Skip to content

防火牆……這裡越來越熱了!

Do you already know what a web firewall is? Let us tell you about it.

There’s something that humans and machines have in common, and no, it’s not the disappointment suffered by the final season of Game of Thrones, or, well, at least not only that. What we have in common is that we need protection. You know, animals need it too, and plants, but if you’ve gotten this far, it seems that you’re interested in computers, networks and all these pretty modern “geek” things, so today we’ll talk about that kind of protection.

Just as you would protect your dog, your ficus or yourself, you have to protect your computer. The world is a place full of dangers and risks and the Internet is not far behind. It’s like in Crystal Jungle, only instead of people carrying guns around, we’ll find hunched over users willing to collect information from your computer, networks, and troll you in any possible way.

Remember: “The night is dark and harbors errors”. And horrors too.

The Internet also hosts them, so to protect our beloved computer, we must make use of a “Web Firewall”. What is this “Web Firewall”?

A “Web Firewall” is a system that is intended to protect our private network and block unauthorized access or attacks from other networks. In turn, it allows incoming and outgoing traffic between computers on the same network. That is, it is like the door of your house, or, worth the analogy, a half-open blind that only lets in a specific amount of breeze according to your personal comfort.

But not only that, it can be our beloved ally, protector of what we love the most, since through configurations you may limit, encrypt or decrypt this traffic. Here’s another lucid analogy: Maybe, in your day to day, you have to go to a clandestine meeting whose members no one should know. It is similar with your computer, you may encrypt your traffic so that you cannot access the most relevant data.

The web firewall, capable of such feats, can be implemented in hardware or software. If it’s well configured, it will be an advantage when it comes to protecting your networks, so it’s vitally important to understand how it works and how you may get the most out of it.

How does a web firewall work?

murocortafuegos

Outline of a firewall on a computer network

It is usually located at the junction point between two networks. Each network or computer can have its own firewall. This can limit the consequences of an attack, as you can prevent damage from spreading from one network to another. The sooner the spread of evil is tackled, the better.

The essential thing that you must know for the operation of the web firewall is that the totality of information and traffic that goes through our router and that is transmitted between networks is analyzed by it. If the traffic complies with the rules you have configured for it, it can enter or leave your network. If the traffic does not meet those certain rules, then it will be blocked from reaching its destination.

There are several methods by which you may filter the traffic of the firewall, for example, configuring it as you please. Remember that a good firewall configuration is paramount. If the lock on your front door was badly designed and anyone could open it, bad people could get in and steal, this is the same thing.

Let’s take a look at some of the filtering methods we’ve been provided by our dear friend, the Web Firewall.

Traffic filtering methods

  • Firewall policies: They allow you to block certain types of network traffic.
  • Anti-spam firewall: It protects against spam, phishing, etc.
  • Antivirus firewall: It protects the internal network against attacks that come from the Internet or wan.
  • Content filtering: It allows you to block some types of web content.
  • WAP Managed Service: It allows you to control wap devices.
  • DPI services: It allows you to control specific applications.

There are a few types of firewalls to highlight, these can be software or hardware, and, if we investigate a little more, we will find others that are somewhat more defined.

Types of web firewall

  • Gateway application level: It applies security mechanisms for specific applications.
  • Gateway level circuit: It applies security mechanisms when a tcp or udp connection is established.
  • Packet filtering: At network level as an IP packet filter.
  • Personal: It is installed as software on your computer.

Using a firewall has lots of advantages. We already discussed some, with lots of examples and tremendous analogies, even so, we are going to list the most obvious ones:

Advantages of using a firewall

  • It blocks access to computers and/or applications to our networks.
  • It allows you to control and restrict communications between the parties under your settings.
  • It optimizes communication between internal network elements, helping to reconfigure security settings.
  • It establishes reliable perimeters.
  • Protection of intrusions and private information.

Nothing is perfect, and web firewalls, despite their fiery name, well, they aren’t either. These also have some notable limitations:

Limitations of a web firewall

  • It cannot protect itself from attacks whose traffic does not go through it.
  • It cannot protect threats made by insider attacks or negligent users.
  • It does not protect against service security flaws and protocols whose traffic is allowed.
  • It cannot protect against attacks on the internal network through files or software.

There are many firewall systems, if we use Linux, the one commonly used is Iptables. Yes, it sounds weird, we don’t like weird sounding things and since we don’t like weird things we use the firewall… Hmm… before entering a self-destructive paradox, we will try to understand what this“Iptables” is through a simple explanation.

What is Iptables?

Linux has a firewall system included in its kernel called Iptables, although its configuration can be a bit complex. Its default configuration is to allow everything to enter and exit.

With a suitable Iptables configuration you will be able to filter which packages, data or information you want to enter and which ones you do not. Just like the previous example about the inputs.

To work with Iptables you need administrative permissions so you will have to use sudo. You will have to choose wisely what you let in and what not, and, for this, an adequate knowledge of the commands that you can use in this system is necessary. The following examples are only intended to teach a basic configuration to understand the logic of the web firewall, but for a more correct and complex configuration, I recommend adding information by searching the Internet, specialized books or colleagues in the world.

Some commands to understand Iptables

sudo iptables -P INPUT DROP

-P = Anyone who wants to access the computer
INPUT = We ignore it
DROP = We ignore it

With this command nobody will be able to enter your computer, in fact you neither… so it is not the most appropriate one.

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT

The first line tells us that our own computer (lo = localhost) can do whatever it wants.

Before, we said that this was like a house, if we have siblings, parents or children and they leave, we want them to be able to get in again, right? Well that’s what we do with the second line, all the connections that come out of our computer will be allowed by Iptables.

sudo iptables -A INPUT -p tcp –dport 80 -j ACCEPT

With this command, anyone can see the websites that our computer has.

-j ACCEPT = Accept or allow
-dport 80 = Traffic to port 80
-p tcp = make it tcp
-A INPUT = that is incoming

These would be some basic examples of how Iptables works. That is, just to understand the basics of its operation. Like I said, I recommend digging deeper and diving into more information to make an acceptable setup.

And just like Game of Thrones ended, this article also does it, although much better (what a crappy last season), so I only have to say goodbye and wish you to have a good day. AH! And to recommend you to use Pandora FMS, which despite not being a web firewall, is a tool that will also help you protect yourself by collecting information.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a business oriented on-premise monitoring software. It started from scratch in 2004 under open source license GPL2 as a personal project of its CEO and founder, Sancho Lerena; since then it has evolved, becoming a monitoring suite for companies, crossing borders and languages and offering one of the most complete solutions on the market.

Flexibility has been one of the main features of Pandora FMS since its creation; hence its acronym: F for “Flexible”, M for “Monitoring” and S for “Software”.

Pandora FMS goal is to offer an integrated and horizontal monitoring solution for companies, capable of combining information from different sources and departments to offer a single control board of the whole technology of the company, at all levels.

Our main sales office is located in Miami (USA), and our core development team is in our office in Spain. We have partners all around Europe, Asia and South America, and clients in more than 40 countries.