Types of Firewalls
There are several different ways firewalls filter information to protect networks:
- Packet filtering: Each packet entering or even leaving the network is checked and either passed or rejected depending on a set of user-defined rules.
Packet filtering is relatively effective and transparent to users; however, it is difficult to configure and is susceptible to IP spoofing (a technique used to gain unauthorised access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host).
A packet filter firewall is essentially a router with packet-filtering software. Packet filters are an attractive option where budget is limited, where some flexibility is desirable, and where only shallow access control is required.
- Application filtering: An application gateway firewall uses software to intercept connections for each Internet protocol and to perform security inspection.
It involves what is commonly known as proxy services. A proxy is a piece of code designed for a specific application, eg, FTP. The proxy acts as an interface between the user on the internal trusted network and the Internet. With application-level firewall technology, the proxy checks for permission to connect to another network and can enforce access control rules specific to the application (packet filtering cannot do this).
While this is considered to be the most secure type of firewall design, the extra overhead of transporting data up to the application layer can lead to degradation in performance.
- Circuit-level gateway: This gateway applies security mechanisms at the TCP or UDP level and only while the connection is being established. Once the connection is established packets can flow between the hosts without further checking.
- Proxy server: A proxy server effectively hides the true internal network addresses and intercepts all messages, both entering and leaving the network.
- Stateful inspection: Stateful inspection technology, developed and patented by Check Point, works at the network layer and does not require a separate proxy for each application.
Stateful inspection evaluates IP header information and constantly monitors a dynamic state table for each connection. A connection is rejected when it attempts an action that is not a standard use of the protocol.
A firewall appliance is a specially designated computer with integrated firewall software to separate from the rest of the network so that no incoming request can get directly at private network resources.
For smaller organisations, software firewall solutions can be installed directly onto each machine to offer limited protection. In fact, to this end, McAfee now includes an Integrated Personal Firewall in its VirusScan product and Microsoft includes a basic firewall in Windows XP.
