Sei sulla pagina 1di 6

A firewall is an appliance, or software running on a computer, which inspects network traffic passing through it, and after inspecting

the traffic it denies or permits the traffic passage based on a set of rules. Basically a firewall operates between the networks of different trust levels such as an internal network which is a zone of higher trust and an external network which is a zone with no trust. A zone with intermediate trusted level zone situated between internal and external network is Demilitarized zone (DMZ). A Firewall is a program or hardware device that protects the resources of a private network from users of the others networks. A firewall acts as a wall around the network that allows only authenticated users to access network resources, and it restricts attackers form entering the networks by denying them access. Today, most organizations rely heavily on firewalls for their internal security. A firewall without proper configuration is worthless

What are the basic types of firewalls?


Conceptually, there are two types of firewalls: 1. Network layer 2. Application layer They are not as different as you might think, and latest technologies are blurring the distinction to the point where it's no longer clear if either one is ``better'' or ``worse.'' As always, you need to be careful to pick the type that meets your needs. Which is which depends on what mechanisms the firewall uses to pass traffic from one security zone to another. The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that ``higher-level'' layers depend on. In order from the bottom, these layers are physical, data link, network, transport, session, presentation, application. The important thing to recognize is that the lower-level the forwarding mechanism, the less examination the firewall can perform. Generally speaking, lower-level firewalls are faster, but are easier to fool into doing the wrong thing.

3.2.1 Network layer firewalls


These generally make their decisions based on the source, destination addresses and ports (see Appendix C for a more detailed discussion of ports) in individual IP packets. A simple router is the ``traditional'' network layer firewall, since it is not able to make particularly sophisticated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly sophisticated, and now maintain internal

information about the state of connections passing through them, the contents of some of the data streams, and so on. One thing that's an important distinction about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a ``private internet'' address block [3]. Network layer firewalls tend to be very fast and tend to be very transparent to users.

Figure 1: Screened Host Firewall

In Figure 1, a network layer firewall called a ``screened host firewall'' is represented. In a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highly-defended and secured strong-point that (hopefully) can resist attack.

Figure 2: Screened Subnet Firewall

Example Network layer firewall : In figure 2, a network layer firewall called a ``screened subnet firewall'' is represented. In a screened subnet firewall, access to and from a whole network is controlled by means of a router operating at a network layer. It is similar to a screened host, except that it is, effectively, a network of screened hosts.

3.2.2 Application layer firewalls


These generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. Since the proxy applications are software components running on the firewall, it is a good place to do lots of logging and access control. Application layer firewalls can be used as network address translators, since traffic goes in one ``side'' and out the other, after having passed through an application that effectively masks the origin of the initiating connection. Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls such as those built using the TIS firewall toolkit, are not particularly transparent to end users and may require some training. Modern application layer firewalls are often fully transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls.

Figure 3: Dual Homed Gateway

Example Application layer firewall : In figure 3, an application layer firewall called a ``dual homed gateway'' is represented. A dual homed gateway is a highly secured host that runs proxy software. It has two network interfaces, one on each network, and blocks all traffic passing through it. The Future of firewalls lies someplace between network layer firewalls and application layer firewalls. It is likely that network layer firewalls will become increasingly ``aware'' of the information going through them, and application layer firewalls will become increasingly ``low level'' and transparent. The end result will be a fast packet-screening system that logs and audits data as it passes through. Increasingly, firewalls (network and application layer) incorporate encryption so that they may protect traffic passing between them over the Internet. Firewalls with end-to-end encryption can be used by organizations with multiple points of Internet connectivity to use the Internet as a ``private backbone'' without worrying about their data or passwords being sniffed.

Types of Firewalls Network Layer and Packet Filters Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. Network layer firewalls generally fall into two sub-categories, Stateful Firewalls Stateless Firewalls

Stateful firewalls Stateful firewalls maintain context about active sessions, and use that state information to speed packet processing. Any existing network connection can be described by several properties, including source and destination IP address, UDP or TCP ports, and the current stage of the connections lifetime (including session initiation, handshaking, data transfer, or completion connection). If a packet does not match an existing connection, it will be evaluated according to the rule-set for new connections. If a packet matches an existing connection based on comparison with the firewalls state table, it will be allowed to pass without further processing. Means when a new packet comes then this type of firewall inspects that packet to check whether it is a new packet and allows that packet towards it destination if that packet fulfill the criteria made by the administrator of the organization listed within the rule-sets of the firewall. If the packet is already a part of some previous connection then the firewall allows that packet to pass through without being inspected. Stateless Firewall Stateless firewalls require less memory, and can be faster for simple filters that require less time to filter than to look up a session. Hence these firewalls operate fast than that of the Stateful firewall as these firewalls have no concept of a session. However, they cannot make more complex decisions based on what stage communications between hosts have reached. Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes. Case-1: In most firewall implementations, it is relevant to allow a response to an internal request for information. Source Destination-> 1023 Source Port-> Any Destination Address->10.10.10.0 Destination Port->Any Action->Allow Case-2: Generally it is good to allow all internal traffic out. Source Destination->10.10.10.0 Source Port-> Any Destination Port -> Any Action->Allow

Destination Address-> Any

Case-3: Example of firewall rule for SMTP, allows packets governed by this protocol to access local SMTP Gateway (10.10.10.6). Source Destination->Any Source Port-> Any Destination Address-> 10.10.10.6 Destination Port -> Any Action->Deny Application Layer Firewall

This type of firewall operates at Application Layer. It uses various proxy servers to proxy the traffic instead of routing it on network. As this firewall operates on Application Layer it can inspects the contents of the traffic and based upon the view of the administrator for the inappropriate contents, such as certain websites, viruses, attempts to exploit known logical flaws in client software( such as web applications), and so forth the firewall allows or blocks the traffic through it. Personal Firewalls If the computer is not protected when the user connects to the Internet, hackers can gain access to personal information from the computer. They can install code on the computer that destroys files or causes malfunctions. They can also use users computer to cause problems on other home and business computers connected to the Internet. A firewall places a virtual barrier between the computer and hackers, who might seek to delete information from the computer, make it crash, or even steal personal information. A firewall helps to screen out many kinds of malicious Internet traffic before it reaches to the users system. Using a firewall is important no matter how the user connects to the Internet dial-up modem, cable modem, or digital subscriber line (DSL or ADSL).

The firewall serves as the primary defense against a variety of computer worms that are transmitted over the network. It helps to protect the computer by hiding it from external users and preventing unauthorized connections to the computer