What
is a Firewall?
A firewall is a piece of hardware and/or software which
functions in a networked environment to prevent some communications
forbidden by the security policy, analogous to the function
of firewalls in building construction. A firewall is also
called a Border Protection Device (BPD), especially in NATO
contexts, or packet filter in BSD contexts. A firewall has
the basic task of controlling traffic between different
zones of trust. Typical zones of trust include the Internet
(a zone with no trust) and an internal network (a zone with
high trust). The ultimate goal is to provide controlled
connectivity between zones of differing trust levels through
the enforcement of a security policy and connectivity model
based on the least privilege principle. Proper configuration
of firewalls demands skill from the administrator. It requires
considerable understanding of network protocols and of computer
security. Small mistakes can render a firewall worthless
as a security tool.
What are the different types of Firewalls?
There are three basic types of firewalls depending on:
|
Whether
the communication is being done between a single
node and the network, or between two or more networks.
|
|
Whether
the communication is intercepted at the network
layer, or at the application layer.
|
 |
Whether
the communication state is being tracked at the
firewall or not. |
|
With regard to the scope of
filtered communications there exist:
|
|
Personal
firewalls, a software application which normally
filters traffic entering or leaving a single computer. |
|
Network
firewalls, normally running on a dedicated network
device or computer positioned on the boundary of
two or more networks or DMZs (demilitarized zones).
Such a firewall filters all traffic entering or
leaving the connected networks. |
|
The
latter definition corresponds to the conventional,
traditional meaning of "firewall" in networking.
In reference to the layers where the traffic can
be intercepted, three main categories of firewalls
exist: |
|
Network
layer firewalls. An example would be iptables. |
|
Application
layer firewalls. An example would be TCP Wrappers. |
|
Application
firewalls. An example would be restricting ftp services through/etc/ftpaccess file. |
These network-layer and application-layer types of firewall
may overlap, even though the personal firewall does not
serve a network; indeed, single systems have implemented
both together.
There's also the notion of application firewalls which are
sometimes used during wide area network (WAN) networking
on the world-wide web and govern the system software. An
extended description would place them lower than application
layer firewalls, indeed at the Operating System layer, and
could alternately be called operating system firewalls.
Lastly, depending on whether the firewalls keeps track of
the state of network connections or treats each packet in
isolation, two additional categories of firewalls exist:
|
Stateful
firewalls |
|
Stateless
firewalls
|
What is a Network-layer Firewall?
Network layer firewalls operate
at a (relatively) low level of the TCP/IP protocol stack
as IP-packet filters, not allowing packets to pass through
the firewall unless they match the rules. The firewall administrator
may define the rules; or default built-in rules may apply
(as in some inflexible firewall systems). A more permissive
setup could allow any packet to pass the filter as long
as it does not match one or more "negative-rules",
or "deny rules". Today network firewalls are built
into most computer operating systems and network appliances.
Modern firewalls can filter traffic based on many packet
attributes like source IP address, source port, destination
IP address or port, destination service like WWW or FTP.
They can filter based on protocols, TTL values, netblock
of originator, domain name of the source, and many other
attributes.
What is an Application-layer
Firewall?
Application-layer firewalls
work on the application level of the TCP/IP stack (i.e.,
all browser traffic, or all telnet or ftp traffic), and
may intercept all packets traveling to or from an application.
They block other packets (usually dropping them without
acknowledgement to the sender). In principle, application
firewalls can prevent all unwanted outside traffic from
reaching protected machines.
By inspecting all packets for improper content, firewalls
can even prevent the spread of the likes of viruses. In
practice, however, this becomes so complex and so difficult
to attempt (given the variety of applications and the
diversity of content each may allow in its packet traffic)
that comprehensive firewall design does not generally
attempt this approach. The XML firewall exemplifies a
more recent kind of application-layer firewall.
What are Proxies?
A
proxy device (running either on dedicated hardware
or as software on a general-purpose machine) may
act as a firewall by responding to input packets
(connection requests, for example) in the manner
of an application, whilst blocking other packets.
Proxies make tampering with an internal system from
the external network more difficult and misuse of
one internal system would not necessarily cause
a security breach exploitable from outside the firewall
(as long as the application proxy remains intact
and properly configured). Conversely, intruders
may hijack a publicly-reachable system and use it
as a proxy for their own purposes; the proxy then
masquerades as that system to other internal machines.
While use of internal address spaces enhances security,
crackers may still employ methods such as IP spoofing
to attempt to pass packets to a target network. |
Summary
White Knight firewall manages all communications
traffic between the Internet and internal networks to block
unauthorized access. Administrators can block or allow access,
for each protocol, to each internal network, server, service,
and user group. The firewall inspects both networking information
(packet headers) and application information (payloads)
to detect and block suspicious traffic. |
