Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
78412
Views
6
Helpful
0
Comments

Firewall and types

ITA Terms
Community Member

‎06-08-2009 10:48 PM - edited ‎03-08-2019 05:57 PM

What is firewall?

Firewalls protect a Network of Computers from being Compromised, Denial of Service and other Attacks from Hackers trying to Intrude the network from outside. A Firewall can be in the form of a Hardware or a Software on a Computer, as well. A Firewall needs to be connected to a minimum of two Network Interfaces, one which is supposed to be protected (Your Internal Network) and other which is Exposed to Attacks (Generally Internet). A Firewall can also be considered as a Gateway deployed between the two Networks.

How Firewalls work?

Firewall examine all the data packets passing through them to see if they meet the rules defined by the ACL (Access Control List) made by the administrator of the network. Only, If the Data Packets are allowed as per ACL, they will be Transmitted over the Connection.

Firewalls generally also maintain a log of Important Activities in Inside the Network. A Network Administrator can define what is important for him and configure the Firewall to make the Logs accordingly.

  • Firewall can filter contents on the basis of Address, Protocols, Packet attributes and State.
  • Firewalls generally only Screen the Packet Headers.

Types of Firewalls

  • Packet Filtering Firewalls
  • Circuit Level Gateway Firewalls
  • Application level Gateway Firewalls
  • Stateful Multilayer Inspection Firewalls

Packet Filtering Firewall

  • Packet Filtering Firewalls are normally Deployed on the Routers which connect the Internal Network to Internet. Packet Filtering Firewalls can only be Implemented on the Network Layer of OSI Model.
  • Packet Filtering Firewalls work on the Basis of Rules defines by Access Control Lists. They check all the Packets and screen them against the rules defined by the Network Administrator as per the ACLs. If in case, any packet does not meet the criteria then that packet is dropped and Logs are updated about this information.
  • Administrators can create their ACLs on the basis Address, Protocols and Packet attributes.

Advantage:

  • The Biggest Advantage of Packet Filtering Firewalls is Cost and Lower Resource Usage. Best Suited for Smaller Networks.

Disadvantage:

  • Packet Filtering Firewalls can work only on the Network Layer and these Firewalls do not support Complex rule based models. Also Vulnerable to Spoofing in some Cases.

Circuit Level Gateway Firewalls

  • Circuit level gateways are deployed at the Session layer of the OSI model and they monitor sessions like TCP three way handshake to see whether a requested connection is legitimate or not.
  • Major Screening happens before the Connection is Established.
  • Information sent to a Computer outside the network through a circuit level gateway appears to have originated from the Gateway. This helps in creating a stealth cover for the private network from outsiders.

Advantage:

  • Circuit level gateways are comparatively inexpensive and provide Anonymity to the private network.

Disadvantage:

  • Circuit level Gateways do not filter Individual Packets. After Establishing a Connection, an Attacker may take advantage of this.

Application level Gateway Firewalls


  • Application level gateways work on the Application layer of the OSI model and provide protection for a specific Application Layer Procotol. Proxy server is the best example of Application Level Gateways Firewalls.
  • Application level gateway would work only for the protocols which is configured. For example, if we install a web proxy based Firewall than it will only allow HTTP Protocol Data. They are supposed to understand application specific commands such as HTTP:GET and HTTP:POST as they are deployed on the Application Layer, for a Specific Protocol.
  • Application level firewalls can also be configured as Caching Servers which in turn increase the network performance and makes it easier to log traffic.

Stateful Multilayer Inspection Firewall


  • Stateful multilayer Inspection Firewall is a combination of all the firewalls that we have studied till now.
  • They can Filter packets at Network layer using ACLs, check for legitimate sessions on the Session Layers and they also evaluate packets on the Application layer (ALG).
  • Stateful Multilayer Inspection Firewall can work on a Transparent mode allowing direct connections between the client and the server which was earlier not possible.
  • Stateful Multilayer Inspection firewall can also implement algorithms and complex security models which are protocol specific, making the connections and data transfer more secure.





Labels:
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents