Firewall 101

Firewalls are the main line of defense for protecting the resources on the inside of an enterprise network from the Internet. Firewalls protect resources like computers, applications, servers, etc. that are present in the LAN from external attacks.

Firewalls can be broadly defined as a set of programs that work together at the server or the gateway level to collectively protect the assets of the company from external attacks.

There are two broad classes of firewalls: hardware firewalls and software firewalls.

Software firewalls are applications that provide security functionality, but these need to be installed on a host operating system. These operating systems can be either Windows, Linux, Unix, or any other OS that has networking capabilities.

Hardware firewalls on the other hand are dedicated appliances that have been purpose-built for providing security. These appliances would normally have proprietary operating systems that have been made particularly for the purpose of providing gateway-level security.

Organizations normally select firewalls based on requirements and performance options including:

  • The architecture of the firewall
  • The number of concurrent sessions the firewall is capable of handling
  • The different types of external access required
  • Support for VPN
  • The number of concurrent VPN sessions that are supported
  • The management interface (web, command, or console-based)
  • High availability

The above list is not exhaustive but provides a general idea as to the features organizations will be looking at when choosing a firewall.

There are basically three types of firewalls that can be used to protect the resources of the organizations and they work at three different levels of the network stack:

Packet Filtering Firewalls: Every firewall checks packets at its most basic level. A packet-filtering firewall checks each and every packet that passes through it and based on the rules that have been defined, it makes a decision whether to allow the packet to pass through or not.

Packet filtering firewalls will check for the header data of the packet and the content as well. The main advantages of packet filtering firewalls are that they are fairly simple and cost-effective. Most software-based firewalls are packet-filtering firewalls. The decisions are made based on the rules that have been set by the users based on the types of network traffic they want to allow and disallow. The current version of the Windows firewall is a packet filtering firewall. Packet filtering firewalls work at the network layer of the TCP/IP stack.

Circuit-Level Firewalls: Circuit-level firewalls which work at the transport layer of the TCP/IP stack not only do simple packet filtering and base decisions on that but also check if the connection itself is valid according to the set of rules that have been applied. The other decision criteria may involve the source authenticity, the time of day, the IP address and port, the protocol, usernames, etc. So effectively there are more decision criteria for a circuit-level firewall than just simple packet filtering. The drawback though with circuit-level firewalls is that they work at the transport layer and hence this involves changing the transport layer programming which might affect the performance of the system. Also, circuit-level firewalls need more expertise for installation and maintenance.

Application-Level Firewalls: As the name suggests, application-level firewalls work at the application level and they act more or less as application-level proxies between communicating parties. The effective idea is to hide the identity of systems and servers behind the firewall from the external world. Application-level firewalls are so sophisticated that they can allow for configuration even as far as having the capability of allowing only specific commands through the firewall. The same technology can be used to block or allow specified file types. Access levels for authenticated as well as unauthenticated users can also be applied. Application-level firewalls are used by administrators who are in need of detailed logging facilities. Application-level firewalls are normally used along with application-level proxies for better performance.

Stateful Firewalls: These firewalls are the latest in the evolution cycle of firewalls and are considered to be the best of the breed. Stateful firewalls are firewalls with the capabilities of all of the above types of firewalls. They are able to do packet filtering at the circuit level known as stateful filtering and are also capable of making decisions based on applications.

Previously logging didn’t have much importance in the world of networking. But since the last decade or so, logging of network traffic and activities is of paramount importance for reasons of compliance with regulatory laws, international standards, etc. For this reason, each and every type of firewall can now be enhanced through add-ons for logging which prove to be very useful in today’s world.