[postlink]http://vandana-techcare.blogspot.com/2010/06/what-is-firewalls.html[/postlink]In a building, a firewall is a wall to keep fire from spreading from one area to another. In a computer network, a firewall is a boundary that can block unwanted data packets. The firewall may be program running on the server or router, or it may be a separate piece of hardware or even a complete computer system just for that purpose. In any case, its purpose is to look at all of the packets coming through, and decide which ones can pass and which ones get blocked.
Ports – Several pages ago, we defined a port as the place in a hub that a cable plugs into. There is another completely different kind of thing called a port, and that is a location in a computer’s memory that is used by a device or application to send and receive data. Each application will have one (or more) of these locations for its own use.
For instance, there is a common e-mail program that has port # 110, which means that the program exchanges information with the rest of the system at memory location 110. The popular game called Doom uses port # 666.
When a packet is sent over a network, it will contain not only the destination address, but also the port number of the application that will use it at that destination. One of the ways a firewall controls the packets is by looking at the port number, and only passing packets with ports that are appropriate for the destination. If nobody should be playing Doom on the network’s computers, then it would make sense to block port 666.
Another way a firewall can control traffic is to look at the source of the packet. It can have a ‘prohibited’ list that keeps out packets from certain IP addresses, or it can have an ‘allowed’ list and block everyone who isn’t on it. Ports can be done the same way, with a ‘prohibited’ or ‘allowed’ list of ports.
Ports – Several pages ago, we defined a port as the place in a hub that a cable plugs into. There is another completely different kind of thing called a port, and that is a location in a computer’s memory that is used by a device or application to send and receive data. Each application will have one (or more) of these locations for its own use.
For instance, there is a common e-mail program that has port # 110, which means that the program exchanges information with the rest of the system at memory location 110. The popular game called Doom uses port # 666.
When a packet is sent over a network, it will contain not only the destination address, but also the port number of the application that will use it at that destination. One of the ways a firewall controls the packets is by looking at the port number, and only passing packets with ports that are appropriate for the destination. If nobody should be playing Doom on the network’s computers, then it would make sense to block port 666.
Another way a firewall can control traffic is to look at the source of the packet. It can have a ‘prohibited’ list that keeps out packets from certain IP addresses, or it can have an ‘allowed’ list and block everyone who isn’t on it. Ports can be done the same way, with a ‘prohibited’ or ‘allowed’ list of ports.
0 comments:
Post a Comment