The basic purpose of a firewall is to isolate one network from another. Firewalls are becoming available as appliances, meaning they are installed in to the network between two networks. Appliances are free standing objects that operate in a largely self contained manner, requiring less maintenance and support than a server based product.
Firewalls function as one or more of the following:
- Packet Filter
- Proxy Firewall
- Stateful Inspection
A firewall operating as a packet filter passes or blocks traffic to specific addresses based on the type of application. The packet filter doesn't analyze the contents of a packet; it decides whether to pass it based on the packets addressing information. For instance, a packet filter may allow web traffic on port 80 and block traffic on port 23. This type of filtering is included in many routers. If a received packet request asks for a port that isn't authorized, the filter may reject the request or simply ignore it. Many packet filters can also specify which IP addresses can request which ports and allow or deny them based on security settings of the firewall. Packet filters are growing in sophistication and capability. A packet filter firewall can allow any traffic that you specify is acceptable. For example, if you want web users to access your site, then you configure the packet filter firewall to allow data on port 80 to enter.
A proxy firewall can be thought of as an intermediary between your network and any other network. Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data and makes rules-based decisions about whether the request should be forwarded or refused. The proxy intercepts all the packages and reprocesses them for use internally. This process includes hiding IP addresses. The proxy firewall provides better security than packet filtering because of the increased intelligence that a proxy firewall offers. Requests from internal network users are routed through the proxy. The proxy, in turn, repackages the request and sends it along, thereby isolating the user from the external network. The proxy can also offer caching, should the same request be made again, and can increase the efficiency of data delivery. A proxy firewall typically uses two NIC cards. This type of firewall is referred to as a dual homed firewall. One of the cards is connected to the outside network and the other card is connected to the inside network. The software manages the connection between the two NIC cards.
It is also referred to as stateful packet filtering. Most of the devices used in networks don't keep track of how information is routed or used. Once a packet is passed, the packet and path are forgotten. In stateful inspection (or stateful packet filtering), record are kept using a state table that tracks every communications channel. Stateful inspection occur at all levels of the network and provide additional security, especially in connectionless protocols such as UDP (User datagram Protocol) and ICMP (Internet control message protocol). This process adds complexity to the process. Denial of service attacks present a challenge because flooding techniques are used to overload the state table and effectively cause the firewall to shutdown or reboot.
Firewalls is a very big subject, and a very important one too (If you want to secure your network), but if the firewall is you enemy then its also a good idea to know your enemy's. I can type about firewalls and how they work for hours on end and books by the hundreds, if not thousands have been written only about these complex hardware/software. I hope you have learned something by reading this article.