The first time I came across the term “Firewall” for computers, I thought about an actual wall that protects a computer device from a real fire.When addressing this newly learned idea to my parents, I was quickly let down to know that a “Firewall” was a computing device both in physical and software form.I was nine years old, so you should cut me some slack.Or, maybe I was dumb…
Before getting into the three types of firewalls, let’s take a moment to talk about the purpose of a firewall.
A Firewall is a:
“Network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.”
A Firewall can take both a physical (hardware) form and a software form.
Why are Firewall’s in use?
Firewalls provide two key purposes:To deflect traffic which is either malicious or not purposeful.To monitor traffic being requested and appended towards a particular host or purpose.
See the picture below for a visualization:
Firewalls preform different tasks.These firewall functions include:packet filters, stateful inspections, and proxy server firewalls.
Packet Filers:Analyze the incoming and outgoing packets.These packets are either blocked or passed by comparing against pre-established criteria (port number, IP address, packet type, etc).
Stateful Inspection:Examines the traffic end-to-end.These firewalls identify traffic through the packet headers and inspecting the state of the packets.These firewalls are considered more secure than packet filters.
Proxy Server Firewalls:Filters network traffic through the application layer.These firewalls limit the traffic type and are considered the most secure out of the three.
A Network Based Firewall routes traffic from one network to another.
A Network Based Firewall allows the TCP/IP protocol stack packets to pass through the firewall through an established rule set.Often, these network rules are either:default set rules from a list or an administrator can override these rules, changing what can be passed or denied.
Within Network Based Firewalls are stateful and stateless types:
Stateful:The use of active sessions is provided allowing for speed packet processing.Tables containing this state information can allow the packet to flow through if the ruleset is predefined.If the packet is foreign to this state table, then it will be evaluated according to the rule pertaining to new connections.(Stateful Inspection)
Stateless:Simple filters that require less time to look up a packet’s session.Stateless Firewalls are often used when there is no concept of a packet session.If the packet session is more advanced, stateless firewalls fail to make this complex decision.(Packet Filer)
An Application Firewall works with the TCP/IP stack.
In the most basic words:An Application Firewall can intercept all packets traveling to or from an application.
If the Firewall deems that a packet is not necessary or contains malicious content then the packet is dropped.With restrictions to computer worms, Application Firewalls add an extra layer to packets traveling to their destination.
Next generation Application Firewalls rely on the MAC address of devices to protect against weaknesses.
Upon looking up Application Firewall on Google, many competitive vendors provide a Web Application Firewall service (WAF) without the need of hardware or software: CloudFlare, Signal Sciences, AVI Networks to name a few.
Like the name suggests, a WAF filters Internet traffic.
(Proxy Server Firewall)
A Proxy Server responds to input packets and blocks other packets.A Proxy Server can be dedicated on a hardware device or as software.
A Proxy Server acts as an entry point from one network to another on behalf of the user.This allows for the entry of an internal system from the external network more difficult.
Proxy Server Firewalls can mask the IP address and limit the different traffic types.They are protocol-aware which provides security analysis.
(Proxy Server Firewall)
Each type of Firewall provides an extra layer of security among a device.It is wise to familiarize yourself with each type of Firewall as one provides something extra or unique over another.It is ultimately up to a vendor to decide what kind of Firewall is needed, but in the end, a Firewall’s job is to protect and monitor what kind of network connections and packets are allowed or denied access based on analysis.