“What is firewall” is not a uncommon question to hear in today’s internet world. Firewall is a network security tool that scans the incoming and outgoing network traffic and decides whether to allow or block such traffic based on pre-defined security rules. It is kind of the first line of defense in protecting your sensitive information while being on the internet. For better safety, you should always encrypt your data.
Based on what layer firewall is configured, it can be categorized as a hardware firewall or a software firewall. Other types of firewalls include stateful inspection firewalls, packet filtering firewalls, next-generation firewalls (NGFWs) and proxy firewalls.
What is firewall
A firewall forms a barrier through which the network traffic passes in and out of the machine. A firewall security policy dictates which network traffic is authorized to pass in which direction. A firewall may be designed to operate as a filter at the level of IP packets or may operate at a higher protocol layer.
Today’s firewalls don’t just filter packets but also does other functionalities like checking whether the incoming code is dangerous and then passing their attachments to an anti-virus program.
In this article, we’ll discuss not only general characteristics of the firewall but also the types of firewalls like the packet filtering firewall, the stateful inspection firewall, etc., the limitations and future of a firewall.
Internet Connectivity is no longer optional for organizations. The individual users within the organization require internet access without which their interaction with the outside world wouldn’t be possible.
However, besides Internet access proving beneficial for the organization also poses threats to it. So it is necessary for the workstation and servers on the network premises to equip themselves with robust security features.
One such useful security feature is the implementation of the firewall. The firewall sits between the computer and the Internet which acts as an outer security wall or perimeter. The perimeter aims to protect the computer network from Internet-based attacks.
Basic Classification of firewall
Based on what layer firewall is installed on, it can be classified into two types:
A hardware firewall is a physical unit which sits between your devices and the network. It can be in the form of router or UTM (Unified Threat Management) that provides for many security applications like intrusion detection, anti-virus, anti-malware, content filtering all with the aid of a single management console.
Hardware devices are dedicated security devices and so are more popular, robust and secure. They are primarily preferred option for the corporates.
Software firewall comes in the form of software which sits inside the device or the server. They are quite powerful but needs a lot of expertise to configure it correctly. They are cheap but can eat up your machine resources. Most of the operating systems like Windows and Linux provide their free firewall software.
All the traffic from inside to outside and vice versa must pass through the firewall. This is achieved by physically blocking all the access to the local network except via the firewall.
Only the authorized traffic, as defined by the security policy will be allowed to pass.
A firewall defines a single choke point that keeps unauthorized users out of the protected network, prohibits potentially vulnerable services from entering or leaving the network, and provides protection from various kinds of IP spoofing and routing attacks.
A firewall provides a location for monitoring security-related events. Audits and alarms can be implemented on the firewall system.
It is a convenient platform for several internet functions too that are not security related. These include a network address translator (NAT) which maps local addresses to Internet addresses and a network management function that audits or logs internet usage.
Firewall with VPN
Firewalls can be used to implement virtual private networks (VPN) using the tunnel mode capability of VPN. If the firewall is installed at the back of VPN server, then it allows only the VPN specific packets to pass. If the firewall is mounted at the front of VPN, it will enable only the tunnel data on its internet interface to pass to the server.
Firewall techniques to control access and enforce security policy
It determines the types of Internet services that can be accessed, inbound or outbound. The firewall may filter traffic by IP address and TCP port number, it may have a software proxy software that receives and interprets each service request before passing it on or may host the server software itself such as Web or Mail service.
It determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.
It controls access to a service according to which user is attempting to access it. This feature is typically applied to users. It is applied to users inside the firewall perimeter and also to the incoming traffic from external users.
It controls how particular services are used. E.g., the firewall may filter email to eliminate spam.
Types of firewall
Packet filter firewalls
The most basic, fundamental kind of firewall is called a packet filter. They are essentially routing devices that include access control functionality for system addresses and communication sessions. The access control functionality of a packet filter firewall is governed by a set of directives collectively referred to as a ruleset.
In their most basic form, they operate at Layer3, i.e., Network Layer of the OSI model. It has certain drawbacks like since it can’t examine upper layer data, they cannot prevent attacks that employ application-specific vulnerabilities or functions.
Because of the limited information available at the firewall level, the logging facility present in packet filter firewalls is limited. Some of the outside attacks that can be made on packet-filtering routers include IP address spoofing, Source routing attacks, and Tiny fragment attacks.
Stateful inspection firewalls
They are packet filters that operate mainly at the layer 4, i.e., the Transport layer of the OSI model. Stateful inspection evolved from the requirement to accommodate specific features of the TCP/IP protocol suite that makes firewall deployment difficult.
Unlike a simple packet filtering firewall, it tightens up the rules for TCP traffic by creating a directory of outbound connections. There is an entry for each currently established connection.
When new packets arrive, it allows incoming traffic for those ports only whose packets fit the profile of any one of the entries in the directory. If the packet does not match, then it is evaluated according to the rule for new connections. It is dynamic and also effective but prone to DoS attacks.
Application proxy gateway firewalls:
Advanced Firewalls that combine lower layer access control with the upper layer, i.e., layer7-application layer. They do not require a layer three route between the inside and outside interfaces of the firewall. The firewall software performs the routing.
If the software ceases to function, the firewall system is unable to pass network packets. Each proxy is referred to as a proxy agent which interfaces directly with the firewall access control ruleset to determine whether a given piece of network traffic should be permitted to transit the firewall.
In addition to it, the proxy agent can require authentication of each network user. The application-proxy gateway firewalls have extensive logging capabilities due to the firewall being able to examine the entire network and not only the network addresses and ports.
They allow security administrators to enforce whatever type of user authentication they deem appropriate for the given enterprise.
Next-generation firewall (NGFW)
These firewalls apart from packet filtering have advanced capabilities like intrusion prevention, application awareness, and techniques to deal with the security threats, blocking the risky apps, decrease the reaction time. Most of the companies have deployed this kind to deal with the network threats.
The firewall can’t protect against attacks that bypass the firewall. It is generally impossible for the firewall to scan all incoming files, e-mail, data packets and messages for viruses given that every day new vulnerabilities are being built and strengthened. You should enable auditing and keep reviewing the configuration of your firewall for ensuring high security for your system.
It also does not protect against internal threats such as an employee helping an external hacker. It can’t defend against the transfer of virus-infected programs or files because of the variety of operating systems and applications supported inside the perimeter.
Conclusion – What is firewall
Since firewall as a term coming into existence in the late 1980s to network technology, it evolved continuously. You can say that the predecessors to firewalls for network security were the routers. Each generation consists of different filter mechanism and more and more secure versions of the firewall itself. The future of firewall depends on how it is upgraded with new capabilities from time to time and other influences like network threats and viruses.