What is Firewall? Explain How a Firewall Works

What is Firewall and Its Type

What is Firewall?

A Firewall is a system designed to control access to applications on the network, usually accessing a private network from the public Internet. We know that when we are connected to the Internet or an external unit, we need a Firewall. There are many different options for defining topology, selecting a vendor and choosing the type of Firewall.

There are three main types of Firewall software and hardware configurations:

1. Packet Filtering
2. Proxy server or application gateway
3. Circuit-level gateway or generic app proxy

This post will help you assess the main types of Firewall architectural options. In addition, there is an evaluation checklist for choosing a firewall vendor solution.

There are several reasons for the need for a Firewall:

1. Mission-Loss of Important Business Information

2. Loss of services like e-mail, HTTP, FTP, and EDI

3. Protection of legal and confidential information

4. Preventing contact with network server and workstation

5. Enforcement of security policies

Question: Will the firewall solve all your security problems?
A: No,

But they provide an essential level of security. However, they do not protect against users who accidentally make a password reveal against a computer, which is a computer within an organization connecting to a phone that is not secure from the firewall, or the internal attack. More than 50% of all security breaches are from insiders.

All Firewall products do not check incoming code for signs of viruses and Trojan horses. You will still need to implement hardware-level security, operating system security, application security, and concrete policies and procedures. Even if they are not 100% guaranteed, you still need space to add additional levels of security to your enterprise data.

The question is how much protection do you really need?

Early analysis of architectural needs

Firewalls are traditionally valued for the restriction or protection provided by them. However, they can do a lot. They also work as an "enablers" for an enterprise to communicate safely with the Internet.

Firewalls are an essential element in internet-face enterprise infrastructure, and selection of the right components and configurations will not only protect internal-owner information but also set a long way to safely open your business opportunities.

In analyzing the ideas of architecture, it is important to keep in mind that many factors should be evaluated. Any "one solution fits all" approach which is right for every business. In order to conduct your initial analysis and select the final product, you should consider factors like product performance, security level, availability, availability or "dependency" desired, cost, management, configuration, and functional characteristics.

Some allowances or trade-offs will be necessary because every product or architectural layout cannot be able to meet your every need. As a result, you should decide the factors that are most important to your enterprise and accordingly give priority to them.

The following ideas should be included while conducting their initial architecture analysis:

1. How much traffic is passing through the firewall system? During a busy time, will a firewall host be sufficient or will it require multiple firewall host layouts?

2. Depending on the nature of your proprietary data and the level of security you want, do you want incoming traffic to go through more than one firewall system? Are you willing to tolerate additional costs and slow transaction time required to do this?

3. How important is it for your enterprise to review the flow of traffic through the firewall system? Do you want to request every message to be screened and linked to an external site, or are you more interested in restricting access to certain sites?

4. How important is the dependence of your firewall system? Do you want to spend extra money on a system that is highly reliable and is available seven days a week, 24 hours a day? If you have only one firewall device and it fails, what reaction will you face? Will this affect your ability to operate the business openly and safely?

5. Since every product cannot meet your needs, therefore, do you need to consider the products of more than one vendor to weaken your business for various types of external attacks?

6. What unique functional features of your firewall system will be necessary depending on the features of the business?

7. What is your budget for implementing firewall systems? Do you have a carte blanche to install a state-of-the-art system, or do you have to give concessions due to budgetary constraints? Is your budget adequate to meet the minimum safety requirements

Assessing the right types of firewalls for your enterprise

The main function of the Firewall is to keep external ownership data safe from the outside world. Three main types of firewalls are used to protect the intranet of enterprise, but any device that controls traffic through a network for security reasons can be considered a firewall.

In order to fulfill the same thing basically different methods protect an internal network. The most basic type of firewall is a packet-filtering device, also called a screening router. Packet-filtering is a firewall router that works at lower levels of the network protocol stack. At the high end, there are proxy-server gateways that proxy services for internal customers by regulating incoming external network traffic and providing traffic control of outgoing internal packets.

The third type of Firewall, known as the circuit-level gateway, depends on statewide inspection techniques. "Stateful Inspection" is a filtering technique that requires a trade-off between performance and security.

Let's look at the three main Firewall types

Packet filtering firewall

Packet-filtering firewalls provide a way to filter IP addresses by two basic ways:

1. Access to the known IP address

2. Refusing access to IP addresses and ports

By allowing access to known IP addresses, for example, you can only allow access to recognized, established IP addresses, or you can deny access to all unknown or unfamiliar IP addresses.

Refusing access to IP addresses or ports, for example, you can refuse access to external people by port 80. Since most HTTP servers run on port 80, this will block all external access to the HTTP server.

Using packet filtering techniques is most beneficial so that only approved and known network traffic can be made possible by a high degree of degree. Packet filtering can be a very cost-effective tool to add traffic control to already existing router infrastructure.

IP packet filtering is accomplished in some fashion by all the firewalls. It is usually done through a packet-filtering router. Routers will filter or screen the packet traveling through the interface of the router running under the firewall policy established by Enterprise. A packet is a piece of information that is being broadcast on the network. Packet filtering will examine the type of paths carrying router packets and the type of information present in the packet.

If the packet passes the test of the firewall policy, then it is allowed to continue on its own path. Packet source IP address and source TCP / UDP port, and the destination IP address and destination of the packet include the destination TCP / UDP port in the packet filtering router information.

Some packet-filtering firewalls will only be able to filter IP addresses, not source TCP / UDP port, but as a convenience TCP or UDP filtering can be provided more efficiently because the traffic for incoming connections Can be banned, enterprises.

Packet-filtering firewalls generally run on general purpose computers that work as a router or special purpose router. Both have their advantages and disadvantages. The main advantage of general purpose computers is that it provides unlimited functional expansion, whereas losses are average performance, a limited number of interfaces and operating system vulnerabilities. The advantages of special purpose router are increasing the number of interfaces and performance, while losses are reduced to functional expansion and high memory requirements.

Although packet-filtering firewalls are less expensive than other types, and vendors are improving their offerings, but they are considered to be less desirable in maintenance and configuration. They are useful for bandwidth control and range but there is a lack of other features like logging capabilities. If the firewall policy does not restrict certain types of packets, then packets may be unknown until an event occurs. Enterprises using packet-filtering firewalls should search for devices that can provide detailed logging, simplified setup, and firewall policy checks.

Proxy Server or Application Gateway

Proxy servers, also known as application proxies or application gateways, use the same method as packet filters, in which they check that the packet is being routed and the type of information present in the packet. Application proxy, however, is not just

An application-proxy firewall is a server program that understands the type of information sent for example, HTTP or FTP.

Circuit-Level Gateway

A circuit-level gateway is similar to an app gateway, except that it does not need to understand the type of information being transmitted. For example, socks servers can work as circuit-level gateways. "SOCKS" is a protocol that a server uses to allow requests from a client to the internal network so that they can send them to the Internet. SOCKS uses a socket to monitor personal connections.

Circuit-level gateway filtering allows state-wide inspection or dynamic packet filtering to make decisions. Although the circuit-level gateway is sometimes grouped with an application gateway, they are in a different category because they do not have any additional evaluation of data in the packet beyond creating an approved connection between the external world and the internal network.

Statewide inspection is a circuit-level gateway function that allows for stronger screening than offering packet-filtering devices, in which both packet materials and pre-packet history are used to establish filtering decisions. This inspection is an "add-on" function, so the circuit-level gateway also works as a device router.
This add-on provides increased performance on application proxies by compromising performance and security criteria.

Circuit-level gateways, then, provide an increase in security monitoring capabilities on packet filtering firewalls, but still rely on a well-kept core routing structure, and, like an app proxy, advanced access decision making decisions Can be set for.

Bring it all together using the Firewall Evaluation Guidelines

The section presented here on firewall assessment guidelines, including "Firewall Buyer's Assessment Form", has been used entirely with permission from ICSNET.

Basic requirements

To properly implement specific policies of an organization, the exact characteristics of the Firewall are required. Generally, however, the firewall should be able to do the following:

  • Reject all services except the "specifically permitted" design policy, even if it is not initially the policy to be used.
  • Support the security policy, do not apply one.
  • If the organization's security policy changes, then adjust the new services and needs.
  • If required, including advanced certification measures or hooks to establish advanced certification measures.
  • Deploy techniques to allow or deny services to the required host system as required.
  • Log in through the firewall and through it log.
Use a flexible, user-friendly IP-filtering language that is easy for the program and filter on different types of features including source and destination IP address, protocol type, source and destination TCP / UDP port, and inbound and outbound interfaces. Could.

If users need services like NNTP, X11, HTTP, or Gopher, then the firewall will perform well to support related services. Firewalls should generally work as mail gateways for Internet mail, reducing direct SMTP connection between the site and remote system, resulting in centralized handling of site e-mails. Firewalls should adjust the public access on the site, such as firewalls can secure public information servers when separated from other site systems, which do not require access to the public.

Additional requirements

Firewalls should be able to filter dial-in access by keeping in mind. It should include a mechanism for logging traffic and suspicious activity, as well as the mechanism for the log reduction to keep the logs readable and understandable.

If the Firewall requires operating systems like Unix, then a secure version of the operating system should be included, as well as with the firewall host integrity and other security tools required to install all operating system patches. Note that there is no reason to use the same operating system as the company network for the firewall machine.

Indeed, many firewalls use their own proprietary operating system, optimized for performance and security. However, firewall management can be easy on one system with a familiar operating system and interface.

The power and accuracy of the firewall should be able to verify. Its design should be simple so that administrators can understand and maintain it. Firewalls and any related operating systems should be periodically updated with patches and other bug fixes.

As discussed earlier, the Internet constantly changes. New vulnerabilities can arise. New services and enhancements for other services can represent potential difficulties for any firewall installation. Therefore, flexibility is important for optimizing the changing needs, as is the process of staying current on new threats and weaknesses. You may want to subscribe to some of the mailing lists listed on our website (http://www.icsa.net/) or consider paid membership for Renaissance services such as ICSA's Trucecure Monitor.

Buy & Build

Some organizations have the capability to keep their own firewalls together by using the available software components and tools or by writing a firewall from scratch. In addition, providing a variety of services in firewall technology, by providing the necessary hardware and software to develop vendors' security policy and to provide risk assessments, security review, and safety training.

One of the advantages of the company in making your firewall is that the personnel of the house will be understood later on to the specifications of the design and use of the firewall. Such knowledge may not exist in the home for firewalls supported by the vendor. On the other hand, an in-house firewall may require a lot of time to build, document, and maintain. It is easy to ignore these costs. Organizations sometimes make the mistake of expecting only device costs. When the company accurately account for all the costs associated with the construction of the firewall, then it can be more affordable to buy from the seller.

By considering the following questions, the organization can decide whether there are resources to create and operate successful Firewalls:

1. How will the Firewall be tested?

2. Which would verify that the Firewall performs expected?

3. Who will perform normal maintenance of Firewalls like backup and repair?

4. Who will install updates for Firewalls, such as new proxy servers, patches, and other enhancements?

5. Can security-related patches and problems be corrected from time to time?

6. Who will be user support and training?

Many sellers provide maintenance services with Firewall installation, so organizations can consider using those people if they do not have internal resources to perform these tasks. Either way, organizations should see the firewall administration as the role of an important job and afford as much time as possible. In small organizations, the work may need less than full-time status. However, it should be taken priority on other duties assigned to the responsible person.

The Firewall can only be as effective as the administration makes it. A poor maintenance firewall can be unsafe and allow brake-ins while providing confusion of security. The safety policy should clearly reflect the importance of the firewall administration, and management should demonstrate its commitment to this important in terms of personnel, funding and other necessary resources.

A Firewall site should not work as an excuse to pay less attention to system administration. In fact, if the firewall is rotated, then a poorly administered site will be wide open for intrusion and consequential damage.

A Firewall also does not reduce the need for highly efficient system administration in any way. Also, unlike a firewall reactive, a system can allow activation in its system administration. Since the firewall provides hindrance, the site system can spend less time in response to administrative duties and incidents and damage control.

During firewall implementation, sites should do the following:

1. Standardize operating system versions and software to make patches and security improvements more manageable.

2. A program institute for efficient, sitewide installation of patches and new software.

3. Use services to help centralize system administration if it has better administration and better security.

4. Check periodic scans and host systems to detect common vulnerabilities and errors in the configuration.

5. Ensure that a communication path exists to alert the site about new security problems, alerts, patches, and other security-related information between system administrators and security administrators.

In view of the Firewalls market situation and the speed at which the Internet is changing, almost any organization should be able to find commercial firewalls that fit the organization's business and security needs. Remember, the firewall can be very good at what it does, but it is still a security perimeter device primarily. Firewalls, alone, are not enough.

See: What is Blockchain Technology?

See: Ethical Hacking Tutorials - What is Footprinting?

Hi'i'm Rahim Ansari ,from India, I Love to Blogging, Desing Website, Web Developing and Desiging I Like to Learn and share Technical Hacking/Security tips with you,I Love my Friends.

Please Ask Question on Comment Box

Related Posts

Next Post »