To keep your network data secure, start with this introduction to firewalls. This tutorial provides an overview of what firewalls are and what benefits they provide, how they work and different firewall types. Get important information you'll need to start auditing network traffic in the enterprise.A firewall is a hardware or software system that prevents unauthorized access to or from a network. It can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet.
A firewall is a hardware or software system that prevents unauthorized access to or from a network. It can be implemented in both hardware and software or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the internet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.
Generally, firewalls are configured to protect against unauthenticated interactive logins from the outside world. This helps prevent hackers from logging into machines on your network. More sophisticated software block traffic from the outside to the inside, but permit users on the inside to communicate a little more freely with the outside.Firewalls are essential since they provide a single block point where security and auditing can be imposed. Firewalls provide an important logging and auditing function; often, they provide summaries to the administrator about what type/volume of traffic has been processed through it. This is an important benefit: Providing this block point can serve the same purpose on your network as an armed guard does for your physical premises.
A firewall is a combination of software and hardware components that controls the traffic that flows between a secure network (usually an office LAN) and an insecure network (usually the Internet). Using rules defined by the system administrator. The firewall sits at the gateway of a network or sits at a connection between the two networks. All traffic, from one network to the other, passes through the firewall. The firewall stops or allows traffic based on the security policy as defined in rules' table.The secure trusted network is said to be 'inside' the firewall; the insecure untrusted network is said to be 'outside' the firewall.The firewall has to be configured to allow some traffic through, otherwise nobody on the inside could access the Internet, nor send Internet e-mail, nor send any information or data from network outside the firewall to the network inside the firewall or vice versa. The fact that it allows some traffic through provides a channel that could potentially be exploited, and could certainly carry viruses.
Firewall architecture is responsible for the standards and frameworks associated with the architecture of sub-networks (aka subnets), which are a subdivision of an IP or TCP/IP network that exposes the company's services to a larger untrusted network, such as the Internet.Firewall architecture is responsible for the standards and frameworks associated with the architecture of sub networks (aka subnets), which are a subdivision of an IP or TCP/IP network that exposes the company’s services to a larger untrusted network, such as the Internet.
In firewall architecture, the architecture of subnet is used to create a DMZ, a term derived from “demilitarized zone,” to create a perimeter of around and between the networks of the enterprise that could be vulnerable to attack from users outside the networks of the company.The global architecture of these subnets has long-term implications to a company’s ability to protect its networks while providing necessary access to support internal communications across data centers, company facilities, and vendors.
Firewall architecture is responsible for the standards and frameworks associated with the architecture of sub-networks (aka subnets), which are a subdivision of an IP or TCP/IP network that exposes the company's services to a larger untrusted network, such as the Internet.The configuration that works best for a particular organization depends on three factors: The objectives of the network, the organization‘s ability to develop and implement the architectures, and the budget available for the function.
Types of Firewall Architecture:
One of the major challenges that companies face when trying to secure their sensitive data is finding the right tools for the job. Even for a common tool such as a ffirewall, many businesses might not have a clear idea of how to find the right firewall (or firewalls) for their needs, how to configure those firewalls, or why such firewalls might be necessary.The first step in finding the right firewalls to protect your company’s data is to know what kind of firewalls there are. Right now, there are five different types of firewall architectures, broadly speaking:
- Packet-filtering firewalls
- Stateful inspection firewalls
- Circuit-level gateways
- Application-level gateways (a.k.a. proxy firewalls)
- Next-gen firewalls
As the most “basic” and oldest type of firewall architecture, packet-filtering firewalls basically create a checkpoint at a traffic router or switch. The firewall performs a simple check of the data packets coming through the router—inspecting information such as the destination and origination IP address, packet type, port number, and other surface-level information without opening up the packet to inspect its contents.If the information packet doesn’t pass the inspection, it is dropped.The good thing about these firewalls is that they aren’t very resource-intensive. This means they don’t have a huge impact on system performance and are relatively simple. However, they’re also relatively easy to bypass compared to firewalls with more robust inspection capabilities.
As another simplistic firewall type that is meant to quickly and easily approve or deny traffic without consuming significant computing resources, circuit-level gateways work by verifying the transmission control protocol (TCP) handshake. This TCP handshake check is designed to make sure that the session the packet is from is legitimate.
While extremely resource-efficient, these firewalls do not check the packet itself. So, if a packet held malware, but had the right TCP handshake, it would pass right through. This is why circuit-level gateways are not enough to protect your business by themselves.
Stateful Inspection Firewalls:
These firewalls combine both packet inspection technology and TCP handshake verification to create a level of protection greater than either of the previous two architectures could provide alone.However, these firewalls do put more of a strain on computing resources as well. This may slow down the transfer of legitimate packets compared to the other solutions.
Proxy Firewalls (Application-Level Gateways):
Proxy firewalls operate at the application layer to filter incoming traffic between your network and the traffic source—hence, the name “application-level gateway.” Rather than letting traffic connect directly, the proxy firewall first establishes a connection to the source of the traffic and inspects the incoming data packet.This check is similar to the stateful inspection firewall in that it looks at both the packet and at the TCP handshake protocol. However, proxy firewalls may also perform deep-layer packet inspections, checking the actual contents of the information packet to verify that it contains no malware.
Once the check is complete, and the packet is approved to connect to the destination, the proxy sends it off. This creates an extra layer of separation between the “client” (the system where the packet originated) and the individual devices on your network—obscuring them to create additional anonymity and protection for your network.If there’s one drawback to proxy firewalls, it’s that they can create significant slowdown because of the extra steps in the data packet transferal process.
Many of the most recently-released firewall products are being touted as “next-generation” architectures. However, there is not as much consensus on what makes a firewall truly next-gen.Some common features of next-generation firewall architectures include deep-packet inspection (checking the actual contents of the data packet), TCP handshake checks, and surface-level packet inspection. Next-generation firewalls may include other technologies as well, such as intrusion prevention systems (IPSs) that work to automatically stop attacks against your network.The issue is that there is no one definition of a next-generation firewall, so it’s important to verify what specific capabilities such firewalls have before investing in one.
Advantages of Firewall:
- It can work at either the software or the hardware level to prevent unwanted outside access to the company's computer system. The firewall basically acts as a guard, identifying each packet of information before it is allowed to pass through.
- A firewall blocks "evil packets" from being "permitted to reach a place where they can do harm," says Terry Gray, Chief Technology Architect for the University of Washington.
- The key issue is not whether to block harmful packets, but where to block them. The individual system's operating system-based firewall can be configured to provide a great deal of security, but a network-based firewall, such as a router, can protect multiple systems simultaneously.
- Perhaps the strongest advantage of a firewall is that it effectively isolates your computer from external threats. According to various studies, Windows computers which did not have a firewall activated upon connecting to the internet were exposed to various forms of cyber threats within a matter of minutes.
- When using a firewall, network administrators can carefully select the specific ports which receive and transmit data for various operations, including web browsing, email communication, and so on.
- This can be immensely powerful in that it will allow you to customize your security protocols depending upon the specific situation at hand and create a tailored experience for each user on the network.
- Given the fact that a firewall is designed to protect a computer from unwanted intrusion, the advantages offered by this technology are priceless.
Disadvantages of Firewall:
- Although firewalls are capable of blocking access to human intruders, they cannot defend against threats posed by malware, such as viruses. If a user on your network inadvertently opens an email containing malware, they may still be able to infect your infrastructure regardless of your firewall.
- With that in mind, it could be argued that one of your firewall's disadvantages is that it cannot exist alone as a comprehensive security tool. Thinking of your firewall as a service rather than a whole defense system is pragmatic and necessary.
Packet filtering by a software firewall can degrade your system's performance, because it's a demanding task to examine every packet of data. A hardware firewall eases this burden.Whichever option you choose, configuring and maintaining the firewall can be a difficult maintenance chore.
A network firewall also can lend users a false sense of security, encouraging them not to maintain security at the machine level. If the network firewall fails or is not configured properly, this could prove disastrous.
Firewalls require less memory, and can be faster for simple filters thatrequire less time to filter than to look up a session. They may also be necessaryfor filtering stateless network protocols that have no concept of a session.However, they cannot make more complex decisions based on what stagecommunications between hosts have reached.Modern firewalls can filter traffic based on many packet attributes like sourceIP address, source port, destination IP address or port, destination service likeWWW or FTP. They can filter based on protocols, TTL values, netblock oforiginator, of the source, and many other attributes. Commonly used packetfilters on various versions of UNIX.