How to Distinguish Each Type of Firewall
Many blogs ago, we provided an introduction to firewalls. Given time to absorb this information, we thought it time to delve into the world of firewalls once again, exploring more types of firewall and the similarities and differences between each kind.
To recap, firewalls are software or hardware components designed to protect networks from each other. Most IT professionals are aware that two or three types of firewall that exist. However, there are actually five different firewalls available on the market.
Sometimes referred to as Layer 3 firewalls, packet filtering firewalls garner information from the source and destination addresses and ports in IP packets. The data that is gathered can then allow the packet filtering firewall to make a decision.
Packet filtering firewalls are the most basic form of firewall protection and are able to process information via a simple sorting algorithm. Packet filtering can be performed by a number of network devices and is usually implemented when you download free firewall software. This means that most packet filtering firewalls allow the user a level of control. Larger networks should steer clear of packet filtering firewalls as use can result in complex issues with configuration. However, they are ideal for small networks.
There are only two real downsides to packet filtering. The firewall has no logging capability, so distinguishing if it is being attacked can be difficult. Furthermore, it cannot be used for content-based filtering.
Circuit-level gateway firewalls are used to filter traffic between the internal trusted host and external trusted host. Similarities are often drawn between application gateways (proxy firewalls), but they do differ. The task of a circuit-level gateway is to ensure that packets involved in completing the circuit between two hosts are working correctly. Once a connection has been established, the firewall is no longer required to monitor the packets. However, this can cause an issue as the connection is then open to attack thereafter.
There are some great benefits to employing circuit-level gateways, one being that they are simple and comparatively inexpensive to implement. Furthermore, they don’t need a separate proxy server for each application which results in an avoidance of filtering individual packets.
Stateful Inspection Firewalls
Also, known as dynamic packet filtering or multi-layer firewalls, stateful inspection is a firewall technology that monitors all active TCP and UDP connections. These firewalls use the information from monitoring to determine which network packets to allow through the firewall. Only packets matching a known active connection are allowed to pass the firewall and it is a security feature prevalent in most business networks.
Stateful inspection is an evolution from static packet filtering, within which only the header of packets could be analysed. This meant that an attacker could get information through a firewall by indicating ‘reply’ in the header. Stateful inspection now not only monitors the header of packets but all the way down to the application layer (ALG).
Like a cache server or proxy server, proxy firewalls are a midway between in-house networks and servers on the internet. They work by filtering information at the application level, meaning greater protection for network resources. In addition to interrupting internet requests, proxy firewalls also allow and deny incoming traffic for the likes of protocols such as HTTP and FTP (Layer 7). Proxy firewalls use deep packet inspection and stateful inspection to determine if incoming traffic is safe or harmful.
Proxy firewalls have their own IP address which prevents direct network contact with other systems and is championed as the most secure type of firewall available. Unlike many of the other types of firewall, they also have extensive logging capabilities which is ideal when investigating security breaches.
Although proxy firewalls are extremely safe, they do have two negative impacts. Firstly, because proxy firewalls run on their own IP address, the firewall itself can become a bottleneck as numerous outgoing and incoming packets are established. Also, proxy firewalls often support only the most popular network protocols, thereby presenting restrictions on the applications a network can support.
As the name suggests, hybrid firewalls are a complex mix of some of the firewalls already discussed. Most of the confusion sets in between packet filtering firewalls, proxy firewalls, and circuit-gateway firewalls. Although the distinctions between the three are obvious, when melded together, firewall products cannot be distinguished as one specific type; they are a fusion. One of the most popular firewalls available is a basic packet filtering device that also supports proxies for two of the most common IP and TCP services. The future of firewalls suggests that further evolution between proxy firewalls and circuit-gateway firewalls will be introduced, with features of each being implemented in the other.