2. This includes:
Introduction
How is Firewall different
from an Antivirus?
History and Development of
Firewall
Types of Firewall
Functions of firewall
3. Introduction:
• A Firewall manages the secure in-flow and out-flow of data in a device. It
monitors the network traffic and acts as a barrier between the trusted and
untrusted network.
• The concept of Firewall is important for people interested in understanding the
network security aspect of a computer device and also for those looking
forward to strengthening their Computer Awareness.
• This is even an important topic from the perspective of competitive exams
which comprise Computer Knowledge as a compulsory subject. Candidates
will find all the necessary information well-explained here, along with well-
explained notes.
4. How is Firewall different from an
Antivirus?
A firewall is a security network designed to protect computer systems and
networks from malicious attacks.
Whereas, Antivirus is a software utility program designed to protect a system
from internal attacks from viruses.
Get a tabulated and detailed comparison between the two at the Difference
Between Firewall and Antivirus page.
With regard to a Firewall, another term that is frequently being used is a
Computer Network. To get a detailed explanation and understanding of
networking, candidates can visit the linked article.
5. History and Development of Firewall
The term ‘Firewall’ actually meant a wall which intended to confine a fire
within a line of adjacent buildings.
It was only in the late 1980s when this was acknowledged as a computer
terminology.
It was during this time that the Internet has started to emerge as a new tool for
global use. Thus, having a means which could secure the transmission and flow
of data was required by many.
Until the Firewall was introduced, routers performed the same function as it
restricted the number of people who could use a particular network.
7. Packet-Filtering Firewalls
When it comes to types of firewalls based on their method of operation, the
most basic type is the packet-filtering firewall.
It serves as an inline security checkpoint attached to a router or switch. As the
name suggests, it monitors network traffic by filtering incoming packets
according to the information they carry.
As explained above, each data packet consists of a header and the data it
transmits. This type of firewall decides whether a packet is allowed or denied
access based on the header information.
To do so, it inspects the protocol, source IP address, destination IP, source
port, and destination port. Depending on how the numbers match the access
control list (rules defining wanted/unwanted traffic), the packets are passed on
or dropped.
8.
9. Advantages
Fast and efficient for filtering
headers.
– Don’t use up a lot of
resources.
– Low cost.
Disadvantages
No payload check.
Vulnerable to IP spoofing.
Cannot filter application
layer protocols.
No user authentication.
10. Circuit-Level Gateways
Circuit-level gateways are a type of firewall that work at the session layer of
the OSI model, observing TCP (Transmission Control Protocol) connections
and sessions. Their primary function is to ensure the established connections
are safe.
In most cases, circuit-level firewalls are built into some type of software or an
already existing firewall.
Like pocket-filtering firewalls, they don’t inspect the actual data but rather the
information about the transaction.
Additionally, circuit-level gateways are practical, simple to set up, and don’t
require a separate proxy server.
11. Advantages
Resource and cost-efficient.
– Provide data hiding and protect
against address exposure.
– Check TCP handshakes.
Disadvantages
No content filtering.
– No application layer security.
– Require software modifications.
12. Stateful Inspection Firewalls
A stateful inspection firewall keeps track of the state of a connection by monitoring the TCP 3-
way handshake.
This allows it to keep track of the entire connection – from start to end – permitting only
expected return traffic inbound.
When starting a connection and requesting data, the stateful inspection builds a database (state
table) and stores the connection information.
In the state table, it notes the source IP, source port, destination IP, and destination port for
each connection
13. Cont.,
Using the stateful inspection method, it dynamically creates firewall rules to allow anticipated
traffic.
This type of firewall is used as additional security.
It enforces more checks and is safer compared to stateless filters.
However, unlike stateless/packet filtering, stateful firewalls inspect the actual data transmitted
across multiple packets instead of just the headers.
Because of this, they also require more system resources.
Keep track of the entire session.
Inspect headers and packet payloads.
14. Proxy Firewalls
A proxy firewall serves as an intermediate device between internal and external systems
communicating over the Internet.
It protects a network by forwarding requests from the original client and masking it as its own.
Proxy means to serve as a substitute and, accordingly, that is the role it plays. It substitutes for
the client that is sending the request.
When a client sends a request to access a web page, the message is intersected by the proxy
server.
The proxy forwards the message to the web server, pretending to be the client.
Doing so hides the client’s identification and geolocation, protecting it from any restrictions
and potential attacks.
The web server then responds and gives the proxy the requested information, which is passed
on to the client.
15. Next-Generation Firewalls
The next-generation firewall is a security device that combines a number of functions of other
firewalls.
It incorporates packet, stateful, and deep packet inspection. Simply put, NGFW checks the
actual payload of the packet instead of focusing solely on header information.
Unlike traditional firewalls, the next-gen firewall inspects the entire transaction of data,
including the TCP handshakes, surface-level, and deep packet inspection.
Using NGFW is adequate protection from malware attacks, external threats, and intrusion.
These devices are quite flexible, and there is no clear-cut definition of the functionalities they
offer. Therefore, make sure to explore what each specific option provides.
16. Cloud Firewalls
A cloud firewall or firewall-as-a-service (Faas) is a cloud solution for network protection.
Like other cloud solutions, it is maintained and run on the Internet by third-party vendors.
Clients often utilize cloud firewalls as proxy servers, but the configuration can vary according
to the demand.
Their main advantage is scalability.
They are independent of physical resources, which allows scaling the firewall capacity
according to the traffic load.
Businesses use this solution to protect an internal network or other cloud infrastructures
(Iaas/Paas).
17. Software Firewalls
A software firewall is installed on the host device. Accordingly, this type of firewall is also
known as a Host Firewall.
Since it is attached to a specific device, it has to utilize its resources to work. Therefore, it is
inevitable for it to use up some of the system’s RAM and CPU.
If there are multiple devices, you need to install the software on each device. Since it needs to
be compatible with the host, it requires individual configuration for each.
Hence, the main disadvantage is the time and knowledge needed to administrate and manage
firewalls for each device.
On the other hand, the advantage of software firewalls is that they can distinguish between
programs while filtering incoming and outgoing traffic.
Hence, they can deny access to one program while allowing access to another.
18. Hardware Firewalls
As the name suggests, hardware firewalls are security devices that represent a separate piece
of hardware placed between an internal and external network (the Internet). This type is also
known as an Appliance Firewall.
Unlike a software firewall, a hardware firewall has its resources and doesn’t consume any
CPU or RAM from the host devices.
It is a physical appliance that serves as a gateway for traffic passing to and from an internal
network.
They are used by medium and large organizations that have multiple computers working inside
the same network.
Utilizing hardware firewalls in such cases is more practical than installing individual software
on each device.
Configuring and managing a hardware firewall requires knowledge and skill, so make sure
there is a skilled team to take on this responsibility.
19. Functions of Firewall
Any data which enters or exits a computer network has to pass through the Firewall
All the valuable information stays intact if the data packets are securely passed through the
Firewall
Every time a data packets passed through a Firewall, it records it which allows the user to
record the network activity
No data can be modified as it is held securely within the data packets
Precisely, a Firewall ensures that all the data is secure and any malicious data trying to enter the
internal network is not allowed to pass through.