroTik firewall protects your computer from Internet attacks, dangerous Web content, port scanning, and other behavior of a suspicious nature.
- The Firewall implements packet filtering and thus provides security functions, which are used to manage the data flowing to, from, and through the router:
- Through NAT (Network Address Translation) unauthorized access to directly connected networks and to the router itself is prevented. And it also serves as a filter for outbound traffic.
- RouterOS works as a Stateful Firewall, which means that it performs packet state inspection and tracks the state of network connections traveling through the router.
- RouterOS also supports:
- Source and Destination NAT
- NAT
- Helpers for popular applications
- UPnP
- The firewall provides internal marking of connections, routing and packets.
How does a firewall work?
The Firewall operates using rules. This has 2 options:
- The matcher : All conditions must be verified and must match in order to apply.
- The Action : Once all the parameters match and the first verification passes, the action proceeds.
The matcher analyze and compare these following parameters:
- Source MAC address
- IP addresses (network or list) and address types (broadcast, local, multicast, unicast)
- Port or port range
- Protocol
- Protocol options (ICMP type and code fields, TCP flags, IP options)
- Interface through which the packet arrives or leaves
- DSCP byte
- And many more…
RouterOS can filter by:
- IP address, address range, port, port range
- IP protocol, DSCP and other parameters
- Supports Static and Dynamic Address Lists
- You can match packets by pattern in their content, specified in Regular Expressions, known as Layer 7 matching
RouterOS Firewall also supports IPv6
A firewall constitutes a kind of barrier in front of our computer, this barrier examines each and every information packet that tries to pass through it. Based on previously established rules, the firewall decides which packets should pass and which should be blocked. Many types of firewalls are capable of filtering data traffic that tries to leave our network outside, thus preventing different types of malicious code such as Trojan horses, viruses and worms, among others, from being effective. The firewall acts as an intermediary between our computer (or our local network) and the Internet, filtering the traffic that passes through it.
A firewall, as already described, intercepts each and every packet destined for and coming from our computer, doing this job before any other service can receive them. From the above we can conclude that a firewall can control all communications of a system over the Internet.
A communications port is said to be open if the system returns a response when a connection establishment request packet arrives. Otherwise the port is considered closed and no one can connect to it. The strength of a firewall is that by analyzing each packet that flows through it, it can decide whether to let it pass in one direction or another, and it can decide whether connection requests to certain ports should be responded to or not.
Firewalls are also characterized by their ability to maintain a detailed record of all traffic and connection attempts that occur (known as a log). By studying the logs it is possible to determine the origins of possible attacks and discover communication patterns that identify certain malicious programs. Only users with administrative privileges can access these logs, but it is a feature that can be required of these applications.