Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say..
– Edward Snowden
Introduction
Firewall is one of the most important components of cyber security. Today we cannot imagine a network without a firewall. At a very basic level, Firewall protects any internal network by filtering all the incoming and outgoing traffic based on a set of defined security rules. But they can do more like intrusion detection, DHCP, VPN services or denial of service protection.
A firewall typically establishes a barrier between a trusted network and an untrusted network, such as the Internet. They can be categorized as a network-based or a host-based firewalls. Network-based firewalls are installed at entry/exit point of a network whether it is a can be a local network or a WAN. Further, network-based firewalls can be purely a software or a hardware firewall running a specialized hardware.
Host-based firewalls are installed directly on the host (for example a person computer or laptop) and it controls network traffic on that particular host. The installation can be in a form a service or daemon (a background process).
Firewalls can of following five different types –
Packet-filtering firewalls
The first and most basic firewall is called packet filtering. As the name suggests this firewall reads the packets do certain actions based on the access control list defined for it. There are three basic actions which this type of firewalls does –
- Silently discard the packet with no response
- Discard and send ICMP or TCP reset response to the sender
- Forward the packet to the next hop
Packet-filtering firewalls use routers with packet-filtering rules to grant or deny access based on source address, destination address, and port. They offer minimum security, but at a very low cost. Packet filtering firewalls are very fast and flexible. But being very basic in features they are suitable only for networks with low risk.
Circuit-level gateways
Circuit level gateways are firewalls that ensures whether the established connections are legitimate. They work are the session layer and monitors TCP connections and sessions. Unlike packet filtering, they don’t inspect the packet itself but the whole session.
Circuit level gateways provide more protection than packet filtering. However, they are not usually installed as a stand-alone solution but are often used along with application level gateways.
Stateful inspection firewalls
Stateful inspection firewall goes beyond packet filtering and it tracks individual sessions in a network. It is also called dynamic packet filtering. It keeps a track of state of network connections. For example, TCP sessions, UDP datagrams and ICMP messages. This firewall can also apply labels to the packets like LISTEN or ESTABLISHED. This offers more security than either packet filtering or circuit level but it decreases network performance and they need more system resources.
Stateful inspection firewall builds a database for each connection. This is called state table. Source address, destination address and ports information are stored in this state table.
This type of firewalls are considered where a balance between packet filtering and application proxy is needed.
Application-level gateways (a.k.a. proxy firewalls)
Application level gateways or proxy firewalls are hosts running proxy servers. They permit no traffic directly between networks, and they perform elaborate logging and auditing of traffic passing through them.
For example, each request of a web page goes through the proxy. The proxy then forwards the message to the web server, pretending to be the client. This way client’s info is hidden which protects it from any potential attack. When web page response is reaches to the proxy it forwards it to the requesting client.
Next-gen firewalls
A new generation of firewall that combines all the features of packet filtering, stateful inspection and more. It does not only inspect the header information of packets but also the actual data in the payload. It inspects the entire session of data, including the TCP handshakes, surface-level, and deep packet inspection. In a deep packet inspection, firewalls monitors a web browsing session and have features of tracking whether a packet payload, when assembled with other packets in an HTTP server reply, constitutes a legitimate response.
These are most advanced and latest firewalls which can provide protection from most external threats and intrusion. However, they costlier than other firewall solutions.
Conclusion
A tool is as good as the skills of person handling it. There are different types of firewalls available in the market with many different features. But in the end, it is just a tool and which tool is needed for your purpose and how to configure it properly are also very important steps towards securing your network.
Also, firewalls are indispensable assets in most organizations today. However, like all technologies, firewalls can create problems of their own. Like slowing down the traffic or blocking the legitimate traffic.
Finally, firewall is positioned to protect internal hosts. However, a firewall is only a controlled gateway. It cannot stop attacks from malicious insiders, nor can it take the place of education and security policies and procedures.