Tuesday, August 20, 2013

Firewall

A firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on a rule set. Generally, firewalls are configured to protect against unauthenticated interactive logins from the outside world. This helps prevent hackers from logging into machines on a network.




Firewalls also provide logging and auditing functions; often they provide summaries to the administrator about what type/volume of traffic has been processed through.







Network Layer Firewalls

Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through unless they match the established rule set. Network layer firewalls generally make their decisions based on the source address, destination address and ports in individual IP packets.



“Stateful” network layer firewalls maintain context about active sessions, and use that "state information" to speed packet processing. If a packet does not match an existing connection, it will be evaluated according to the ruleset for new connections. If a packet matches an existing connection based on comparison with the firewall's state table, it will be allowed to pass without further processing.



“Stateless” network layer firewalls require less memory, and can be faster for simple filters that require less time to filter than to look up a session. However, they cannot make more complex decisions based on what stage communications between hosts have reached.



Application Layer Firewalls

Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application.



Application firewalls function by determining whether a process should accept any given connection. Application firewalls accomplish their function by hooking into socket calls to filter the connections between the application layer and the lower layers of the OSI model. Also, application firewalls further filter connections by examining the process ID of data packets against a ruleset for the local process involved in the data transmission.



Proxies

A proxy server (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. A proxy server is a gateway from one network to another for a specific network application, in the sense that it functions as a proxy on behalf of the network user.



Computers establish a connection to the proxy, which serves as an intermediary, and initiate a new network connection on behalf of the request. This prevents direct connections between systems on either side of the firewall and makes it harder for an attacker to discover where the network is, because they will never receive packets directly by their target system.



References:

http://searchnetworking.techtarget.com/tutorial/Introduction-to-firewalls-Types-of-firewalls

http://en.wikipedia.org/wiki/Firewall_(computing)



No comments:

Post a Comment