Introduction To Firewalls
Introduction
A firewall is simply a system designed to prevent
unauthorised access to or from a private network.
Firewalls can be implemented in both hardware and
software, or a combination of both. Firewalls are
frequently used to prevent unauthorised Internet
users from accessing private networks connected to
the Internet. All data entering or leaving the
Intranet pass through the firewall, which examines
each packet and blocks those that do not meet the
specified security criteria.
Generally, firewalls are configured to protect
against unauthenticated interactive logins from the
outside world. This helps prevent "hackers" from
logging into machines on your network. More
sophisticated firewalls block traffic from the
outside to the inside, but permit users on the
inside to communicate a little more freely with the
outside.
Firewalls are also essential since they can provide
a single block point where security and audit can be
imposed. Firewalls provide an important logging and
auditing function; often they provide summaries to
the admin about what type/volume of traffic that has
been processed through it. This is an important
point: providing this block point can serve the same
purpose (on your network) as a armed guard can (for
physical premises).
Theoretically, there are two types of firewalls:
1.
Network layer
2.
Application layer
They
are not as different as you may think, as described
below.
Which is which depends on what mechanisms the
firewall uses to pass traffic from one security zone
to another. The International Standards Organization
(ISO) Open Systems Interconnect (OSI) model for
networking defines seven layers, where each layer
provides services that higher-level layers depend
on. The important thing to recognize is that the
lower-level the forwarding mechanism, the less
examination the firewall can perform.
Network layer firewalls
This type generally
makes their decisions based on the source address,
destination address and ports in individual IP
packets. A simple router is the traditional network
layer firewall, since it is not able to make
particularly complicated decisions about what a
packet is actually talking to or where it actually
came from.Modern network layer firewalls have become
increasingly more sophisticated, and now maintain
internal information about the state of connections
passing through them at any time.
One thing that's an
important difference about many network layer
firewalls is that they route traffic directly though
them, so to use one you either need to have a
validly assigned IP address block or to use a
private internet address block. The network layer
firewalls tend to be very fast and tend to be mostly
transparent to its users.
Application layer firewalls
These generally are hosts running proxy servers,
which permit no traffic directly between networks,
and which perform elaborate logging and examination
of traffic passing through them. Since proxy
applications are simply software running on the
firewall, it is a good place to do lots of logging
and access control. Application layer firewalls can
be used as network address translators, since
traffic goes in one side and out the other, after
having passed through an application that
effectively masks the origin of the initiating
connection.
Having an application in the way in some cases may
impact performance and may make the firewall less
transparent. Early application layer firewalls are
not particularly transparent to end-users and may
require some training. However more modern
application layer firewalls are often totally
transparent. Application layer firewalls tend to
provide more detailed audit reports and tend to
enforce more conservative security models than
network layer firewalls.
The Future of firewalls sits somewhere between both
network layer firewalls and application layer
firewalls. It is likely that network layer firewalls
will become increasingly aware of the information
going through them, and application layer firewalls
will become more and more transparent. The end
result will be kind of a fast packet-screening
system that logs and checks data as it passes
through.
|
|
BACK |
TOP |
NEXT |
|
|
