Hi, so I’m a little confused as to what a firewall can truly prevent and/or detect, specifically between an attack like an intrusion vs a Trojan horse. If a firewall can’t prevent an intrusion and/or Trojan horse, could you please explain why and what firewalls can do in terms of attacks or preventing malware from entering a PC? Any help would be greatly appreciated.
In: Technology
Firewalls work on a few levels, but all come down to the same principle. Imagine you own a building and have a door security staff, and can give them various level of instructions.
The most basic, like your home router or PC’s built-in firewall, is basically a simple ID card check. It allows people who were already inside to leave and come back if their ID matches a list, and stops anybody from coming in. The ID is easy to fake though, doesn’t contain a photo to match you, and the person running the place (you, the operator) pretty much clicks allow and lets everything through.
The next level up checks IDs and matches the photos and a physical description, and checks that you don’t match the description of a known list of bad people. This is much more sophisticated, and is considered a business firewall in most cases, something like pfsense.
The most sophisticated, things like a Palo Alto, also do a pat down, or in some cases strip search, checking for anything malicious. And if they see anything weird, they’ll take it apart to see what it does before releasing it.
This is obviously waaayyy oversimplified, but firewall tech is complicated!
Latest Answers