Firewalls, regardless of how complex in design and implementation, have a simple responsibility to act as security policy enforcement points. Firewalls can do this by inspecting the data that is received and tracking the connections that are made to determine what data should be permitted and what data should be
Any number of motivations drive people to develop threats to our systems. By examining the threats and the appropriate responses, you can develop a security policy that minimizes the risk presented by a threat through the proper implementation and configuration of a firewall. Although a firewall cannot prevent all attacks, it is one of the best
Chapter 2. Firewall Basics
This chapter covers the basics of firewalls. Firewalls can be distinguished in a variety of ways: from the
This chapter provides a high-level overview of the various firewall products discussed throughout the book.
Firewalls come in various sizes and flavors. The most typical idea of a firewall is a dedicated system or appliance that sits in the network and segments an "internal" network from the "external" Internet. Most home or SOHO networks use an appliance-based device for broadband connectivity that includes a built-in firewall. In general, firewalls can be categorized under one of two general types:
The primary difference between these two types of firewalls simply boils down to the number of
The preceding list describes general classes of firewalls but, as discussed later, many network firewalls represent hybrids of the
Figure 2-1 shows a breakdown of the various firewall types currently available. This figure does not provide complete details of the various capabilities within each firewall type but rather shows the general taxonomy of the different firewalls available in the two primary types: personal/desktop firewalls and network firewalls.
Figure 2-1. Firewall Taxonomy
Given these various firewall types available, users may have a hard time identifying exactly what they need. In many cases, costs represent a driving factor in the purchase of a firewall, but knowing which types of firewalls are available and what capabilities they provide helps users make a more informed final decision.
Personal firewalls are designed to protect a single host from unauthorized access. Over the
Whereas personal firewalls make immense sense in the SOHO and home user market because they provide the end
Network firewalls are designed to protect whole networks from attack. Network firewalls come in two primary forms: a dedicated appliance or a firewall software suite installed on top of a host operating system. Examples of appliance-based network firewalls include the Cisco PIX, the Cisco ASA, Juniper's NetScreen firewalls, Nokia firewalls, and Symantec's Enterprise Firewall. The more popular software-based firewalls include Check Point's Firewall-1 NG or NGX Firewalls, Microsoft ISA Server, Linux-based IPTables, and BSD's pf packet filter. The Sun Solaris operating system has, in the past, been bundled with Sun's enterprise firewall, SunScreen. With the release of Solaris 10, Sun has begun bundling the
Many network firewalls provide enterprise users the maximum flexibility and protection in a firewall system. These firewalls have over the past few years incorporated many new features such as in-line intrusion detection and prevention as well as virtual private network (VPN) termination capabilities both for LAN-to-LAN VPNs as well as remote-access-user VPNs. Another feature that has been introduced into network firewalls is a deep packet-inspection capability. The firewall can identify traffic requirements not just by looking at Layer 3 and Layer 4 information but by delving all the way into the application data so that the firewall can make decisions as to how to best handle the traffic flow. This evolution in firewall design and capabilities has led to the development of a new firewall product, the integrated firewall, which is covered in more detail in the