A firewall, similar to how a firewall protects a building from fire, protects your network from unwanted access by having a program monitor traffic according to predefined rules and only forwarding data that complies with the rules. This program can be installed directly on your computer or – as an external firewall – on separate devices, such as your router.
In computer networks, data traffic runs through the so-called ports. There are over 65,000 of these in total; the most common functions have fixed ports assigned to them. For example, port 587 is intended for incoming e-mails from authenticated senders, and port 443 for calling up a secure website. These ports can only be used by the program assigned to them. Your firewall monitors this traffic. It checks the status, port, protocol and server address, among other things. For example, if an unauthorized protocol is used, the firewall blocks the data traffic.
And the ports that are not hard-assigned? These can be used flexibly. As part of such use, the port is opened for data traffic and, ideally, closed again. Ports that remain open after the end of the data exchange pose a security risk. Because they correspond to an open door for criminal hackers . That’s why your firewall checks your system for open ports that are not currently needed and closes them.
Due to their success, firewalls are now widely used. Most routers have one, as do smartphones. For corporate networks, there are even special devices on which very complex firewall programs are installed. These often do far more than what is explained here. For example, you can also check the contents of the transmitted data (deep packet inspection).
In the best case, you won’t even notice your firewall in your everyday work. You will receive all the data you request because it complies with the rules of the firewall. What you don’t notice is that while you’re working, a server on the Internet is sending data to a port on your network. However, there is a firewall rule for the address of this server: data from this server should not be accepted. Your firewall adheres to this rule and rejects this data. Undisturbed by this potential attack, you continue to work until the end of the day.
On the router
Most often, you will come into contact with the topic of firewall in relation to your router. Here, don’t open connections on your router firewall or allow direct connections from the internet to be forwarded to your computer unless you have a very good reason and know the risks (this is often the recommended solution to get certain online games working. However, not good for a company).
Pay attention to updates
If you maintain your IT yourself, pay close attention to updates – even for your private computers. This ensures that the list of untrusted server addresses, for example, is up to date.
Show interest and learn more
Feel free to ask Perseus or your IT representative which firewalls are active in your network and what they do. If you want to know how powerful your firewall is, get it tested.
Special features of Windows
If you have Windows, it comes with a firewall that is enabled by default. Leave it enabled.
Special features for Mac
If you’re using a Mac, it comes with a firewall, which is disabled by default. Turn this on in the system security settings.
Special features for third-party providers
If you’re using a third-party firewall that comes with your antivirus, make sure it’s up to date.
Warnings from the firewall
In all cases, if you see warnings from the firewall program about programs trying to connect to the Internet that you don’t know about, don’t allow them to connect.
Make firewalls stricter
You can also ask to make the firewall stricter by adjusting the rules. This approach is particularly recommended for sensitive areas of your company. Many firewalls operate according to the principle of “everything that is not forbidden is allowed”, which makes them almost imperceptible in everyday work. The more your firewall is based on the opposite principle – “Anything that is not allowed is forbidden” – the more secure it is. However, it is much more present in everyday work due to inquiries and possibly blocked data.
