Home page
Services
Licences and fees
Surveys and statistics
Regulations, decisions and guidelines
FICORA
Contact details

Finnish Communications Regulatory Authority (FICORA)
Itämerenkatu 3 A
P.O. Box 313
FI-00181 HELSINKI

Switchboard +358 9 69 661

Television fees
Customer service +358 9 613 161

Customer service of Fi-domain names +358 9 6966 700

About cookies

 Home page > Services > Services by subject > Information security facts > Firewalls

Firewalls

Firewalls are systems implemented either by software or hardware controlling the access from a network to another. Firewalls are generally used to protect the internal network of an organisation against attacks coming from external networks and to restrict the traffic between different internal network areas. The basic requirements for the function of a firewall are that it monitors all network traffic and it shall allow only desired network traffic to pass through. In addition, the firewall system shall be protected against network attacks. This means, among other things, that the firewall equipment shall be tolerant to disruption, the capacity shall be sufficient for transmission of network traffic and the management of the firewall is organised from a certain management network only.

The firewall defines for the network traffic one checkpoint, which prevents unwanted communication between networks on different security levels and the use of internal network services from external networks. Network traffic from the internal network to external networks shall also be restricted at the present situation. Besides attacks aimed at services, a firewall typically prevents several ways of attacks, which are based on falsification of routing and source addresses.

The firewall also enables the monitoring of transactions related to network security, as the firewall monitors all network traffic. For instance log information and alert functions can be implemented in connection with the firewall. In particular in small organisations, the firewall also serves as a basis for other network services. These are e.g. NAT (Network Address Translation), VPN (Virtual Private Network) and IDS (Intrusion Detection System).

However, the firewalls do not protect against all attacks. The attacker may for instance make use of security flaws in services allowed by the firewall (e.g. the web server). The firewall does not either give protect for attacks in case the firewall is overridden or bypassed. One example of this kind of attack is the misuse of a poorly implemented modem pool. Neither does the firewall take notice of the content of the traffic, i.e. it does not prevent the transmission of malicious software from an external network to an internal one or vice versa.

Page updated 04.10.2007   Print version Print version