2. What is firewall?
A firewall can either be software-based or hardware-based and is used to help keep a
network secure. A system designed to prevent unauthorized access to or from a
private network. Firewalls can be implemented in both hardware and software, or a
combination of both. Firewalls are frequently used to prevent unauthorized Internet users
from accessing private networks connected to the Internet, especially intranets. It is a
set of related programs, located at a network gateway server, which protects the
resources of a private network from users from other networks.
Basically, a firewall, working closely with a router program, examines each
network packetto determine whether to forward it toward its destination. A firewall also
includes or works with a proxy server that makes network requests on behalf of
workstation users. A firewall is often installed in a specially designated computer separate
from the rest of the network so that no incoming request can get directly at private
network resources. A network's firewall builds a bridge between an internal network that
is assumed to be secure and trusted, and another network, usually an external
(inter)network, such as the Internet, that is not assumed to be secure and trusted.
Explain different type of firewall?
Types of firewall:
Network layer firewall
Application layer firewall
Circuit layer firewall
Stateful multi-layer inspection firewall
3. Proxy firewall
Host-based firewall
Packet filtering
Hybrid firewall
Network layer firewall
The first generation of firewalls (c. 1988) worked at the network level by
inspecting packet headers and filtering traffic based on the IP address of the
source and the destination, the port and the service. Some of these primeval
security applications could also filter packets based on protocols, the domain name
of the source and a few other attributes.
Network layer firewalls generally make their decisions based on the source
address, destination address and ports in individual IP packets. A simple router is
the traditional network layer firewall, since it is not able to make particularly
complicated decisions about what a packet is actually talking to or where it actually
came from. Modern network layer firewalls have become increasingly more
sophisticated, and now maintain internal information about the state of connections
passing through them at any time.
One important difference about many network layer firewalls is that they route
traffic directly through them, which means in order to use one, you either need to
have a validly-assigned IP address block or a private Internet address block.
Network layer firewalls tend to be very fast and almost transparent to their users.
4. Application layer firewall
Application-level firewalls (sometimes called proxies) have been looking more deeply into
the application data going through their filters. Application layer firewalls defined, are
hosts running proxy servers, which permit no traffic directly between networks, and they
perform elaborate logging and examination of traffic passing through them. By considering
the context of client requests and application responses, these firewalls attempt to
enforce correct application behavior; block malicious activity and help organizations ensure
the safety of sensitive information and systems. They can log user activity too.
Application-level filtering may include protection against spam and viruses as well, and be
able to block undesirable Web sites based on content rather than just their IP address.
If that sounds too good to be true, it is. The downside to deep packet inspection is that
the more closely a firewall examines network data flow, the longer it takes, and the
heavier hit your network performance will sustain. This is why the highest-end security
appliances include lots of RAM to speed packet processing. And of course you'll pay for
the added chips.
Application layer firewalls defined, are hosts running proxy servers, which permit no
traffic directly between networks, and they perform elaborate logging and examination of
traffic passing through them. Since proxy applications are simply software running on the
firewall, it is a good place to do lots of logging and access control. Application layer
firewalls can be used as network address translators, since traffic goes in one side and out
the other, after having passed through an application that effectively masks the origin of
the initiating connection.
However, run-of-the-mill network firewalls can't properly defend applications. As Michael
Cobb explains, application-layer firewalls offer Layer 7 security on a more granular level,
and may even help organizations get more out of existing network devices.
5. Circuit layer firewall
These applications, which represent the second-generation of firewall technology, monitor
TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered
based on specified session rules and may be restricted to recognized computers only.
Circuit-level firewalls hide the network itself from the outside, which is useful for denying
access to intruders. But they don't filter individual packets. Applies security mechanism
when a TCP or UDP connection is established. Once the connection has been made, packets
can flow between the hosts without further checking. Circuit gateways firewalls function
at the network transport layer. They allow or deny connections based on addresses and
prevent direct connection between networks.
Stateful multi-layer inspection firewall
Stateful multilayer inspection firewalls combine the aspects of the other three types of
firewalls. SML vendors claim that their products deploy the best features of the other
6. three firewall types. They filter packets at the network level and they recognize and
process application-level data, but since they don't employ proxies, they deliver reasonably
good performance in spite of the deep packet analysis. On the downside, they are not
cheap, and they can be difficult to configure and administer. They filter packets at the
network layer, determine whether session packets are legitimate and evaluate contents of
packets at the application layer. They allow direct connection between client and host,
alleviating the problem caused by the lack of transparency of application level gateways.
They rely on algorithms to recognize and process application layer data instead of running
application specific proxies. Stateful multilayer inspection firewalls offer a high level of
security, good performance and transparency to end users. They are expensive however,
and due to their complexity are potentially less secure than simpler types of firewalls if
not administered by highly competent personnel.
Proxy firewall
Proxy firewalls offer more security than other types of firewalls, but this is at the
expense of speed and functionality, as they can limit which applications your network can
support. Proxy firewalls also provide comprehensive, protocol-aware security analysis for
the protocols they support. This allows them to make better security decisions than
products that focus purely on packet header information. Intercepts all messages entering
and leaving the network. The proxy server efficiently hides the true network addresses.
Host-based firewall
7. Network perimeter firewalls cannot provide protection for traffic generated inside a
trusted network. For this reason, host-based firewalls running on individual computers are
needed. Host-based firewalls, of which Windows Firewall with Advanced Security is an
example, protect a host from unauthorized access and attack.
In addition to blocking unwanted incoming traffic, you can configure Windows Firewall with
Advanced Security to block specific types of outgoing traffic as well. Host-based firewalls
provide an extra layer of security in a network and function as integral components in a
complete defense strategy.
In Windows Firewall with Advanced Security, firewall filtering and IPsec are integrated.
This integration greatly reduces the possibility of conflict between firewall rules and
IPsec connection security settings.
Packet filtering
Firewalls fall into four broad categories: packet filters, circuit level gateways, application
level gateways and stateful multilayer inspection firewalls.
Packet filtering firewalls work at the network level of the OSI model, or the IP layer of
TCP/IP. They are usually part of a router. A router is a device that receives packets from
one network and forwards them to another network. In a packet filtering firewall each
packet is compared to a set of criteria before it is forwarded. Depending on the packet
and the criteria, the firewall can drop the packet, forward it or send a message to the
originator. Rules can include source and destination IP address, source and destination
port number and protocol used. The advantage of packet filtering firewalls is their low
cost and low impact on network performance. Most routers support packet filtering. Even
if other firewalls are used, implementing packet filtering at the router level affords an
initial degree of security at a low network layer. This type of firewall only works at the
network layer however and does not support sophisticated rule based models. Network
Address Translation (NAT) routers offer the advantages of packet filtering firewalls but
can also hide the IP addresses of computers behind the firewall, and offer a level of
circuit-based filtering.
8. Filtering firewalls can be classified according to types of filtering:
Static Filtering – is being implemented by most routers. Rules of filters are
adjusted manually.
Dynamic Filtering – allows filtering rules to change depending on responses to
outside processes.
Hybrid firewall
Hybrid firewalls as the name suggests, represent a combination of technologies. A
hybrid firewall may consist of a pocket filtering combined with an application proxy
firewall, or a circuit gateway combined with an application proxy firewall.
The following types of firewalls are classified by intended application:
1. PC Firewalls
2. SOHO Firewalls
3. Firewall Appliances
4. Large Enterprise Type Firewalls
PC Firewalls – are known as firewalls for personal use and are designed in such a
way as to provide a satisfactory level of protection to users of single computers.
9. SOHO Firewalls – Small Office/Home Office firewalls are designed for small
businesses with no dedicated information technology personnel. These type of
firewalls offer simple configuration and sophisticated security levels. Usually
SOHO firewalls are hardware appliances.
Firewall Appliances – aimed at meeting requirements of small businesses and
remote offices of large enterprises. Firewall appliances are specialized systems
with fewer option configuration in comparison to those of a large enterprise
firewalls. The distinction between firewall appliances and large enterprise level
firewalls is identified in lesser amount of functionality, and absence of unnecessary
security levels.
Large Enterprise Type Firewalls – are usually hardware devices with extra
features required for protection of a large business. These features typically
include centralized administration, multi-firewall administration, and support for
Internet, Intranet, and Extranet services.
How firewall works?
There are two access denial methodologies used by firewalls. A firewall may allow all
traffic through unless it meets certain criteria, or it may deny all traffic unless it meets
certain criteria. The type of criteria used to determine whether traffic should be allowed
through varies from one type of firewall to another. Firewalls may be concerned with the
type of traffic, or with source or destination addresses and ports. They may also use
complex rule bases that analyses the application data to determine if the traffic should be
allowed through. How a firewall determines what traffic to let through depends on which
network layer it operates at. A discussion on network layers and architecture follows.
10. List of firewall using in Linux operating system?
1. Lptables
2. Lpcop
3. Shorewall
4. UFW – Uncomplicated Firewall
5. OpenBSD and PF
6. EBox platform
7. Monowall
8. Clear os
9. pfSense
10. Smoothwall Advanced
List of firewall using in Windows operating system?
1. Zone Alarm firewall
2. Shardaccess
3. Mpssvc