The Lazy Networker

WHAT IS FIREWALL

A firewall is a network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic.

Accept : allow the traffic

Reject : block the traffic but reply with an “unreachable error”

Drop : block the traffic with no reply

A firewall establishes a barrier between secured internal networks and outside untrusted network, such as the Internet.

HISTORY AND NEED FOR FIREWALL

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are rules that determine whether network access should be granted or denied to specific IP address.

But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.

TYPES OF FIREWALL

There are two types of firewalls: software and hardware.

Hardware firewalls are built into network devices such as routers and can protect every single machine on a network and require little configuration to work effectively. They use packet filtering techniques to examine the header of a packet, determining his source and destination and then, comparing the data to a set of predefined rules, they decide whether to drop the packet or forward it to the next step or to its destination.

Software firewalls are the most popular network protection method for home users. They usually come as stand-alone applications or as part of a complete anti virus protection software, such as Kaspersky, AVG etc. Besides providing protection for inbound and outbound traffic, a software firewall can also protect against Trojan or Worm applications and allows various options of control over its functions and features.

GENERATION OF FIREWALL

First Generation- Packet Filtering Firewall : Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports. It analyses traffic at the transport protocol layer (but mainly uses first 3 layers).

Packet firewalls treat each packet in isolation. They have no ability to tell whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets based on unique packet headers.

Second Generation- Stateful Inspection Firewall : Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table.

Third Generation- Application Layer Firewall : Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It has the ability to block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused.

In other words, Application layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection between either side of the firewall, each packet has to pass through the proxy. It can allow or block the traffic based on predefined rules.Note: Application layer firewalls can also be used as Network Address Translator(NAT).

Next Generation Firewalls (NGFW) : Next Generation Firewalls are being deployed these days to stop modern security breaches like advance malware attacks and application-layer attacks. NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern threats.

TOP 5 NEXT GENERATION FIREWALL VENDORS