An Introduction to Firewalls
Essentially, firewalls are software or hardware components designed to protect networks from each other. They are used for controlling the traffic entering and leaving. Think of them as the security detectors in airports; anything untoward and you are turned away.
Firewalls use filters to manage the traffic. These filters are a set of rules that must be abided by to be allowed entry; a little bit like a dress code at a nightclub. If the packet matches the criteria laid out in the rules then action can be applied. If no match, no action is taken. There are 3 common outcomes for the action; allow, deny, log.
Allow will let the packet continue to its destination. Deny would discard the packet. Log would record the details of the packet.
The rules in the firewall have different levels of priority and the packets will go through each round to distinguish if they will be allowed to continue. Generally there are specific rules, followed by a general rule and a universal rule (which is denial). If a packet fails to match any earlier rules, it is instant denial. Only packets that abide by the custom made rules pass the security barrier.
Firewalls are also used in intrusion prevention and detection systems to block malicious traffic. There are four basic types of firewall that can be implemented:
Circuit-Level Gateway Firewall
This type of firewall is used to filter traffic between the internal trusted host and external trusted host. This firewall has a primary job; ensuring that packets involved in completing the circuit between the two hosts are working correctly. Once the connection has been made between internal and external host, the firewall is no longer needed to monitor the packets.
Packet Filtering Firewall
These firewalls are also often referred to as routers. These firewalls filter based on the information placed in the packet header, such as source address, destination, port number protocols etc.
Application-Level Gateway Firewall
These are focused on the aspects of specific applications as well as the actual content in it. Application-level gateway firewalls are used to filter traffic based on group membership, user group, application or services used, and also the type of resources being transmitted.
Stateful Inspection Firewall
Stateful firewalls monitor all active TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) connections. This firewall is configured to distinguish legitimate packets for different types of connections. Only packets matching a known active connection are allowed to pass the firewall. SPI (stateful packet inspection), also referred to as dynamic packet filtering, is a security feature often included in business networks.