|
A firewall is a software component that is developed to restrict unauthorized inward network access. It allows outward information flow. It is set up to control traffic flow between two networks by configured permissions like Allow, Deny, Block, Encrypt etc. They are normally employed to avoid illegal access to personal computers or corporate networks from external unsafe entities like the Internet.
All the information flowing in and out of the network is scrutinized by the firewall. If some data do not meet the necessary criterion, it is denied access from entering into the network. A firewall's key function is to legalize the stream of traffic among computer networks of different trust levels. Similar to physical firewalls installed in buildings which help limit the spread of fire, the software firewalls also help control network intrusions. A poorly configured firewall is useless. By default, the “deny” rule-set should be applied and allow only those applications to communicate for which the permissions have been explicitly set to “Allow”. But, such configurations require expertise understanding. Lack of such expertise understanding, many corporate networks keep “Allow” as their default rule-set.
There are numerous firewall scrutiny techniques. An easy technique is to examine the incoming requests to make sure they arrive from trusted (formerly recognized) domain name and networks. Many companies develop firewall software. Firewall software features comprises of logging and reporting, routine alerts at specified points of intrusion, and a graphical user interface for managing the firewall software.
Types of Firewalls
The most basic classification of firewalls falls into Hardware firewalls and Software firewalls. Hardware firewalls are considered to be external to the system whereas Software firewalls as internal.
-
Hardware Firewalls
Hardware firewalls are normally situated between your network and the connecting cable/modem. These are external hardware devices usually called as Network firewalls. Many a times, network devices called ‘Routers’ include firewall security. Hardware firewalls provide high external level of defense from intrusions since they are separate devices and possess their own operating environment, offering an extra line of defense.
Use of Software firewalls become less important if a strong Hardware firewall is implemented. The main fallback for Hardware firewall is they are quite expensive as compared to Software firewalls.
-
Software Firewalls
Software firewalls are basically software components internal to your computer system. They work hand-in-hand with the computer’s operating system. Nowadays, many operating systems are shipped with an inbuilt software firewall. Numerous firewall packages are available in the market developed by various companies.
The disadvantage to software firewalls is that they will only guard the computer they are installed on, not the entire network. Hence, it necessitates every computer to have a software firewall installed on it. They are comparatively less expensive then the Hardware firewalls.
Working of Firewalls
Different kinds of firewalls functions in different manner. They scrutinize, examine and control the network traffic in numerous ways depending on their software architecture. Given below are types of firewalls which work in different ways.
-
The Packet Filtering Firewall
One type of firewall is the packet filtering firewall. In a packet filtering firewall, the firewall examines five characteristics of a packet:
1. Source IP address
2. Source port
3. Destination IP address
4. Destination port
5. IP protocol (TCP or UDP)
Based upon rules configured into the firewall, the packet will either be allowed through, rejected, or dropped. If the firewall rejects the packet, it sends a message back to the sender letting him know that the packet was rejected. If the packet was dropped, the firewall simply does not respond to the packet. The sender must wait for the communication to time out. Dropping packets instead of rejecting them greatly increases the time required to scan your network. Packet filtering firewalls operate on Layer 3 of the OSI model, the Network Layer. Routers are a very common form of packet filtering firewall.
An improved form of the packet filtering firewall is a packet filtering firewall with a state oriented inspection engine. With this enhancement, the firewall "remembers" conversations between systems and networks. It is then necessary to fully examine only the first packet of a conversation.
-
The Application-Proxy Firewall
Another type of firewall is the application-proxy firewall. In a proxy based firewall, every packet is stopped at the proxy firewall. The packet is then examined and compared to the rules configured into the firewall. If the packet passes the examinations, it is re-created and sent out. Because each packet is destroyed and re-created, there is a potential that an application-proxy firewall can prevent unknown attacks based upon weaknesses in the TCP/IP protocol suite that would not be prevented by a packet filtering firewall. The drawback is that a separate application-proxy must be written for each application type being proxy-examined. You need an HTTP proxy for web traffic, an FTP proxy for file transfers, a Gopher proxy for Gopher traffic and so on. Application-proxy firewalls operate on Layer 7 of the OSI model, the Application Layer.
-
The Application-Gateway Firewall
Application-gateway firewalls also operate on Layer 7 of the OSI model, the Application Layer. Application-gateway firewalls exist for only few network applications. They intercept and examine all the information traveling from application to application. A typical application-gateway firewall is a system where you must telnet to one system in order to telnet again to a system outside of the network.
-
The SOCKS Firewall
Another type of application-proxy firewall are SOCKS firewalls. Where normal application-proxy firewalls do not require modifications to network clients, SOCKS firewalls requires specially modified network clients. This means you have to modify every system on your internal network which needs to communicate with the external network. On a Windows or OS/2 system, this can be as easy as swapping a few DLL's.
|
