Quick Tech Tip: Types Of Firewalls

There are several classifications of firewalls depending on where the communication is taking place, where the communication is intercepted and the state that is being traced.

1. Packet Filtering Firewall : A packet filtering firewall will examine the information contained in the header of a packet of information which, is attempting to pass through the proverbial 'drawbridge into the castle'. It works on the network level of the OSI. This type of firewall only examines the header information. If data with malicious intent is sent from a trusted source, this type of firewall is no protection. When a packet passes the filtering process, it is passed on to the destination address. If the packet does not pass, it is simply dropped. This model is the best known and most widely used model for describing networking environments."

2. Stateful Packet Inspection : They filter packets at the network level and they recognize and process application-level data, but since they don't employ proxies, they deliver reasonably good performance in spite of the deep packet analysis. On the downside, they are not cheap, and they can be difficult to configure and administer.

3. Application Level Proxy : The slowest and most unwieldy firewall is the application level proxy. This type of firewall works on the application level of the protocol stack, which enables it to perform with more intelligence than a packet filtering or circuit gateway firewall.hey determine if a connection to a requested specific application is permitted such as, Internet access or Email. This allows the user to determine what application their computers will be used for. Also known as proxy servers they not only screen packets and determine what applications are permitted to be accessed but also offer protection from outside sources by hiding internal computers from external viewing.

4. Circuit Gateways : Circuit gateway firewalls work on the transport level of the protocol stack. They are fast and transparent, but really provide no protection from attacks. Circuit gateway firewalls also do not check the data in the packet. The one great benefit to this type of firewall is that they make the LAN behind the firewall invisible, as everything coming from within the firewall appears to have originated from the firewall itself. This is the least used type of firewall.

5. Network-Level Firewalls : The first generation of firewalls (c. 1988) worked at the network level by inspecting packet headers and filtering traffic based on the IP address of the source and the destination, the port and the service. Network-level firewalls are fast, they do not support sophisticated rule-based models. They don’t understand languages like HTML and XML, and they are capable of decoding SSL-encrypted packets to examine their content. As a result, they can’t validate user inputs or detect maliciously modified parameters in an URL request. This leaves your network vulnerable to a number of serious threats.

6. Internet Connection Firewall : Windows XP provides Internet security in the form of the new Internet Connection Firewall (ICF). ICF makes use of active packet filtering, which means the ports on the firewall are opened for as long as needed to enable you to access the services you are interested in.

Introduction to Firewalls

A firewall is a hardware or software system that prevents unauthorized access to or from a network. They can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the Intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.

Firewalls can greatly enhance the security of a host or a network. They can be used to do one or more of the following things:
* To protect and insulate the applications, services and machines of your internal network from unwanted traffic coming in from the public Internet.
* To limit or disable access from hosts of the internal network to services of the public Internet.
* To support network address translation (NAT), which allows your internal network to use private IP addresses and share a single connection to the public Internet (either with a single IP address or by a shared pool of automatically assigned public addresses).



FIREWALL CONCEPTS
There are two basic ways to create firewall rulesets: “inclusive” or “exclusive”. An exclusive firewall allows all traffic through except for the traffic matching the ruleset. An inclusive firewall offers much better control of the outgoing traffic, making it a better choice for systems that offer services to the public Internet. It also controls the type of traffic originating from the public Internet that can gain access to your private network. All traffic that does not match the rules, is blocked and logged by design.
Inclusive firewalls are generally safer than exclusive firewalls because they significantly reduce the risk of allowing unwanted traffic to pass through them.

HOW FIREWALLS WORK ?
A firewall, working closely with a router program, examines each network packet to determine whether to forward it toward its destination. A firewall also includes or works with a proxy server that makes network requests on behalf of workstation users. A firewall is often installed in a specially designated computer separate from the rest of the network so that no incoming request can get directly at private network resources.
Firewalls use one or more of three methods to control traffic flowing in and out of the network:
* Packet filtering - Packets are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded.
* Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
* Stateful inspection - It compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.