You are on page 1of 5


The increasing complexity of networks, and the need to make them more open due to the growing emphasis on and attractiveness of the Internet as a medium for business transactions, mean that networks are becoming more and more exposed to attacks, both from without and from within. The search is on for mechanisms and techniques for the protection of internal networks from such attacks. One of the protective mechanisms under serious consideration is the firewall. A firewall protects a network by guarding the points of entry to it. Firewalls are becoming more sophisticated by the day, and new features are constantly being added, so that, in spite of the criticisms made of them and developmental trends threatening them, they are still a powerful protective mechanism. This article provides an overview of firewall technologies. Keywords: Firewall technologies, network security, access control, security policy, protective mechanisms. INTRODUCTION TO FIREWALLS A firewall is a hardware or software system that prevents unauthorized access to or from a network. They can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the Intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.

3.2 What are the basic types of firewalls?
Conceptually, there are two types of firewalls: 1. Network layer 2. Application layer They are not as different as you might think, and latest technologies are blurring the distinction to the point where it's no longer clear if either one is ``better'' or ``worse.'' As always, you need to be careful to pick the type that meets your needs. Which is which depends on what mechanisms the firewall uses to pass traffic from one security zone to another. The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that ``higher-level'' layers depend on. In order from the bottom, these layers are physical, data link, network, transport, session, presentation, application.

Network layer firewalls tend to be very fast and tend to be very transparent to users.2. a network layer firewall called a ``screened host firewall'' is represented. access to and from a single host is controlled by means of a router operating at a network layer. so to use one you either need to have a validly assigned IP address block or to use a ``private internet'' address block [3]. a highly-defended and secured strong-point that (hopefully) can resist attack. and now maintain internal information about the state of connections passing through them. but are easier to fool into doing the wrong thing. In a screened host firewall. since it is not able to make particularly sophisticated decisions about what a packet is actually talking to or where it actually came from. the contents of some of the data streams. A simple router is the ``traditional'' network layer firewall. and so on. Generally speaking. destination addresses and ports (see Appendix C for a more detailed discussion of ports) in individual IP packets. Figure 1: Screened Host Firewall In Figure 1. The single host is a bastion host. 3. lower-level firewalls are faster. the less examination the firewall can perform.The important thing to recognize is that the lower-level the forwarding mechanism.1 Network layer firewalls These generally make their decisions based on the source. One thing that's an important distinction about many network layer firewalls is that they route traffic directly though them. . Modern network layer firewalls have become increasingly sophisticated.

and which perform elaborate logging and auditing of traffic passing through them. except that it is. effectively. Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls such as those built using the TIS firewall toolkit. It is similar to a screened host. Figure 3: Dual Homed Gateway .2 Application layer firewalls These generally are hosts running proxy servers. access to and from a whole network is controlled by means of a router operating at a network layer. In a screened subnet firewall. Since the proxy applications are software components running on the firewall. Modern application layer firewalls are often fully transparent. Application layer firewalls can be used as network address translators. which permit no traffic directly between networks. after having passed through an application that effectively masks the origin of the initiating connection.2. are not particularly transparent to end users and may require some training. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls. since traffic goes in one ``side'' and out the other. a network of screened hosts. a network layer firewall called a ``screened subnet firewall'' is represented. 3.Figure 2: Screened Subnet Firewall Example Network layer firewall : In figure 2. it is a good place to do lots of logging and access control.

which serves as an intermediary. It is likely that network layer firewalls will become increasingly ``aware'' of the information going through them. traffic does not flow through a proxy. but this is at the expense of speed and functionality. It has two network interfaces. . This prevents direct connections between systems on either side of the firewall and makes it harder for an attacker to discover where the network is. Why are they more secure? Unlike stateful firewalls. firewalls (network and application layer) incorporate encryption so that they may protect traffic passing between them over the Internet. or application layer firewalls. because they will never receive packets created directly by their target system. which allow or block network packets from passing to and from a protected network. Instead. as they can limit which applications your network can support. and blocks all traffic passing through it. computers establish a connection to the proxy. The end result will be a fast packet-screening system that logs and audits data as it passes through. and application layer firewalls will become increasingly ``low level'' and transparent. Firewalls with end-to-end encryption can be used by organizations with multiple points of Internet connectivity to use the Internet as a ``private backbone'' without worrying about their data or passwords being sniffed PROXY FIREWALLS Proxy firewalls offer more security than other types of firewalls. an application layer firewall called a ``dual homed gateway'' is represented. one on each network. A dual homed gateway is a highly secured host that runs proxy software. Increasingly. and initiate a new network connection on behalf of the request. The Future of firewalls lies someplace between network layer firewalls and application layer firewalls.Example Application layer firewall : In figure 3.

This allows them to make better security decisions than products that focus purely on packet header information.Proxy firewalls also provide comprehensive. . protocol-aware security analysis for the protocols they support.