Firewalls are categorized as different types based on how they deal with network traffic and the layer of the OSI model at which they operate (if you need a refresher on the OSI model, take a look back at Chapter 5, "Network Protocols: Real and Imagined"). The higher the layer of the OSI model at which the firewall operates, the more sophisticated the firewall. Here are some specifics:
Packet filter firewall . This type of firewall uses a set of rules to determine whether outgoing or incoming data packets are allowed to pass through the firewall. The rules or filters designed to control the data traffic allowed by the firewall can be based on the IP address of the sending device and the particular port being used by the protocol that originated the data packet. A packet filter firewall moves data quickly and is the simplest type of firewall. It operates at the Data Link and Network layers of the OSI model. A router that uses access lists (rules for allowing or disallowing connections based on IP addresses) to filter data traffic can be considered a packet filter firewall.
Circuit-level firewall . This type of firewall is similar to the packet filter firewall (in that it filters packets based on a set of rules), but because circuit-level firewalls operate at the Transport layer of the OSI model, they have greater functionality. A circuit-level firewall can make packets sent from the internal network to a destination outside the firewall appear as if they originated at the firewall. This helps to keep information relating to hosts on the internal network secret. Circuit-level firewalls also can determine whether a connection between a network host and a computer on the other side of the firewall using the TCP protocol has been established appropriately (see Chapter 5 for more about TCP). If the connection has not been established appropriately, the firewall can terminate the connection. This cuts off any connection that has been hijacked by an outside attacker trying to sneak past the firewall.
Application-gateway firewall . This type of firewall operates at the Application layer of the OSI model. Application gateways use strong user authentication to verify the identify of a host attempting to connect to the network using a particular TCP/IP Application layer protocol such as Telnet or FTP. This type of firewall can also actually control the devices that an external host can connect to once the firewall has authenticated that particular user. Application gateways are even effective against IP spoofing (discussed earlier in the chapter) because they do not allow the connection to proceed inside the firewall unless the user can truly be authenticated to the network.
| || |
Many firewalls also have proxy server capabilities and use Network Address Translation (NAT) to protect the internal network. For more about proxy servers and NAT, take a look back at Chapter 15, "Connecting a Network to the Internet."
You will find that some firewall products are actually a hybrid of the types of firewalls discussed here. For example, a firewall might combine circuit-level capabilities with application-gateway services.
The deployment of firewalls and the development of new firewall products are both proceeding at seemingly breakneck speed. Major news stories on the cracking of big corporate and government networks have only lead to a rise in the purchasing of firewalls and the manufacturing of more secure firewall products.
You will find that most of the network operating systems available also provide some sort of firewall protection. This includes NetWare, Linux, and Windows Server 2003.