Types of firewalls and their functions
Firewall
A firewall can either be
software based or hardware based and is used to help keep a network secure. A
system designed to prevent unauthorized access to or from a private network.
Firewalls are frequently used to prevent unauthorized Internet users from
accessing private networks connected to the Internet, especially intranets. Its
primary objective is to control the incoming and outgoing network traffic by
analyzing the data packets and determining whether it should be allowed through
or not, based on a predetermined rule set. A network's firewall builds a bridge
between an internal network that is assumed to be secure and trusted, and
another network, usually an external network, such as the Internet, that is not
assumed to be secure and trusted.
Types of Firewalls
Personal firewalls
are designed to protect a single host from unauthorised access. They can take
the form of software or hardware.
Network firewalls
protect the whole network from unauthorised access. They can be a dedicated
appliance (hardware) which is installed on the system or a software application
or an integration of the two.
Software firewall
applications are installed on top of
the operating system and can be configured for more than one purpose including
spam filter and DNS server. Examples of personal software firewalls include
ZoneAlarm and Comodo; network capable software firewalls include Linus IPTables
and Checkpoint NG.
Hardware Firewalls
are dedicated appliances that physically sit between two networks; for example,
the internet and the organisation's network. An example of a dedicated appliance
could be the CISCO PIX or a Netgear router (for SO/HO).
Packet Filtering
Firewall analyse network traffic at the transport layer. It will look at
each packet entering or leaving the network and accepts or rejects it based on
user defined rules. Packet filtering is fairly effective and transparent to
users, but it is difficult to configure. In addition, it is susceptible to IP
spoofing.
Packet filters typically enable you to permit or deny the
data flow based on the following controls:
- Source of the packet (IP address)
- Destination of the packet (IP address)
- Type of transport layer (TCP, UDP)
- Transport layer source port
- Transport layer destination port
Circuit Level Gateway operate
at the session layer of the OSI model examining each connection to ensure that
it follows a legitimate 'handshake' for the transport layer protocol being used
(usually TCP). This is depends on TCP or UDP connection is established. Once
the connection has been made, packets can flow between the hosts without
further checking.
Application Level
Firewalls or Proxy Firewalls work at the application layer of the OSI model
by forcing both sides of communication through the proxy. It applies
security mechanisms to specific applications, such as FTP and Telnet servers.
This is very effective, but can impose performance degradation. The proxy
servers are effectively hides the true network addresses.
Network
Address Translation is a functionality to hide the true
address of protected hosts. Originally, the NAT function was developed to
address the limited number of IPv4 routable addresses that could be used or
assigned to companies or individuals as well as reduce both the amount and
therefore cost of obtaining enough public addresses for every computer in an
organization. Hiding the addresses of protected devices has become an
increasingly important defence against network reconnaissance.
Stateful
Inspection occurs when
certain key parts of packets are compared to a database of trusted information.
