Free Internet Security

Firewalls are the main line of defense when we talk about security that protects the resources on the inside of an enterprise network from the Internet.

Firewall protects the resources like computes, applications, servers, etc present in the LAN from external attacks.

Firewalls can be broadly defined as a set of programs that work together at the server or the gateway level to collectively protect the assets of the company from external attacks.

Classes of Firewall:

There are two broad classes of firewalls that are around: hardware and software firewalls.

Software firewalls are applications that provide the security functionality, but these need to be installed on a host operating system.

These operating systems can be either windows, Linux, unix or any other OS that is having networking capabilities.

Hardware firewalls on the other hand are dedicated appliances that have been purpose built for providing security.

These appliances would normally have proprietary operating systems that have been made particularly for the purpose of providing gateway level security.

Organizations normally select firewalls based on the requirement and performance options they would want to have from the firewall.

Some of the important parameters are:

• The architecture of the firewall.

• No of concurrent sessions the firewall is capable of handling.

• The different types of external access required.

• Support for VPN.

• No of concurrent VPN session that are supported.

• The management interface (web, command or console based).

• High availability

The above list is not exhaustive but provides a general idea as to the features organizations will be looking at while choosing a firewall.

Types of Firewall:

There are basically three types of firewall that can be used to protect resources of the organizations. These firewalls work at different level of the network stack. These are circuit-level firewalls, packet-filtering firewalls and application-level firewalls.

Packet Filtering Firewalls

Every firewall checks packets at its most basic level. A packet filtering firewall checks each and every packet that passes through it and based on the rules that have been defined, it makes a decision whether to allow the packet to pass through or not.

Packet filtering firewalls will check for header data of the packet and the content as well. The main advantages of packet filtering firewalls are that they are fairly simple, and cost effective. Most of the software based firewalls are packet filtering firewalls.

The decisions are made based on the rules that have been set by the users based on the types of network traffic they want to allow and disallow.

The current version of windows firewall is a packet filtering firewall. Packet filtering firewalls work at the network layer of the TCP/IP stack.

Circuit-Level Firewalls

Circuit level firewalls which work at the transport layer of the TCP/IP stack not only do simple packet filtering and base decisions on that but also checks if the connection itself is valid according to the set of rules that have been applied.

The other decision criteria may involve the source authenticity, the time of the day, the IP address and port, the protocol, usernames, etc.

So effectively there are more decision criteria for a circuit-level firewall than just simple packet filtering. The drawback though with circuit-level firewalls is that they work at the transport layer and hence this involves changing of the transport layer programming which might affect the performance of the system. Also circuit-level firewalls need more expertise which installing and maintaining.

Application-level Firewalls

Application-level firewalls as the name suggests work at the application level and they more or less act as application level proxies between communicating parties. The effective idea is to hide the identity of systems and severs behind the firewall from the external world.

Application level firewalls are so sophisticated that they can allow for configuration to the depth of even having the capability of allowing only specific commands through the firewall. The same technology can be used to block or allow specified file types.

Access levels for authenticated as well as unauthenticated users can also be applied. Application level firewalls are used by administrators who are in need of detailed logging facilities. Application level firewalls are normally used along with application level proxies for better performance.

Stateful firewalls

These firewalls are the latest in the evolution cycle of firewalls and are considered to be the best of the breed. The stateful firewalls are firewalls with the capabilities of all of the above types of firewall.

They are able to do packet filtering at the circuit level known as stateful filtering and are also capable of making decision based on applications.

Previously logging didn’t have much importance in the world of networking. But since the last decade or so, logging of the network traffic and activities is of paramount importance for the reasons of compliance with regulatory laws, international standards, etc.

For this reason each and every type of firewall can now be enhanced through add-ons for logging which prove to be very useful in today’s world.