Firewall is a software or hardware
application that is used to protect a device
from external harmful data packets.
The operating systems such as Windows7,
Ubuntu, etc have software based firewalls.
The hardware based firewalls are in routers.
The term ‘firewall’ originally referred to a
wall intended to confine a fire or a
potential fire within a building.
Firewall technology came up in 1980’s
when the internet was emerging and a
fairly new concept.
Routers used in late 1980’s were the
predecessors to firewalls being used
GENERATIONS OFGENERATIONS OF
There are three generations of firewalls:
First generation: Packet Filters
The engineers from Digital Equipment Co-
operation introduced packet filter firewalls
first in 1980.
Packet filters act by inspecting “packets”
which transfer between computers to the
If the packet don’t match with the packet
filters rules, it simply discards the packet or
gives error responses to the source.
The disadvantage of packet filtering: It pays
no attention to whether the packet is a part
of existing traffic stream or not.
Instead, it filters each packet based on the
information contained in the packet such as
source & destination, address and port no.,
Second generation: Stateful filters
In 1989-1990, Dave Presetto, Jarnardhan
Sharma and Kshitij Nigam from AT&T
Bell Laboratories developed the second
generation of firewalls and named it
circuit level firewalls.
Stateful packet inspection records all
connections passing through and
determines whether the packet is the
start of a new connection, part of an
existing one or not part of any
The disadvantage of stateful filters: It faces
denial-of–service attack threat. The firewall
can be bombarded with thousands of fake
connection packets to overwhelm it by filling
its connection state memory.
Third Generation: Application layer
Marcus Raman, Wei Xin and Peter
Churchyard developed the first
Application layer firewall named Toolkit.
The key benefit of Application firewall is
it can understand certain applications and
protocols such as the FTP, DNS and
Advantage: able to detect unwanted
protocols passing through an allowed
port or if any protocol is being harmed.
Network layer operate on a relatively
low-level TCP/IP protocol stack, not
allowing packets to pass through the
firewall until they match established the
Network firewalls are of two types:
Stateful: Stateful firewalls maintain
context about active sessions and use
that “state information” to speed up
Any existing network connection can be
described by several properties, including
source and destination IP address, UDP
or TCP ports, and the current stage of
the connections lifetime.
• Stateless: Stateless firewalls require less
memory and can be faster for simple
filters that require less time to filter than
to look up a session.
They can’t make complex decisions
based on what stage communications
between hosts have reached.
Application layer firewalls work on the
application layer of the TCP/IP stack and
may intercept all packets traveling to or
from on application. They block other
Application firewalls function by
determining whether a process should
accept any connection.
Application firewalls accomplish their
function by hooking into socket calls to
filter the connection between the
application layer and other lower layers.
A proxy server, running either a
dedicated hardware or software or a
general-purpose machine, may act as a
firewall by responding to input packets in
the manner of an application, while
blocking other packets.
Proxies make tampering with an internal
system from the external network,
making security breach more difficult.
FIREWALL ARCHITECTURESFIREWALL ARCHITECTURES
There are five basic common firewall
Screened host gateways
Dual homed gateways
Belt and suspenders approach
SCREENING ROUTERSSCREENING ROUTERS
This is the simplest of firewalls as it
places packet filters in the router itself.
This is a completely transparent to all the
parties involved in it, but the screening
routers leave a chance of leak of
It merely passes the traffic from source
to destination rather from point to point.
Hence, this makes screening routers
SCREENED HOST GATEWAYSSCREENED HOST GATEWAYS
Hosts and routers are used together for
Most commonly used firewalls today
All packet filtering and access control is
performed at the router.
The router permits only that traffic that
the policy permits.
Performs number of functions as well
such as act as gateway for external
network to communicate with internal
DUAL HOMED GATEWAYDUAL HOMED GATEWAY
Dual homed gateways places a single
machine with two networks.
All users must log into the machine
before proceeding to the network, or as
a host for proxy servers, in which user
accounts are not required.
The passing of packets can be done only
after configuring the host making it
The failure rate is much higher than
SCREENED SUBNETSCREENED SUBNET
Screened subnet is similar to screened
host gateway, only one step further.
The screening router is still present at
the first point of entry and screens the
incoming traffic between Internet and the
The functions of that gateway are spread
among multiple hosts. E.g. the host can be
web server or another acts as FTP
BELT AND SUSPENDERSBELT AND SUSPENDERS
It uses screened subnet and takes it one
step further by protecting public
machines from the Internet.
There is a major difference between belt
and suspenders approach and screened
subnet: In screened subnet, proxy
servers perform the entire access control
while in belt and suspenders, proxy
server acts as first line of control. And
internal router back ups the server.
ADVANTAGES ANDADVANTAGES AND
Protect the computer from “bad”
network and give a steady interface.
Protect the system from external attack
of worms and viruses.
Help in recognition of threats and
Cannot protect from internal attacks,
such as a malicious code being executed.
Unaffected on organizations with greater
insider threats such as Banks and Military.
Protection is supposed to be present in
every layer and assess the threat too,
firewall doesn’t give protection in every
Cannot protect against transfer of virus
infected programs or files because of
huge range of operating systems and file
Firewalls in today’s generation of networks
and computer are necessary.
Every computer and router is provided
with the software or hardware form of
firewalls for protection
Firewalls are of various types and each
type is implemented based upon the
security required for network or
The disadvantages of firewalls need to be
countered and better them for higher
protection of our systems and servers.
Firewalls (computing), Wikipedia.
Firewalls and Internet Security, Second
Firewall Architecture, Indonesian Virtual