A Firewall may be simply defined as a single point between two or more networks where all traffic must pass, the firewall authenticates, controls and logs all the traffic.
In the computing world Firewall is a software or hardware based network security system that controls incoming and outgoing network traffic by analysing data packets and determining whether they should be allowed through or not based on a certain rule set. It can have a variety of configuration depending upon the user requirement. It builds a bridge between internal and external network and protects against →
- Remote login
- Application back doors
- Virus, spam, malware etc.
A Firewall accomplishes controlled access using –
- Packet filtering
- Circuit level gateway
- Application level gateway
- Stateful inspection
Types of Firewall
On the basis of Traffic controlling technique Firewall can be categorised into the following four:
Packet Filtering Firewall – It operates by filtering the incoming and outgoing packets using routers or devices that have been configured to screen.
It examines the information contained in TCP and IP packet headers, in order to accept or deny packets from entering or leaving the network. It checks the following attributes –
- Source address
- Destination address
- Application or protocol
- Source port number
- Destination port number
Circuit Level Firewall – Along with allowing or disallowing packets a Circuit Level Firewall also determines whether the connection between both ends is valid. It validates each session of established connection for exchange of data and monitors TCP handshaking.
It also checks connection request attributes against configured filtering rules and then traffic is filtered based on specified session rules. It checks for the following –
- Destination of IP address / Port
- Source of IP address / Port
- Time of day
Application Level gateway – An Application Level gateway is similar to circuit level gateways but is application specific i.e. it can filter packets at the application layer of the OSI model. Incoming or outgoing packets are unable to access services for which there is no proxy. Therefore, it is also called proxies. It can also be used to log user activity and logins. They can also filter application specific commands.
Stateful Multilayer Inspection – Such a firewall is the combination of all the three. Traffic is filtered based on specific application rules, such as specified app, browser or protocol (FTP) or combinations. It filters packets at network layer which determines whether a session is legitimate or not and then evaluates the contents of the packet at application layer.