/* The following article is extracted from the "Information Security Newsletter" published by the JUCC IS Task Force. */ Show Any device that controls network traffic for security reasons can be called a firewall. It puts up a barrier that controls the flow of traffic between networks and is able to protect the boundary of a university’s internal network whilst it is connected to other networks (e.g. the Internet, third-parties’ private networks). The safest firewall would block all traffic, but that defeats the purpose of making the connection. Therefore, the key function of a firewall is to strictly control selected traffic in a secured manner. There are three major types of firewalls that use different strategies for protecting internal networks from external or internal threats.
Also known as "Packet Filters", the Screening Router is the first generation of firewall devices built on network routers and operate in first three levels of OSI reference model. The device checks for matches to any of the packet filtering rules pre-configured, and drops or rejects the packet accordingly. Network administrators are required to define a set of rules to instruct the Screening Routers to filter out packets. As most of the applications communicate over the Internet today uses well know ports for particular type of traffic, such as 80 for HTTP and 20 for FTP, the Screening Routers can easily distinguish between, and thus control, those types of traffics unless non-standard ports are used. The major weakness of Screening Routers is its "stateless" nature - no information on the connection state is examined. Instead, only the low-level information contained in the packet itself will be filtered, such as source/destination address, protocol types, port numbers, etc. Proxy Server Firewall A Proxy Server Firewall operates at the upper levels of the OSI protocol stack (i.e. all the way up to the application layer) and provides internal terminals with proxy services to external networks. Messages from internal terminals are relayed by the Proxy Server Firewall to external destinations. A major benefit of deploying Proxy Server Firewalls is that they are able to hide the internal network information or structure through changing the IP addresses of outgoing packets. Furthermore, Proxy Server Firewalls is able to look at more detailed information inside the packets, which enables more sophisticated monitoring and control of traffic flows at the network boundary. However, degradation of performance and reduction in the transparency of access to other networks are the possible by-products of using Proxy Server Firewalls. There are two types of Proxy Server Firewalls:
Stateful Inspection Firewall Being the third generation of firewall architecture, Stateful Inspection Firewalls work at multiple layers of OSI reference model, including Network Layer, Transport Layers and Application Layers, and is also known as "Dynamic Packet Filtering" firewalls. A Stateful Inspection Firewalls monitor the state of active connections, analyses the traffic patterns down to the Application Layer and detects abnormalities based on the analysis results. For illustration, incoming and outgoing packets are monitored over a period of time by the Stateful Inspection Firewall. Outgoing packets that request specific types of incoming packets are tracked and only those incoming packets constituting a proper response are allowed to pass through the firewall. The dynamic feature of Stateful Inspection Firewall enables more accurate filtering of packets by considering the context of the traffic. However, some Stateful Inspection Firewalls are implemented to allow direct connection between internal and external terminals as they rely on algorithms to recognise and process application layer data instead of relying on proxies, thus exposing internal IP addresses to potential hackers. Some firewall vendor incorporate stateful inspection and server proxy techniques together for added security. Key Benefits Achieved through Firewall
References: What is the first generation firewall?First generation firewalls were relatively simple filter systems called packet filter firewalls, but they made today's highly complex security technology for computer networks possible. Packet filter firewalls, also referred to as stateless firewalls, filtered out and dropped traffic based on filtering rules.
What comes first router or firewall?How are they Connected. Typically, a router will be the first part of your LAN system. You will then set up a network firewall in the middle of the internal network and the router so that everything flowing in and out can be checked and filtered. The switch is typically last.
What is applicationAn application layer gateway (ALG) is a type of security software or device that acts on behalf of the application servers on a network, protecting the servers and applications from traffic that might be malicious.
What are network level firewalls and applicationIn a technical sense, the difference between application-level firewalls and network-level firewalls is the layers of security they operate on. While web application firewalls operate on layer 7 (applications), network firewalls operate on layers 3 and 4 (data transfer and network).
|