Data on the Web can be imagined as a train of discrete packets with transaction details stamped on each of them — source, destination, nature of information and data payload. These virtual vehicles traversing the communication freeways make up network traffic. Monitoring network traffic to improve security is an important task today.
The most popular solution to monitor and improve network security is the use of firewalls. Firewalls can be software programs or hardware network equipment, performing packet filtering to increase security, screen web traffic and, in extreme cases, censoring information.
Computers in a network transact data primarily in a client-server model, and on specified logical connections called communication ports. Communication ports can be perceived as numbered, dedicated lanes in the Internet for carrying traffic of designated type.
Web traffic, which is primarily HTTP (Hyper Text Transfer Protocol)-based, is carried on port 80 from the web server, HTTPS (the secure variant) runs on port 443. Likewise, File Transfer Protocol (FTP) transacts data on port 21 and other services.
Filtering a specific type of traffic can be accomplished by writing rules to either drop/accept/forward packets from these ports. This mechanism, although widely used, does not give flexible control. Further, when a rule for a port is written, it is applicable to all the traffic of the kind. Many times, it is necessary to sniff packets and filter them based on other parameters..
While packet filtering is the fundamental principle firewalls use, there are various methods of implementing it today. The natural sophistication all technology acquires today is also true with firewalls. It is now equipped with more and nuanced control at the expense of being more complex.
Software firewalls, which are capable of basic packet filtering, are inherent to most operating systems, to help users keep their computers safe. Of all the software firewalls, the most widely used application to write accept/drop/forward rules based on various parameters is a GNU/Linux utility IPTables. This tool allows users to define simple rules to scan various communication ports and perform packet filtering with efficiency. Primarily a command line tool on the GNU/Linux machines, owing to its popularity, today it also has intuitive Graphical User Interface.
Hardware firewalls are dedicated network equipment capable of performing basic switching and routing of data packets.
This equipment again incorporates the ability of adding rules via a web-interface or command line interface on the devices. The equipment performs filtering of packets at a local area network (LAN) level, where hundreds of computers may be connected. Hardware firewalls come with various features, and the most complex ones can even act as censorship imposing infrastructure at gigantic scales.
The Great Firewall of China, the metaphor for Internet censorship in China, is implemented not by a single device but a whole network of complex firewall mechanisms.