Packet Filtering Firewall - First Generation

n Screening Router
n Operates at Network and Transport level
n Examines Source and Destination IP Address
n Can deny based on ACLs
n Can specify Port
Application Level Firewall - Second Generation
n Proxy Server
n Copies each packet from one network to the other
n Masks the origin of the data
n Operates at layer 7 (Application Layer)
n Reduces Network performance since it has do analyze each packet and decide wh
at to do with it.
n Also Called Application Layer Gateway
Stateful Inspection Firewalls
Third Generation
n Packets Analyzed at all OSI layers
n Queued at the network level
n Faster than Application level Gateway
Dynamic Packet Filtering Firewalls Fourth Generation
n Allows modification of security rules
n Mostly used for UDP
n Remembers all of the UDP packets that have crossed the network s perimeter, and
it decides whether to enable packets to pass through the firewall.
Kernel Proxy

Fifth Generation

n Runs in NT Kernel
n Uses dynamic and custom TCP/IP-based stacks to inspect the network packets an
d to enforce security policies.