Types of firewalls and their functions

Firewall

A firewall can either be software based or hardware based and is used to help keep a network secure. A system designed to prevent unauthorized access to or from a private network. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network's firewall builds a bridge between an internal network that is assumed to be secure and trusted, and another network, usually an external network, such as the Internet, that is not assumed to be secure and trusted.

Types of Firewalls

Personal firewalls are designed to protect a single host from unauthorised access. They can take the form of software or hardware.

Network firewalls protect the whole network from unauthorised access. They can be a dedicated appliance (hardware) which is installed on the system or a software application or an integration of the two.

Software firewall applications are installed on top of the operating system and can be configured for more than one purpose including spam filter and DNS server. Examples of personal software firewalls include ZoneAlarm and Comodo; network capable software firewalls include Linus IPTables and Checkpoint NG.

Hardware Firewalls are dedicated appliances that physically sit between two networks; for example, the internet and the organisation's network. An example of a dedicated appliance could be the CISCO PIX or a Netgear router (for SO/HO).

Packet Filtering Firewall analyse network traffic at the transport layer. It will look at each packet entering or leaving the network and accepts or rejects it based on user defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.

Packet filters typically enable you to permit or deny the data flow based on the following controls:

• Source of the packet (IP address)
• Destination of the packet (IP address)
• Type of transport layer (TCP, UDP)
• Transport layer source port
• Transport layer destination port

Circuit Level Gateway operate at the session layer of the OSI model examining each connection to ensure that it follows a legitimate 'handshake' for the transport layer protocol being used (usually TCP). This is depends on TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Application Level Firewalls or Proxy Firewalls work at the application layer of the OSI model by forcing both sides of communication through the proxy. It applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation. The proxy servers are effectively hides the true network addresses.

Network Address Translation is a functionality to hide the true address of protected hosts. Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defence against network reconnaissance.

Stateful Inspection occurs when certain key parts of packets are compared to a database of trusted information.