A Firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or internet users form accessing a private network and/or a single computer
In simple words…
A system designed to prevent unauthorized access to or from a private network or computer
Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network.
A hardware firewall uses packet filtering to examine the header of a packet to determine its source and destination. This information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped.
Inspects each individual packet of data as it arrives at either side of the firewall
Inbound to or outbound from your computer
Determines whether it should be allowed to pass through or if it should be blocked
Hardware Vs Software Firewalls
Protect an entire network
Implemented on the router level
Usually more expensive, harder to configure
Protect a single computer
Usually less expensive, easier to configure
Allow: traffic that flows automatically because it has been deemed as “safe”
Block: traffic that is blocked because it has been deemed “dangerous” to your computer
Ask: asks the user whether or not the traffic is allowed to pass through
Types of Firewalls
Network Address Translation (NAT)
A packet –filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet.
The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header. If there is a match to one of the rules, that rule is invoked to determine whether to forward or discard the packet. If there is no match to any rule, then a default action is taken. Two default policies are possible:
Packet Filters Weakness
Transparent to users and very fast
Very difficult to set up packet filter rules correctly.
Lack of authentication
An Application Level gateway is called as Proxy Server. The user contacts the gateway using a TCP/IP application, and the gateway asks the user for the name of the remote host to be accessed.
When the user responds and provides a valid user-id and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two end points.
Proxy Firewall Weakness
Secure than packet filters. Rather than trying to deal with the numerous possible combinations that are to be allowed and forbidden at the TCP and IP level, the application-level gateway need only scrutinize a few allowable applications.
The main disadvantage of this type of firewall is additional processing overhead on each connection. In effect, there are two spliced connections between the end users, with the gateway at the splice point, and the gateway must examine and forward all traffic in both directions.
Circuit Level Proxy
This can be a stand alone system or it can be specialized function performed by an application-level gateway for certain applications.
A circuit-level proxy does not permit an end-to-end TCP connection; rather the gateway sets up two TCP connection, one between itself and a TCP user or an outside host.
Once the two connections are established, the gateway typically relays TCP segments from one connection to the other without examinating the contents. The security function consists of determining which connections will be allowed
Firewall transfers only acceptable information between the two connections.
The proxy can understand the protocol and filter the data within.
Application Proxy weakness
Some proxies or an “application proxy” firewall may not be application aware.
Proxies have to be written securely.
Store & Forward, or caching proxies
Client asks firewall for document; the firewall downloads the document, saves it to disk, and provides the document to the client. The firewall may cache the document.
Can do data filtering.
Store & Forward, or caching proxies weakness
Store & forward proxies tend to be big new programs. Making them your primary connection to the internet is dangerous.
These applications don’t protect the underlying OS at all.
Caching proxies can require more administrator time and hardware.
Network Address Translation (NAT):
NAT changes the IP address in a packet, so that the address of the client inside never shows up on the internet.
Types of NAT:
Many IP’s inside to many static IP’s outside.
Many IP’s inside to many random IP’s outside.
Many IP’s inside to one IP address outside.
Transparent diversion of connections.
Weakness of NAT:
Source routing & other router holes.
Can give out a lot of information about your network.
May need a lot of horsepower.
Watches ethernet or router for trigger events, then tries to interrupt connections.
Can log suspicious sessions for playback.
Tend to be very good at recognizing attacks, fair at anticipating them.