Types of Firewalls

Firewalls have evolved into several distinct types. The following passages will help clarify the functions of the most common types of firewalls in order to help you understand which basic features that you may specifically require. Once you're educated in firewall types then you should feel more confidence in deciding whether to purchase firewall software vs. hardware. Common types of firewalls are as follows:

Packet Filtering

A packet filtering firewall will examine the information contained in the header of a packet of information which, is attempting to pass through the proverbial 'drawbridge into the castle'. Information checked includes the source address, the destination and the application it is being sent to. A packet filter firewall works on the network level of the Open System Interconnection*(OSI definition in next paragraph) protocol stack, and so, does not hide the private network topology behind the firewall from prying eyes. It is important to be aware that this type of firewall only examines the header information. If data with malicious intent is sent from a trusted source, this type of firewall is no protection. When a packet passes the filtering process, it is passed on to the destination address. If the packet does not pass, it is simply dropped. This type of firewall is vulnerable to 'IP spoofing', a practice where a hacker will make his transmission to the private LAN (Local Area Network) look as though it is coming from a trusted source, thereby gaining access to the LAN.

*OSI - Per Textbook "Networking Essentials Plus" the definition of OSI is "A seven-layer architecture that standardizes levels of service and types of interaction for computers exchanging information through a network. It is used to describe the flow of data between the physical connection to the network and the end-user application. This model is the best known and most widely used model for describing networking environments."

Circuit Gateways

Circuit gateway firewalls work on the transport level of the protocol stack. They are fast and transparent, but really provide no protection from attacks. Circuit gateway firewalls also do not check the data in the packet. The one great benefit to this type of firewall is that they make the LAN behind the firewall invisible, as everything coming from within the firewall appears to have originated from the firewall itself. This is the least used type of firewall.

Application Level Proxy

The slowest and most unwieldy firewall is the application level proxy. This type of firewall works on the application level of the protocol stack, which enables it to perform with more intelligence than a packet filtering or circuit gateway firewall.

Application level proxy type firewalls are usually utilized for enterprise firewalls rather than single home use. They determine if a connection to a requested specific application is permitted such as, Internet access or Email. This allows the user to determine what application their computers will be used for. Also known as proxy servers they not only screen packets and determine what applications are permitted to be accessed but also offer protection from outside sources by hiding internal computers from external viewing. Outside sources never make contact with the internal computers but rather must conduct all communications via the proxy server. This method in most cases exceeds the use of the average home computer user and it is more suited to small business and enterprise solutions. It is mentioned here due to the popularity of the home use of peer-to-peer networking in order to share dedicated Internet connections such as cable modems.

Stateful Packet Inspection

A fourth method that can be utilized by firewalls is called "Stateful Packet Inspection". It is called "Stateful" because it examines the contents of the packet to determine what the state of the communication is. It ensures that the stated destination computer has previously acknowledged the communication from the source computer. In this way all communications are initiated by the "receiving" computer and are taking place only with sources that are known or trusted from previous communication connections. In addition Stateful Packet Inspection firewalls are also more rigorous in their packet inspections. Stateful Packet Inspection firewalls also close off ports until an authorized connection is requested and acknowledged by the receiving computer. This allows for an added layer of protection from the threat of "port scanning" a method used by hackers to determine what PC services or applications are available to be utilized to gain access to the host computer.

Internet Connection Firewall

Windows XP

Windows XP provides Internet security in the form of the new Internet Connection Firewall (ICF). ICF makes use of active packet filtering, which means the ports on the firewall are opened for as long as needed to enable you to access the services you are interested in. The type of technology prevents hackers from scanning your computer's ports and resources. If you are hosting an Internet session, ICF allows you to open holes in the firewall that allow traffic on specific ports. This is called "port mapping."

Hybrid Firewall

A hybrid firewall is a combination of two of the above-mentioned firewalls. The first commercial firewall, the DEC Seal, was a hybrid developed using an application gateway and a filtering packet firewall. This type of firewall is generally implemented by adding packet filtering to an application gateway to quickly enable a new service access to and from the private LAN.

Personal firewalls are usually software implementations of an application gateway firewall. Exceptions to this are products such as a router like the Linksys router that contains a packet filtering firewall within it.

The most important thing to remember with a firewall is that it should only be ONE part of a security system for a private LAN or computer. Modern firewalls cannot protect a network or system from insider attacks, viruses, and previously unknown attacks, as firewall technology is generally 'catch-up' and 'protect from known threats' technology. To keep your system(s) completely secure constant updates and other security methods will have to be implemented.

Enter your search terms Submit search form

Related Articles on Firewalls