Definition A Firewall protects networked computers from intentional hostile intrusion that could compromise confidentiality or result in data corruption or denial of service. A firewall sits at the junction point or gateway between the two networks, usually a private network and a public network such as the Internet. The earliest firewalls were simply routers.
Definition contd. A Firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. A Firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped.
Firewall Description There are two access denial methodologies used by firewalls. A firewall may allow all traffic through unless it meets certain criteria, or it may deny all traffic unless it meets certain criteria. Firewalls may be concerned with the type of traffic, or with source or destination addresses and ports. They may also use complex rule bases that analyze the application data to determine if the traffic should be allowed through.
Blocking Unknown Traffic
OSI & TCP/IP Model Firewalls operate at different layers to use different criteria to restrict traffic.
Professional Firewall If the intruder cannot get past level three, it is impossible to gain control of the operating system. Professional firewall products catch each network packet before the operating system does, thus, there is no direct path from the Internet to the operating systems TCP/IP stack. It is therefore very difficult for an intruder to gain control of the firewall host computer.
Firewall as Barrier
Packet Filtering Firewall
Packet Filtering Firewall contd. Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP. They are usually part of a router. A router is a device that receives packets from one network and forwards them to another network. In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded.
Circuit Level contd. Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Application Layer Firewall Application level gateways, also called proxies, are similar to circuit- level gateways except that they are application specific. They can filter packets at the application layer of the OSI model.
Stateful Multilayer Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. This technology is generally referred to as a stateful packet inspection as it maintains records of all connections passing through the firewall This is able to determine whether a packet is the start of a new connection, a part of an existing connection, or is an invalid packet.
IP Spoofing A Technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host. To engage in IP spoofing, a hacker must first use a variety of techniques to find an IP address of a trusted host and then modify the packet headers so that it appears that the packets are coming from that host. IP address spoofing or IP spoofing refers to the creation of Internet Protocol (IP) packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.
Proxy Server A Proxy Server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules.