THR Systems, a. s.
Jilemnického 3
960 01 Zvolen
tel.: +421 650 52 00 00,
+421 45 5400 770
fax: +421 45 5400 333

THR Systems, a. s.
Čapkova 2
811 04 Bratislava 1
tel.: +421 650 52 00 15
Solutions | Network | Firewall

Firewall is a facility of operating system, which controls network traffic to and from the computer or through it. It is possible to protect the computer from unauthorised access from network by this facility. In the case this facility acts as a gateway, it is possible to protect entire network, or to control the access.

The firewall is a component of every modern operating system. But not every of them serve the same capabilities of protection of a host or network.

The usual firewall enables to filter packets by header content. There are records of source and destination, of type of service and more in it.

Moreover modern firewalls enable stateful inspection. It is a technique in which the firewall by inspection of the network traffic make database of open connections and it performes intelligent decisions. It is able to identify packets which are related to already existing connections and thus are legitimate, and enables the communication through firewall even though they are not explicitely enabled. While using stateless filtration it is required to open wide range of ports to enable flow of related packets. The stateful inspection aggresively increases the security of the protected network. In the similar way it is possible to identify and block suspicious packets.

The firewall enables also the collection of statistics of transferred data. This could be helpful in analysis of the network use or of use of their services.

It is possible to bind firewall with DHCP service and thus filter unauthorised network access.

Network Address Translation

The collateral technique to fierwalling is a NAT (Network Address Translation). This technique enables to translate IP adresses of current network to others and the opposite users see the translated addresses. Also circumstances where it is required to redirect the service to another place in the network fall into that category. It is possible to create transparent proxy by that technique. All the requests to the defined service (i. e. www) are redirected to a local proxy server. Another mean of use of NAT is the technique IP Masquerading. It enables to masquerade entire network by the single address of the gateway. The gateway rewrites all the outgoing communication by its source address and distributes the backwards communication to the original senders. The NAT enables to modify packets by the type of service to affect the throughput or the response time of the service.

Other technique related to the firewall is QoS (Quality of Services). It enables to control the rate of the data traffic on the output. Technique is suitable to allocate bandwidth to separate hosts in the network while accessing to the internet if they have direct access.

Operating system Linux serves all mentioned services.