Firewalls
Introduction
A firewall, according to the British Computing Society's 'A Glossary of Computing Terms', "is a computing program used in a large computing system to prevent external users (even if authorised) getting access to the rest of the system. Network users' access is restricted to a small part of the system and the firewall software prevents a user (including unauthorised users) accessing data or executing any programs in the rest of the system".
Firewalls, proxy servers and authorisation
When a user on a network wants to access data or applications held in a main server, it sends a request for the information. The request is intercepted by the firewall program sitting in a proxy server. A proxy server is simply a server that has been set up to control access to the main server. The firewall program will look at the request and the information about the user that is automatically attached to it. It then checks both that the user is valid and that they have the right to the information they are requesting. It is able to do this because it holds a database of all the users and their associated rights - it just needs to look up its database! If the request is valid, then the firewall will send a message to a proxy server to retrieve the requested data. The proxy server will then access the data from the main server and pass it out through the firewall to the user. The user cannot access the main server directly but must go through the firewall and proxy server.
Firewalls and authorising a user from outside a LAN
Many computer networks are set up so that users can dial into them to retrieve files and use their resources. To prevent only authorised users dialling into the network, a firewall program on a proxy server can be used. A user dials in to the network with a user ID and password. The firewall looks at these and also looks at the other information automatically attached to the request, such as the individual's IP address. Using all of this information, it attempts to authorise the user. If the user can be validated, then access is granted. The user, however, will continue to work through this firewall and proxy server and will not have direct access to the network itself.