Firewall is referred to as a particular device or a set of devices that are designed effectively to permit or block network transmissions based on a few protocols. Unauthorized access is restricted to protect networks and permission is provided to those requests that are legitimate. Personal computers or laptops use software based firewalls to protect their system against possible threats from the Internet. Routers too contain different firewall components and check the data before giving safe passage.
On the contrary, firewalls sometime too try to act as a router and perform its functions. Implementation of firewalls can be done on both hardware and software or in both simultaneously. Specific security criteria and codes are followed and each message is examined while entering or leaving the Internet, most importantly Intranets.
Firewall technology came into the scenario in the late eighties when the concept of the Internet was just at the inception stage. Internet was a fairly new term and it had just started functioning globally. The predecessors to the firewalls were only the routers till the mid of eighties.
Functioning of the Firewall
With a firewall, a particular organization or a particular machine is safe and secure at every connection to the Internet. Telnet servers, FTP servers, Web servers, etc can be setup. Moreover, connection to the websites can be checked. A firewall gives tremendous boost to companies by measuring the access to the Internet. Firewalls generally use three methods to control the packet burst in and out of the network.
Small chunks of data combine together to form a packet. There are other several parts of a packet too. Be it a header or the physical/logical addresses. Packets in a firewall are analyzed thoroughly against a particular collection of filters. The content is checked and if at all there is any kind of breach with the protocol, the packet is discarded immediately and the rest of the packets are passed through.
Proxy Service: A proxy device sometimes acts as a firewall. They respond to the input packets like an application, while blocking unnecessary, protocol-failed packets.
Here, the information from the Internet is retrieved and then it is passed on to the requesting structure to check the rules and regulations. If it gets the permit, then access to the Internet becomes possible.
Here, contents of each packet are not examined but comparison between a few of the important parts of the packet is done with the database of some reliable source of information.
Specific, well defined characteristics monitor the information travelling, i.e., the passage through which the packets travel, is being constantly monitored. On receiving the information, it is compared with the characteristics. If the comparison leads to a fairly reasonable match, the information is allowed to pass through, or else it is discarded.
The Different Types of Firewalls
The types of firewalls vary depending on where the communication is happening, where it is intercepted and till where it traces up to.
Network Layer : Again the concept of packet filters come into the scenario. These are Network Layer Firewalls. They operate on the lower level of the TCP/IP protocol suite, thereby not allowing packets to pass through if the specific criterion is not met. The firewall administrator either creates new rules or it applies default rules.
If a packet does not match with the existing connection, it is then updated according to the new protocols set for the new connections. Firewalls today posses the ability to filter packets based on attributes like the destination IP address, source port, IP address etc.
Application Layer : In the application level of TCP/IP stack, the Application -layer Firewall functions. It works on the principle of dropping all the unwanted packets from reaching the secured machine.
It prevents the spread of Trojans and Computer worms by inspecting all the packets for improper contents. Though it functions like packet filters but actually it works on the principle of applying filters on processes rather than connections on a port.
There is a set of rules of local processes which determines the extent of filtering. These set of rules do not give security against process modifications like memory corruption exploits. Due to these limitations, application firewalls are being replaced by new generation application firewall, like AppArmor in the Linux operating systems, which relies upon Mandatory access Control (MAC).
Proxies: By running on dedicated hardware, a proxy device can act as a firewall by blocking packets while responding to connection requests. Hijacking a publicly reachable system is easier and can be used for other purposes because tampering from the external network with an internal system. IP spoofing is a technique used by the hijackers to pass packets to target network.
Network Address Translation: Firewalls sometimes hide the address of the hosts. According to the NAT functionality, the hosts have a private address range which is protected behind a firewall.
Advantages Of Firewall
Protection provided from threat: Network security is improved to reduce risks on the subnet by filtering insecure services. Thus, subnet network is exposed to much lesser risks.
Controlled access to systems: Access to site systems is controlled by the firewall.
Filtered and higher concentration of Security: Additional security software can always be located on firewall systems. It is comparatively cheaper for an organization.
Privacy enhancement: Firewalls are mostly used by different sites to block certain services like the last login time, details of the last read mail etc. DNS information too can be blocked by firewalls.
Policy implementation: Enforcement of network access policy is perhaps the most important feature of firewalls. A network access policy can be easily implemented by a firewall, which is not possible sans the cooperation from the users, provided you don’t have a firewall.
Software firewalls are installed beforehand in your system. They ensure that every machine gets the minimum level of protection against the threats while accessing the Internet. Otherwise if you want to put in additional software, you can do so by installing it.
If a hardware appliance is to be installed, best thing to do is to install it at each point on your network. Since it is always turned on, it is highly robust and helps in protecting the system 24X7.