What
is a Firewall?
A firewall is a piece of hardware and/or software which functions in a
networked environment to prevent some communications forbidden by the
security policy, analogous to the function of firewalls in building
construction. A firewall is also called a Border Protection Device
(BPD), especially in NATO contexts, or packet filter in BSD contexts. A
firewall has the basic task of controlling traffic between different
zones of trust. Typical zones of trust include the Internet (a zone
with no trust) and an internal network (a zone with high trust). The
ultimate goal is to provide controlled connectivity between zones of
differing trust levels through the enforcement of a security policy and
connectivity model based on the least privilege principle. Proper
configuration of firewalls demands skill from the administrator. It
requires considerable understanding of network protocols and of
computer security. Small mistakes can render a firewall worthless as a
security tool.
What are the different types of Firewalls?
There are three basic types of firewalls depending on:
|
|
Whether the
communication is being done between a single node and the network, or
between two or more networks.
|
|
|
Whether the
communication is intercepted at the network layer, or at the
application layer.
|
 |
Whether the communication
state is being tracked at the firewall or not. |
|
With regard to the scope
of filtered communications there exist:
|
|
Personal firewalls, a
software application which normally filters traffic entering or leaving
a single computer. |
|
Network firewalls, normally
running on a dedicated network device or computer positioned on the
boundary of two or more networks or DMZs (demilitarized zones). Such a
firewall filters all traffic entering or leaving the connected networks. |
|
The latter definition
corresponds to the conventional, traditional meaning of "firewall" in
networking. In reference to the layers where the traffic can be
intercepted, three main categories of firewalls exist: |
|
Network layer firewalls. An
example would be iptables. |
|
Application layer firewalls.
An example would be TCP Wrappers. |
|
Application firewalls. An
example would be restricting ftp services through/etc/ftpaccess file. |
These network-layer and application-layer types of firewall may
overlap, even though the personal firewall does not serve a network;
indeed, single systems have implemented both together.
There's also the notion of application firewalls which are sometimes
used during wide area network (WAN) networking on the world-wide web
and govern the system software. An extended description would place
them lower than application layer firewalls, indeed at the Operating
System layer, and could alternately be called operating system
firewalls.
Lastly, depending on whether the firewalls keeps track of the state of
network connections or treats each packet in isolation, two additional
categories of firewalls exist:
|
|
Stateful
firewalls |
|
|
Stateless
firewalls
|
What is a Network-layer Firewall?
Network layer
firewalls operate at a (relatively) low level of the TCP/IP protocol
stack as IP-packet filters, not allowing packets to pass through the
firewall unless they match the rules. The firewall administrator may
define the rules; or default built-in rules may apply (as in some
inflexible firewall systems). A more permissive setup could allow any
packet to pass the filter as long as it does not match one or more
"negative-rules", or "deny rules". Today network firewalls are built
into most computer operating systems and network appliances. Modern
firewalls can filter traffic based on many packet attributes like
source IP address, source port, destination IP address or port,
destination service like WWW or FTP. They can filter based on
protocols, TTL values, netblock of originator, domain name of the
source, and many other attributes.
What is an Application-layer Firewall?
Application-layer
firewalls work on the application level of the TCP/IP stack (i.e., all
browser traffic, or all telnet or ftp traffic), and may intercept all
packets traveling to or from an application. They block other packets
(usually dropping them without acknowledgement to the sender). In
principle, application firewalls can prevent all unwanted outside
traffic from reaching protected machines.
By inspecting all
packets for improper content, firewalls can even prevent the spread of
the likes of viruses. In practice, however, this becomes so complex and
so difficult to attempt (given the variety of applications and the
diversity of content each may allow in its packet traffic) that
comprehensive firewall design does not generally attempt this approach.
The XML firewall exemplifies a more recent kind of application-layer
firewall.
What are Proxies?
|
A proxy
device (running either on dedicated hardware or as software on a
general-purpose machine) may act as a firewall by responding to input
packets (connection requests, for example) in the manner of an
application, whilst blocking other packets. Proxies make tampering with
an internal system from the external network more difficult and misuse
of one internal system would not necessarily cause a security breach
exploitable from outside the firewall (as long as the application proxy
remains intact and properly configured). Conversely, intruders may
hijack a publicly-reachable system and use it as a proxy for their own
purposes; the proxy then masquerades as that system to other internal
machines. While use of internal address spaces enhances security,
crackers may still employ methods such as IP spoofing to attempt to
pass packets to a target network. |
Summary
Syntensia firewall manages all communications traffic between the
Internet and internal networks to block unauthorized access.
Administrators can block or allow access, for each protocol, to each
internal network, server, service, and user group. The firewall
inspects both networking information (packet headers) and application
information (payloads) to detect and block suspicious traffic. |
