What is firewall?A firewall can either be software-based or hardware-based and is used to help keep anetwork secure. A system designed to prevent unauthorized access to or from aprivate network. Firewalls can be implemented in both hardware and software, or acombination of both. Firewalls are frequently used to prevent unauthorized Internet usersfrom accessing private networks connected to the Internet, especially intranets. It is aset of related programs, located at a network gateway server, which protects theresources of a private network from users from other networks.Basically, a firewall, working closely with a router program, examines eachnetwork packetto determine whether to forward it toward its destination. A firewall alsoincludes or works with a proxy server that makes network requests on behalf ofworkstation users. A firewall is often installed in a specially designated computer separatefrom the rest of the network so that no incoming request can get directly at privatenetwork resources. A networks firewall builds a bridge between an internal network thatis assumed to be secure and trusted, and another network, usually an external(inter)network, such as the Internet, that is not assumed to be secure and trusted.Explain different type of firewall? Types of firewall: Network layer firewall Application layer firewall Circuit layer firewall Stateful multi-layer inspection firewall
Proxy firewall Host-based firewall Packet filtering Hybrid firewall Network layer firewallThe first generation of firewalls (c. 1988) worked at the network level byinspecting packet headers and filtering traffic based on the IP address of thesource and the destination, the port and the service. Some of these primevalsecurity applications could also filter packets based on protocols, the domain nameof the source and a few other attributes.Network layer firewalls generally make their decisions based on the sourceaddress, destination address and ports in individual IP packets. A simple router isthe traditional network layer firewall, since it is not able to make particularlycomplicated decisions about what a packet is actually talking to or where it actuallycame from. Modern network layer firewalls have become increasingly moresophisticated, and now maintain internal information about the state of connectionspassing through them at any time.One important difference about many network layer firewalls is that they routetraffic directly through them, which means in order to use one, you either need tohave a validly-assigned IP address block or a private Internet address block.Network layer firewalls tend to be very fast and almost transparent to their users.
Application layer firewallApplication-level firewalls (sometimes called proxies) have been looking more deeply intothe application data going through their filters. Application layer firewalls defined, arehosts running proxy servers, which permit no traffic directly between networks, and theyperform elaborate logging and examination of traffic passing through them. By consideringthe context of client requests and application responses, these firewalls attempt toenforce correct application behavior; block malicious activity and help organizations ensurethe safety of sensitive information and systems. They can log user activity too.Application-level filtering may include protection against spam and viruses as well, and beable to block undesirable Web sites based on content rather than just their IP address.If that sounds too good to be true, it is. The downside to deep packet inspection is thatthe more closely a firewall examines network data flow, the longer it takes, and theheavier hit your network performance will sustain. This is why the highest-end securityappliances include lots of RAM to speed packet processing. And of course youll pay forthe added chips. Application layer firewalls defined, are hosts running proxy servers, which permit notraffic directly between networks, and they perform elaborate logging and examination oftraffic passing through them. Since proxy applications are simply software running on thefirewall, it is a good place to do lots of logging and access control. Application layerfirewalls can be used as network address translators, since traffic goes in one side and outthe other, after having passed through an application that effectively masks the origin ofthe initiating connection.However, run-of-the-mill network firewalls cant properly defend applications. As MichaelCobb explains, application-layer firewalls offer Layer 7 security on a more granular level,and may even help organizations get more out of existing network devices.
Circuit layer firewallThese applications, which represent the second-generation of firewall technology, monitorTCP handshaking between packets to make sure a session is legitimate. Traffic is filteredbased on specified session rules and may be restricted to recognized computers only.Circuit-level firewalls hide the network itself from the outside, which is useful for denyingaccess to intruders. But they dont filter individual packets. Applies security mechanismwhen a TCP or UDP connection is established. Once the connection has been made, packetscan flow between the hosts without further checking. Circuit gateways firewalls functionat the network transport layer. They allow or deny connections based on addresses andprevent direct connection between networks. Stateful multi-layer inspection firewallStateful multilayer inspection firewalls combine the aspects of the other three types offirewalls. SML vendors claim that their products deploy the best features of the other
three firewall types. They filter packets at the network level and they recognize andprocess application-level data, but since they dont employ proxies, they deliver reasonablygood performance in spite of the deep packet analysis. On the downside, they are notcheap, and they can be difficult to configure and administer. They filter packets at thenetwork layer, determine whether session packets are legitimate and evaluate contents ofpackets at the application layer. They allow direct connection between client and host,alleviating the problem caused by the lack of transparency of application level gateways.They rely on algorithms to recognize and process application layer data instead of runningapplication specific proxies. Stateful multilayer inspection firewalls offer a high level ofsecurity, good performance and transparency to end users. They are expensive however,and due to their complexity are potentially less secure than simpler types of firewalls ifnot administered by highly competent personnel. Proxy firewallProxy firewalls offer more security than other types of firewalls, but this is at theexpense of speed and functionality, as they can limit which applications your network cansupport. Proxy firewalls also provide comprehensive, protocol-aware security analysis forthe protocols they support. This allows them to make better security decisions thanproducts that focus purely on packet header information. Intercepts all messages enteringand leaving the network. The proxy server efficiently hides the true network addresses. Host-based firewall
Network perimeter firewalls cannot provide protection for traffic generated inside atrusted network. For this reason, host-based firewalls running on individual computers areneeded. Host-based firewalls, of which Windows Firewall with Advanced Security is anexample, protect a host from unauthorized access and attack.In addition to blocking unwanted incoming traffic, you can configure Windows Firewall withAdvanced Security to block specific types of outgoing traffic as well. Host-based firewallsprovide an extra layer of security in a network and function as integral components in acomplete defense strategy.In Windows Firewall with Advanced Security, firewall filtering and IPsec are integrated.This integration greatly reduces the possibility of conflict between firewall rules andIPsec connection security settings. Packet filteringFirewalls fall into four broad categories: packet filters, circuit level gateways, applicationlevel gateways and stateful multilayer inspection firewalls.Packet filtering firewalls work at the network level of the OSI model, or the IP layer ofTCP/IP. They are usually part of a router. A router is a device that receives packets fromone network and forwards them to another network. In a packet filtering firewall eachpacket is compared to a set of criteria before it is forwarded. Depending on the packetand the criteria, the firewall can drop the packet, forward it or send a message to theoriginator. Rules can include source and destination IP address, source and destinationport number and protocol used. The advantage of packet filtering firewalls is their lowcost and low impact on network performance. Most routers support packet filtering. Evenif other firewalls are used, implementing packet filtering at the router level affords aninitial degree of security at a low network layer. This type of firewall only works at thenetwork layer however and does not support sophisticated rule based models. NetworkAddress Translation (NAT) routers offer the advantages of packet filtering firewalls butcan also hide the IP addresses of computers behind the firewall, and offer a level ofcircuit-based filtering.
Filtering firewalls can be classified according to types of filtering: Static Filtering – is being implemented by most routers. Rules of filters are adjusted manually. Dynamic Filtering – allows filtering rules to change depending on responses to outside processes. Hybrid firewall Hybrid firewalls as the name suggests, represent a combination of technologies. Ahybrid firewall may consist of a pocket filtering combined with an application proxyfirewall, or a circuit gateway combined with an application proxy firewall. The following types of firewalls are classified by intended application: 1. PC Firewalls 2. SOHO Firewalls 3. Firewall Appliances 4. Large Enterprise Type Firewalls PC Firewalls – are known as firewalls for personal use and are designed in such a way as to provide a satisfactory level of protection to users of single computers.
SOHO Firewalls – Small Office/Home Office firewalls are designed for small businesses with no dedicated information technology personnel. These type of firewalls offer simple configuration and sophisticated security levels. Usually SOHO firewalls are hardware appliances. Firewall Appliances – aimed at meeting requirements of small businesses and remote offices of large enterprises. Firewall appliances are specialized systems with fewer option configuration in comparison to those of a large enterprise firewalls. The distinction between firewall appliances and large enterprise level firewalls is identified in lesser amount of functionality, and absence of unnecessary security levels. Large Enterprise Type Firewalls – are usually hardware devices with extra features required for protection of a large business. These features typically include centralized administration, multi-firewall administration, and support for Internet, Intranet, and Extranet services.How firewall works?There are two access denial methodologies used by firewalls. A firewall may allow alltraffic through unless it meets certain criteria, or it may deny all traffic unless it meetscertain criteria. The type of criteria used to determine whether traffic should be allowedthrough varies from one type of firewall to another. Firewalls may be concerned with thetype of traffic, or with source or destination addresses and ports. They may also usecomplex rule bases that analyses the application data to determine if the traffic should beallowed through. How a firewall determines what traffic to let through depends on whichnetwork layer it operates at. A discussion on network layers and architecture follows.
List of firewall using in Linux operating system? 1. Lptables 2. Lpcop 3. Shorewall 4. UFW – Uncomplicated Firewall 5. OpenBSD and PF 6. EBox platform 7. Monowall 8. Clear os 9. pfSense 10. Smoothwall AdvancedList of firewall using in Windows operating system? 1. Zone Alarm firewall 2. Shardaccess 3. Mpssvc