In today's network environments, firewalls are being used to protect systems from external as well as internal threats. Although firewalls initially became popular in corporate environments, many home networks with a broadband Internet connection now also implement a firewall to protect against Internet borne threats. Essentially, a firewall is an application, device, system, or group of systems that controls the flow of traffic between two networks. The most common use of a firewall is to protect a private network from a public network such as the Internet. However, firewalls are also increasingly being used as a means to separate a sensitive area of a private network from less-sensitive areas. At its most basic, a firewall is a device (it could be a computer system or a dedicated hardware device) that has more than one network interface and manages the flow of network traffic between those interfaces. How it manages the flow and what it does with certain types of traffic depends on its configuration. Figure 8.1 shows the most basic firewall configuration. Figure 8.1. A basic firewall implementation.Strictly speaking, a firewall performs no action on the packets it receives besides the basic functions just described. However, in a real-world implementation, a firewall is likely to offer other functionality, such as Network Address Translation (NAT) and proxy server services. Without NAT, any host on the internal network that needs to send or receive data through the firewall needs a registered IP address. Although there are such environments, most people have to settle for using a private address range on the internal network and therefore rely on the firewall system to translate the outgoing request into an acceptable public network address. Although the fundamental purpose of a firewall is to protect one network from another, you need to configure the firewall to allow some traffic through. If you don't need to allow traffic to pass through a firewall, you can dispense with it entirely and completely separate your network from others. A firewall can employ a variety of methods to ensure security. A firewall can use just one of these methods, or it can combine different methods to produce the most appropriate and robust configuration. The following sections discuss the various firewall methods that are commonly used: packet-filtering firewalls, circuit-level firewalls, and application gateway firewalls. Packet-filtering FirewallsOf the firewall methods discussed in this chapter, packet filtering is the most commonly implemented. Packet filtering enables the firewall to examine each packet that passes through it and determine what to do with it, based on the configuration. A packet-filtering firewall deals with packets at the data-link and network layers of the Open Systems Interconnect (OSI) model. The following are some of the criteria by which packet filtering can be implemented:
Circuit-level FirewallsCircuit-level firewallsare similar in operation to packet-filtering firewalls, but they operate at the transport and session layers of the OSI model. The biggest difference between a packet-filtering firewall and a circuit-level firewall is that a circuit-level firewall validates TCP and UDP sessions before opening a connection, or circuit, through the firewall. When the session is established, the firewall maintains a table of valid connections and lets data pass through when session information matches an entry in the table. The table entry is removed, and the circuit is closed when the session is terminated. Application Gateway FirewallsThe application gateway firewall is the most functional of all the firewall types. As its name suggests, the application gateway firewall functionality is implemented through an application. Application gateway firewall systems can implement sophisticated rules and closely control traffic that passes through. Features of these firewalls can include user authentication systems and the capability to control which systems an outside user can access on the internal network. Some also provide bandwidth control mechanisms. Because application gateway firewalls operate above the Session layer of the OSI model, they can provide protection against any software-based network traffic that attempts to pass through them.
Firewalls are now a common sight in businesses and homes alike. As the Internet becomes an ever more hostile place, firewalls and the individuals who understand them are likely to become an essential part of the IT landscape. |