Introduction to firewalls: Types of firewall

What is a network firewall? What types of firewalls are there, and which kind best protects your company's data? All of these questions, and more, are answered in our network security firewall guide. Learn how to keep your network secure without slowing it down or causing latency. Understand everything from unified threat management (UTM) and proxys to purchasing advice and firewall placement. This page intoduces you to what a firewall is and which types exist. Click on the table of contents below to learn about the different aspects of firewalls.

Introduction to firewalls
Types of firewalls
      → Network layer
      → Application layer
      → Proxy
      → UTM
Firewall know-how
      → Who is responsible for firewalls?
      → Are two firewalls better than one?
      → Placement of a firewall
Firewalls for network security and auditing
      → Firewall security risks
      → Auditing firewall activity
Firewall purchasing advice

Introduction to firewalls

Why do you need a firewall? Read Chapter 1 of Firewalls for Dummies: Why do you need a firewall? to understand their purpose.

A firewall is a hardware or software system that prevents unauthorized access to or from a network. They can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the Intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.

Generally, firewalls are configured to protect against unauthenticated interactive logins from the outside world. This helps prevent hackers from logging into machines on your network. More sophisticated firewalls block traffic from the outside to the inside, but permit users on the inside to communicate a little more freely with the outside.

This information was excerpted from Firewall.cx creator Chris Partsenidis' tip Introduction to firewalls.

Introduction to types of firewalls

Security expert Michael Gregg says the National Institute of Standards and Technology (NIST) 800-10 divides firewalls in to five basic types:

• Packet filters
• Stateful Inspection
• Proxys
• Dynamic
• Kernel

In reality, these divisions are not quite that simple as most modern firewalls have a mix of abilities that place them in more than one of the categories shown above. The NIST document provides more details into each of these categories.

To simplify the most commonly used firewalls, expert Chris Partsenidis breaks them down into two categories: application firewalls and network layer firewalls. The International Standards Organization (ISO) Open Systems Interconnect (OSI) model for networking defines seven layers, where each layer provides services that higher-level layers depend on. The important thing to recognize is that the lower-level the forwarding mechanism, the less examination the firewall can perform.

To see a more in-depth description of the OSI layer, see Michael Gregg's OSI -- Securing the stack tip series.

Network layer firewalls

Network layer firewalls generally make their decisions based on the source address, destination address and ports in individual IP packets. A simple router is the traditional network layer firewall, since it is not able to make particularly complicated decisions about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly more sophisticated, and now maintain internal information about the state of connections passing through them at any time.

One thing that's an important difference about many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly-assigned IP address block or a private Internet address block. Network layer firewalls tend to be very fast and almost transparent to their users.

This information was excerpted from Chris Partsenidis' tip Introduction to firewalls.

Application layer firewalls

Run-of-the-mill network firewalls can't properly defend applications. As Michael Cobb explains, application-layer firewalls offer Layer 7 security on a more granular level, and may even help organizations to get more out of existing network devices.

Cobb explains fully in his article "Defending Layer 7: A look inside application-layer firewalls."

Having an application in the way in some cases may impact performance and may make the firewall less transparent. Early application layer firewalls are not particularly transparent to end-users and may require some training. However more modern application layer firewalls are often totally transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls.

Mike Chapple explains how a carefully deployed application firewall can plug a critical hole in an enterprise's defenses in this tip: "Building application firewall rule bases."

The future of firewalls sits somewhere between both network layer firewalls and application layer firewalls. It is likely that network layer firewalls will become increasingly aware of the information going through them, and application layer firewalls will become more and more transparent. The end result will be kind of a fast packet-screening system that logs and checks data as it passes through.

This information was excerpted from Chris Partsenidis' tip Introduction to firewalls.

Proxy firewalls

Proxy firewalls offer more security than other types of firewalls, but this is at the expense of speed and functionality, as they can limit which applications your network can support. So, why are they more secure? Unlike stateful firewalls, which allow or block network packets from passing to and from a protected network, traffic does not flow through a proxy. Instead, computers establish a connection to the proxy, which serves as an intermediary, and initiates a new network connection on behalf of the request. This prevents direct connections between systems on either side of the firewall and makes it harder for an attacker to discover where the network is, because they will never receive packets created directly by their target system.

Proxy firewalls also provide comprehensive, protocol-aware security analysis for the protocols they support. This allows them to make better security decisions than products that focus purely on packet header information.

Read the rest of this expert response on proxy firewalls excerpted from SearchSecurity.com.

Unified threat management

A product category called unified threat management (UTM) has emerged. These devices promise integration, convenience and protection from pretty much every threat out there -- and are especially valuable to small and medium-sized businesses (SMBs).

To learn about the evolution of UTM, UTM adoption decisions and vendor offerings, view this tip from security specialist Mike Rothman.

Security expert Puneet Mehta defines unified threat management as a firewall appliance that not only guards against intrusion but performs content filtering, spam filtering, intrusion detection and anti-virus duties traditionally handled by multiple systems. These devices are designed to combat all levels of malicious activity on the computer network.

An effective UTM solution delivers a network security platform that comprises of a robust and fullyiintegrated security and networking functions such as network firewalling, intrusion detection and prevention (IDS/IPS) and gateway anti-virus (AV) along with other features such as security management and policy management by group or user. It is designed to protect against next generation application layer threats and offers a centralized management through a single console, all without impairing the performance of the network.

Is your business ready to roll network security into a single platform? SearchSecurity.com evaluates six leading UTM appliances to help you push the right buttons.

How to deploy UTM See how to set up a managed UTM remote firewall/VPN appliance in this tip from SearchSecurity.com.

Advantages of using UTM

• Reduced complexity: The integrated all-in-one approach not only simplifies product selection, but product integration, and ongoing support as well.


• Ease of deployment: Since there is very less human intervention required, customers themselves or vendors can easily install and maintain these products.
  
• Integration capabilities: These appliances can easily be deployed at remote sites without the help of any security professional on ground. In this scenario a plug-and-play appliance can be installed and managed remotely. This kind of management is synergistic with large, centralized software-based firewalls.


• The black box approach: Users have a tendency to play with things, and the black box approach limits the damage users can do. This reduces trouble calls and improves security.


• Troubleshooting ease: When a box fails, it is easier to swap it out than troubleshoot. This process gets the node back online quicker, and a non-technical person can also do it. This feature is especially important for remote offices without dedicated technical staff onsite.

To view common and uncommon UTM features, read this Q&A from SearchSecurity.com's Michael Cobb.

Continue to our Firewall know-how section of this guide →

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Networking Tutorials and Technical Guides Network management frameworks: FCAPS and ITIL Network firewall know-how: Avoid network latency while protecting your network Firewalls for network security and auditing Wireless access points Wireless protocols learning guide Wireless security 802.11 protocols Wireless network deployment and management Wireless troubleshooting IPv6 migration Network Security Products Securing the new network architecture: Security for distributed, dynamic networks What is data loss prevention? -- An introduction to DLP To simulate voice over IPSec VPNs which simulators work? Is my firewall setting preventing wireless network guest access? How to configure Windows Server 2008 advanced firewall MMC snap-in How to retrieve passwords from locked laptops How to interpret test scan results to assess network vulnerability What commands allow network traffic to pass through PIX firewalls? For an SMB firewall, what features should I look at? Creating Remote Access and Site-to-Site VPNs with ISA Firewalls: from 'The Best Damn Firewall Book Period, Second Edition' Network Security Best Practices Securing the new network architecture: Security for distributed, dynamic networks How to set passwords on folders in Windows 2003 servers What are the best methods for handling rogue access points? How to configure Windows Server 2008 advanced firewall MMC snap-in Governance, compliance, security: How are these network problems? Holidays are over; now beware the gadgets Prevent unauthorized USB devices with software restriction policies, third-party apps Network firewall know-how: Avoid network latency while protecting your network Firewalls for network security and auditing Can users on my LAN view my computer from other machines?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Nessus  (SearchNetworking.com) network analyzer  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary