how computers communicate, internet protocols (ip) and firewalls

Knowledge Base

How computers communicate, Internet Protocol (IP) and Firewalls

Most computer to computer communications use

the Internet Protocol (IP).

How computers communicate



This basically sends data information cut up in

chunks. We call these Packets.




This basically sends data information cut up in

chunks. We call these Packets.

Each Packet is identified with both the source and

the destination addresses. You can therefore think

of them as a shipping box containing a message.


In the IP protocol, each computer has it’s own

address.


But the Internet is a network… of networks!

Billions of addresses are in play, making for a

complex environment.


There are tons of mechanisms in place to manage

addresses, but ultimately we can make abstraction

of that and concentrate on the fact that a

computer can communicate with another when its

address is known.


But the address is just that, an address.

What’s extremely important in IP is the conduit.




The conduit can carry a lot of information to an

address, and we mean a lot!






A good analogy can be made with Cable

Television. A single cable (conduit) can carry many

channels to your house.






A good analogy can be made with Cable

Television. A single cable (conduit) can carry many

channels to your house.

In fact, in the IP protocol there are 65535 channels!

We call them Ports.


So we have packets of information, being sent from

one computer to another.


So we have packets of information, being sent from

one computer to another.

Travelling on a conduit allowing for 65535

“channels”.


This is one channel, receiving a flow of packets…


This is one channel, receiving a flow of packets…

Now just imagine 65535 channels…


Going back to our previous diagram, we see two

networks connected to the Internet.

Malicious users

But the Internet is not just composed of nice people,

hackers are either trying to infect your computer

with viruses, or to get access to your data

Malicious users

This is why firewalls were created, a mechanism was

needed to allow only authorized traffic into your

company’s network.

Firewalls

This is why firewalls were created, a mechanism was

needed to allow only authorized traffic into your

company’s network.

They are often depicted by a nice brick wall, but

the analogy is misleading.

Firewalls

We must allow some traffic through…

Firewalls

…while rejecting most of the rest

Firewalls

Really not how we see a brick wall, is it?

Firewalls

Its much better to visualize the firewall as a mail

sorting facility, but with a highly regulated flow.

Firewalls



You can create rules for any of the 65535 ports.

Firewalls



You can create rules for any of the 65535 ports.

There rules can restrict source AND destination

addresses.

Firewalls

Let’s say that you do not want any packet destined

to port 21 to go through the firewall, you would

have a rule like:

Firewalls

Port From To Action

21 * * DENY

Let’s say that you do not want any packet destined

to port 21 to go through the firewall, you would

have a rule like:

The stars indicate that any address will match this

rule.

Firewalls

Port From To Action

21 * * DENY

Let’s say that you want to allow your users to

browse the internet (incidentally, this uses port 80),

you would have a rule like

Firewalls

Port From To Action

80 LOCAL * ALLOW

Let’s say that you want to allow your users to

browse the internet (incidentally, this uses port 80),

you would have a rule like

In this case, the LOCAL keyword indicates that all

of your local addresses are allowed. Meaning the

addresses of your company’s computers.

Firewalls

Port From To Action

80 LOCAL * ALLOW

So imagine a huge

table of rules…

Firewalls

Port From To Action

21 * * DENY

80 LOCAL * ALLOW

115 * * DENY

3389 LOCAL * ALLOW

22 LOCAL * ALLOW

443 LOCAL * ALLOW

8181 EXTERNAL 192.168.10.10 ALLOW

* 192.168.10.1 * DENY

34534 EXTERNAL 192.168.10.234 ALLOW

80 LOCAL facebook.com DENY

443 LOCAL facebook.com DENY

80 LOCAL pinterest.com DENY

443 LOCAL pinterest.com DENY

80 LOCAL ad.doubliclick.net DENY

443 LOCAL ad.doubliclick.net DENY

54322 EXTERNAL 192.189.10.199 ALLOW

22 LOCAL 165,10,23,33 ALLOW

1433 LOCAL 165,10.23.33 ALLOW

20222 EXTERNAL 192.168.10.143 ALLOW

…and imagine a really efficient mail sorter

Firewalls


Looking at each packet Source address…

Destination address…

Port…

Firewalls




Port…

Searching for rules for that port in the rule table

Firewalls




Port…

Searching for rules for that port in the rule table

Then ruthlessly applying the decision, for the Deny

rules, it just drops the packet

Firewalls

So firewalls are that big mail sorting facility

Firewalls


Allowing some traffic to go through

Firewalls



But protecting you by dropping packets that may

have been sent by malicious users

Firewalls



But protecting you by dropping packets that may

have been sent by malicious users

If you need to go through a firewall to perform some

work, you may have to use a Virtual Private Network

(VPN), please consult our presentation on that

subject.

Firewalls

http://www.slideshare.net/DevolutionsInc/vp-ns-44837641

Visit us at: devolutions.net

Devolutions is the creator of

Remote Desktop Manager,

a tool to manage remote

access technologies,

credentials, and VPNs.

how computers communicate, internet protocols (ip) and firewalls

Technology

computers communicatebut

computers communicateso

ip protocol

internet protocol ip

computer communications

packets of information

lot of information

single cable conduit