The first layer of defense in your network is often the most misunderstood. In the movies and TV the hacker always seems to find a way around or through the firewall with crazy matrix like skills that defies common sense. However, if you ever encounter a true hacker they will tell you that a properly configured firewall is the most effective way to stop their attacks. Therefore, what is a firewall and what types of firewalls are out there, and what are the types that I have used at work and at home.
Simply, a firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized network users from accessing private networks connected to the Internet, or other networks. All packets entering or leaving the network must pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria (Indiana University, 2013). However not all firewalls are created equal there are several different types that implement different strategies to secure your network.
The first type of that we will look at is a Packet-filtering firewall. Packet-filtering firewalls validate packets based on protocol, source and/or destination IP addresses, source and/or destination port numbers, time range, Differentiate Services Code Point (DSCP), type of service (ToS), and various other parameters (Ray Blair, 2009). This is the most common type of firewall that you will encounter as it is often installed in many high-end home routers in a simplified state.
Next is what some call an Application/Proxy Firewall. As its name implies it operates at layer 7 of the OSI model. This firewall valuates network packets for valid data at the application layer before allowing a connection. The firewall examines the data in all network packets at the application layer and maintains complete connection state and sequencing information. This can be done for any application like telnet, SIP, or HTTP. Specialized application software and proxy services are included in most application layer firewalls.
Proxy services manage traffic through a firewall for a specific service such as HTTP or FTP. Proxy services can provide increased access control, detailed checks for valid data, and generate audit records about the traffic they transfer because the proxy services are specific to the protocol that they are designed to forward (Romanofski, 2014). If you have ever had configure a proxy connection at work you have used this type of firewall. Application Firewalls are resource intensive so they normally reside on their own server. However, this dose not preclude them from being collocated on the same server with other firewalls.
What else is there? The Circuit Level Gateway Firewall (CLGF) monitors TCP handshaking between packets from trusted clients or servers and to untrusted hosts and vice versa to determine whether a requested session is legitimate. To filter packets in this way, a circuit-level gateway relies on data contained in the packet headers for the Internets TCP session-layer protocol. Because a circuit-level gateway filters packets at the session layer of the OSI model, this gateway operates two layers higher than a packet-filtering firewall does (Firewall Review, 2014). Although this is not considered a very safe firewall as once it has made the connection to a remote server or even another system in your own network it trusts all the data coming from that connection.
Nevertheless, I like to save the best for last. Stateful Multilayer Inspection Firewalls (SMIF) combines all the aspects of the other three types of firewalls. This firewall keeps track of all packets associated with a specific communication session. In addition, it will typically offer much higher performance than proxies will. Furthermore, stateful Inspection provides a greater level of security control by enforcing security policies at the “application socket” or port layer as well as the protocol and address level (Hilal, 2012).
At home, I have a Cisco PIX Firewall with IDS/IPS configured, as this is part of the default security features on a Cisco ISR router. This largely means that I am not right in the head but it was there so why not set it up. Cisco PIX is a hybrid firewall containing all the features of the firewalls I have discusses and it is all in one box. Do I need all the features that are in my firewall at home? In reality no, but if I was a super spy trying to hide secrets from the government then it would be a good place to start.
That is contrasting to the firewall I have at work, which consists of six servers 2 application/proxy firewalls, 2 Stateful Multilayer Inspection Firewalls, and 2specilized voice/video firewalls that use packet-filtering for their firewalling method. The voice/video firewalls use special algorithms to process the application packets in a very efficient manner to reduce latency and jitter making them more efficient that using an application firewall. The firewalls I have at work show that at time one type and or one box might not be able to meet all the needs of your organization. Each firewall type has unique capabilities that they bring to the defense of your network. Therefore, you must mix and match them to get the performance and capabilities that you need. Building a network security plan is kind of like playing tower defense and the firewall is your first cannon tower that tries to stop the bad guys in their tracks.
Works Cited
Firewall Review. (2014, 07 28). All About Firewalls . Retrieved from Firewall Review: http://firewall-review.narod.ru/circuit_level_gateway.html
Hilal, Y. (2012, 10 22). INTERNET FIREWALLS. Retrieved from yasserhilal.blogspot.de: http://yasserhilal.blogspot.de/2012/10/4stateful-multilayer-inspection-firewall.html
Indiana University. (2013, 11 18). What is a firewall? Retrieved from Indiana University: https://kb.iu.edu/d/aoru
Ray Blair, A. D. (2009, 05 21). Chapter 1: Types of Firewalls. Retrieved from NetworkWorld : http://www.networkworld.com/article/2255950/lan-wan/chapter-1–types-of-firewalls.html
Romanofski, E. (2014, 07 28). A Comparison of Packet Filtering Vs Application Le vel Fire wall Technology. Retrieved from Global Information Assurance Certification: http://www.giac.org/paper/gsec/693/comparison-packet-filtering-vs-application-level-firewall-technology/101569
