Firewall: Meaning, Components and Types
A firewall is a network security device that monitors incoming and outgoing network traffic and, in accordance with a set of security criteria, either allows or stops data packets. Its goal is to create a firewall to stop harmful traffic, such as viruses and hackers, from entering your network from outside sources (such the internet).
Network Policy Firewall Components
The design, setup, and operation of a firewall system are directly impacted by two tiers of network policy. The higher-level policy is a network access policy that is issue-specific and specifies which services from the restricted network will be expressly permitted or prohibited, how these services will be utilized, and the circumstances under which exceptions to the policy will be made. The lower-level policy outlines the specific steps the firewall will take to filter and limit access to the services specified in the higher-level policy. These policies are briefly explained in the sections that follow.
More sophisticated authentication
that have happened on the Internet are partly attributable to the flaws in conventional passwords. Users have been encouraged to select passwords that are difficult to guess and to keep their passwords private for years. Even yet, conventional passwords are no longer secure since hackers can and will scan the Internet for passwords that are sent in plain text. This is true even if users heed this advice, which many do not.
To combat the shortcomings of conventional passwords, advanced authentication methods including smartcards, authentication tokens, biometrics, and software-based processes are used. Although the authentication methods differ, they are all comparable in that an attacker who has seen a connection cannot reuse the passwords created by sophisticated authentication devices. An Internet-accessible firewall that does not employ advanced authentication or does not have the hooks necessary to use it makes little sense, given the inherent issues with passwords on the Internet.
Filtering Packets
A packet filtering router, which filters packets as they travel between its interfaces, is often used for IP packet filtering. The following fields may often be used by a packet filtering router to filter IP packets: source IP address, destination IP address, TCP/UDP source port, and TCP/UDP destination port.
Gateways for Applications
Firewalls must utilize software programs to forward and filter connections for services like TELNET and FTP in order to combat some of the shortcomings of packet filtering routers. A proxy service is an application of this kind, and an application gateway is the host that hosts the proxy service. Higher degrees of security and flexibility may be achieved by combining packet filtering routers and application gateways than by using either one alone.
Take a look at a website that uses a packet filtering router to restrict all inbound TELNET and FTP connections as an example. Only one host—the TELNET/FTP application gateway—is permitted to receive TELNET and FTP packets via the router. In order to establish an inbound connection to a site system, a user must first establish a connection with the application gateway and then with the destination host, as shown below:
First, the user logs in to the application gateway using telnet and provides the internal host’s name.
The user’s originating IP address is verified by the gateway, which then determines whether to allow or refuse it based on any set access requirements.
The proxy service establishes a TELNET connection between the gateway and the internal host, the user may need to identify herself (maybe with the help of a one-time password device), the proxy service transfers bytes between the two connections, and the application gateway records the connection.
How are firewalls operated?
In order to stop attacks, firewalls thoroughly examine incoming communication in accordance with pre-established criteria and filter traffic originating from untrusted or dubious sources. At a computer’s port of entry, where data is shared with external devices, firewalls monitor traffic. For instance, “Over port 22, source address 172.18.1.1 is allowed to reach destination 172.18.2.1.”
Consider IP addresses as homes, and port numbers as individual rooms in that home. The home (destination address) can only be accessed by trustworthy individuals (source addresses) at any point. Afterwards, based on whether a person is the owner, a visitor, or a kid, only certain rooms (destination ports) inside the house may be accessed. Children and visitors are only permitted inside a limited number of rooms (particular ports), but the owner is free to use any room (any port).
varieties of firewalls
Hardware or software firewalls are both possible, while having both is preferable. A physical firewall is a device that is placed between your network and gateway, while a software firewall is an application that is installed on every computer and controls traffic via port numbers and applications.
firewalls with packet filtering
The most popular kind of firewalls are packet-filtering firewalls, which scan packets and block them from going through if they don’t meet a set of pre-established security rules. The source and destination IP addresses of the packet are verified by this kind of firewall. Packets are trusted to enter the network if they match those of a firewall “allowed” rule.
Stateful and stateless packet-filtering firewalls are the two types. Due to their lack of context and ability to study packets separately, stateless firewalls are easily targeted by hackers. Stateful firewalls, on the other hand, are thought to be much more secure as they retain information about previously sent packets.
Although packet-filtering firewalls have their uses, they are ultimately restricted to very rudimentary security. For instance, they are unable to detect if the contents of a request would negatively impact the application it is trying to contact. The firewall would have no means of knowing whether a malicious request that was approved from a reliable source address would lead to the destruction of a database, for example. Proxy and next-generation firewalls are more suited to identify these kinds of attacks.
firewalls of the next generation (NGFW)
Next-generation firewalls (NGFW) are firewalls that combine the features of classic firewalls with extra features including intrusion prevention systems, encrypted traffic inspection, and antivirus software. Its inclusion of deep packet inspection (DPI) is most notable. Deep packet inspection looks at the contents inside the packet itself, while standard firewalls simply look at the packet headers. This allows users to more successfully detect, classify, or halt packets containing dangerous material. Here’s more information on Forcepoint NGFW.
firewalls with proxies
Network traffic is filtered at the application level by proxy firewalls. In contrast to simple firewalls, the proxy serves as a mediator between two endpoints. Requests must be sent by the client to the firewall, which checks them against a list of security guidelines before deciding whether to allow or deny them. Most notably, proxy firewalls utilize both stateful and deep packet inspection to identify malicious traffic in addition to monitoring traffic for layer 7 protocols like HTTP and FTP.
Firewalls with network address translation (NAT)
Network address translation (NAT) firewalls conceal individual IP addresses by enabling many devices with separate network addresses to connect to the internet using a single IP address. Because of this, precise information cannot be obtained by attackers searching a network for IP addresses, increasing security against such assaults. NAT firewalls and proxy firewalls function as a middleman between a network of computers and external traffic.
Firewalls using stateful multilayer inspection (SMLI)
Firewalls that use stateful multilayer inspection (SMLI) filter packets at the network, transport, and application levels by contrasting them with packets that are known to be trustworthy. Similar to NGFW firewalls, SMLI filters look at the complete packet and only let it through if each layer is successfully passed. As implied by the name, these firewalls inspect packets to ascertain the connection’s status and make sure that any initiated contact is only occurring with reliable sources.