Thursday, November 15

Lost in Boelter: The Hottest Network Security Trick


(Creative commons photo by Dani_vr via Flickr)

(Creative commons photo by Dani_vr via Flickr)


Contrary to conventional wisdom, you can’t burn yourself by touching a firewall.

Most of our everyday encounters with firewalls usually don’t go beyond scouring Google for a way to bypass them so that we can stream our movies. But the truth about firewalls is that they are critical to keeping organizations – and individual users – safe in our ever-digitalizing world.

Wall of Fire

As discussed before, data on the Internet is transported through network packets, which are routed to their destinations based on the IP addresses they store. Using this idea, let’s run through a short exercise:

Suppose you are an administrator managing the extensive corporate computer networks at Google. There are probably many product designs and pieces of code sitting on internal company servers that the company wants to keep secret, so you want to place strict limits on what kinds of computers can connect to those servers. So, how would you develop that layer of security?

The task is very much like maintaining a secret hideout with your friends. You want to keep unwanted people out, but need to make it easy for members of your cohort to move in and out of the hideout with ease. One possible solution would be to require a secret passphrase to enter, but that system falls apart if an unwanted person overhears the passphrase.

A more robust solution would be to use badges. In order to get into the hideout, you and your friends could be required to show a unique, identifying badge that matches one on a list of authorized badges. This kind of system would not only make it easy for you and your friends to easily access the hideout, but also make it very hard for uninvited guests to get in, since it’s much harder to fake a badge than overhear a passphrase.

firewall_diag.gif
(Courtesy of bleepstatic.com)

Firewalls use these virtual badges to keep intruders out and let users in. They are network security applications that consist of a list of rules that allow only a subset of computers to connect to a particular network. These rules can consist of restrictions on network packets with specific IP addresses, types of data or applications they may originate from such as web browsers and remote file systems, thereby allowing only authorized network traffic to enter the network.

Firewalls provide not only a layer of protection from unwanted malicious users who intend to do harm to internal systems, but also internal personnel who shouldn’t have access to certain services, such as the ability to connect to the internal server that controls company payroll and finances.

In addition to blocking inbound traffic, firewalls can also block outbound traffic or traffic from within an internal network going out to another service on the Internet, such as Gmail or movie torrenting sites. These kinds of measures are ubiquitous in the corporate world, as they prevent employees from sharing confidential company data on unwanted domains. As inconvenient as these measures may seem, going back to the hideout example, you can think of these kinds of measures as restrictions on hideout “members” from allowing unauthorized guests inside – a justifiable concern for your secret hideout and also many large, multinational corporations.

This means you could implement a firewall with stringent rules on the kinds of inbound and outbound network traffic to and from the internal servers. Not only would the firewall provide ease of access to the servers to authorized users, but also shield the crucial data on those servers from unwanted eyes.

Now, while it’s probably clear to you why firewalls are essential to organizations, you’re probably still asking yourself this: How does this affect me?

Don’t fight the fire

At the organizational level, the benefit of firewalls is readily apparent. But at the individual level, they usually appear like nothing more than nuisances. The fact that we disable our computers’ in-built firewalls in order to play our online multiplayer games is evidence in itself that firewalls seem only to get in the way.

The truth, however, is that much like organizations, individual users are also vulnerable to cybersecurity threats, albeit the threats are not as severe. This isn’t news to many of us, considering that we’ve all have had at least one, if not several, encounters with viruses or other malicious software infecting our computers. Enabling firewalls on our personal computers adds an extra layer of protection between our data and malicious software and often times, the viruses that infect our computers can be caught by our computers’ built-in firewalls.

Of course, some of us might respond to such a statement by saying that they don’t visit or download content off of shady websites, but even small online advertisements on otherwise benign websites can offload crippling malicious software onto computers that have no security whatsoever.

That isn’t to say, however, that we should enable firewalls at the cost of our utility or entertainment. More adaptable firewalls are definitely available in order to work around our needs and we need only do some research in order to find these systems. But, at the very least, we should be conscious of the potential risks when we close those firewall notifications to watch movies online.

Share on FacebookTweet about this on TwitterEmail this to someoneShare on Google+Share on Reddit
Opinion editor

Tadimeti is the Daily Bruin's Opinion editor. He was the Opinion editor in the 2017-2018 school year and an assistant Opinion editor in the 2016-2017 school year. He tends to write about issues pertaining to the higher education, state politics and the administration, and blogs occasionally about computer science. Tadimeti is also the executive producer of the "No Offense, But" and "In the Know" Daily Bruin Opinion podcasts.


Comments are supposed to create a forum for thoughtful, respectful community discussion. Please be nice. View our full comments policy here.