What is a Firewall
An Introduction to Firewalls
A firewall come as a hardware or software system responsible for preventing Unauthorized/Unauthenticated access to a network. Firewalls are frequently used in institutions and organizations to prevent Internet users from accessing private networks. All data entering or leaving the internal network pass through the firewall, which examines each packet and based on certain rules blocks those packets that do not meet the specified security criteria hence generating an Alert.
Firewalls can be implemented as both hardware and software, or a combination of both.
Firewalls helps prevent hackers from logging into machines on your network remotely and filter the malicious traffic and keeps the internal network Infrastructure secure. The firewalls block traffic from the outside to the inside, but permit users on the inside to communicate a little more freely with the outside.
Firewalls provide an essential logging and auditing function hence Firewalls are useful as they can provide a single block point, where security and auditing can be imposed and monitoring can be done. This is an important benefit as firewalls can provide summaries to the administrator about what type/volume of network traffic has been passed through it.
Types of Firewalls:
Packet Filter Firewall
State-full Inspection Firewall
Circuit Level Gateway
Application Level Gateway
[highlight]Packet Filter Firewall[/highlight] : Packet Filter firewalls allows to decide what packets are allowed on a secured network and what packets are not allowed. The packet filter firewall has rules based mechanism that defines weather a network packet is allowed or not . In this case, each packet will be inspected before passing through the network, and after monitoring and inspecting, the firewall will decide whether to let it pass or not.
Further the packet filter mechanisms can be divided further into 2 more categories :
- State-full packet Filtering
- Stateless Packet filtering
- State full packet Filtering: This type of firewalls are better known as a Intelligent firewall. If the firewall remembers the packets it allowed and blocked in the network, then it is known as state-full packet filtering. Sometimes it is also called a dynamic packet process.
- Stateless Packet filtering: In this case, information about all those previous packets passed through the networks is not being remembered by a firewall. This type of firewall can be bypassed and easily fooled by attackers, and is especially dangerous for UDP data packets. This firewall will never come to know whether the given packet is a part of existing connection or any rough useless packet, because it isolates each and every packet.
State-full Inspection Firewall: As mentioned in the stateful packet filtering process this type of firewall works somewhat in the same way. Additionally, this type of firewall keeps a track record of TCP streams to inspect each and every packet passing through and in and out of the network. Generally this type of firewall is only constructed to inspect packets which are coming in only one direction, from client to server. There is an automated process which handles the replies going from server to client. It has an ability to support a wider range of protocols mainly the application layer protocols.
Circuit Level Gateway: Circuit Level Gateway firewall works from within the session layer. It checks the authenticity of the TCP handshake between packets in order to check if the established session is authentic or not. Therefore no individual packets are filtered . The problem with this is that there is no provision for the cleaning of malicious packets.
One Similar category of firewalls is Network Layer firewalls that take the decisions based on the source IP address, destination IP address and ports in individual IP packets . This makes us say that even a simple router is also a Network level firewall .
Also this firewall routes the traffic directly through it .
Application Level Gateway: This is an Application level gateway that has a firewall in itself . These are the hosts that run proxy servers, which allow zero network traffic directly between the internal or external networks, and perform elaborate logging and examination of network traffic passing through them. Since proxy applications are simply software running on the firewall, it is a good place to do logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one side and out the other after having passed through an application that effectively masks the origin of the initiating connection.
Why do we need Firewalls
The Internet leaves the organization networks or private networks vulnerable to hackers who want to access financial , personal and other sensitive information. Some hackers may be after your high-speed connection so that they can send malicious viruses and worms, blackening your reputation.
A firewall works as a protection layer , or a shield, between your private network and internet. All network packets entering or leaving the private network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
Firewalls provide security over a number of online threats such as Remote Administration Tools , Trojan backdoor , Session hijacking , DOS & DDOS attacks on the servers , cookie stealing and many more.