6.3.1 Firewall
Application Gateway
Packet Filter
Application Gateway versus Packet Filter
Hybrid
Intruder Attacks Prevented by Firewall
Setting up a Firewall
A firewall is a program or hardware device that protects your network by filtering incoming packets from the Internet entering your protected network or computer system. It can be used as a cost-effective method to protect a computer at home, or within an organization. Using a firewall to protect your private network is similar to employing gates and guards to protect your property. It provides a level of separation between your protected system and the Internet. A firewall serves as one of the first defenses against unauthorized access to systems and information. It acts as a gatekeeper to your computer system. It is usually installed between an internal network and the Internet to ensure that only authorized traffic can enter and leave the secured network. If incoming traffic is not recognized as permitted traffic by the firewall, it is not allowed through.
Firewalls are also important because they can provide a single "choke point" where security policy can be implemented and auditing can be performed. Firewalls often provide summaries to the administrator about the kinds of data passed through, the amount of traffic processed, and the number of attempts to break into the protected system encountered.
The figure below illustrates the firewall as a filter for incoming traffic entering the protected network.
Figure 1 Firewall and the protected network
Application Gateway
There are two types of firewalls. The first type is an application gateway. Instead of allowing corporate hosts to communicate directly with external hosts, communication has to go through an application, called a proxy, running on or directly behind the firewall. For example, when a corporate host tries to read a Web page, it establishes a connection with a Web proxy running on the firewall instead of the actual server. The proxy will inspect the requests and, if approved, it will fetch the page from the actual server. Once the page is returned, the proxy has the option of inspecting it, and then finally forwarding it to the requesting host. Similar proxies can be built for electronic mail and other applications.
Packet Filter
The second type of firewall is a packet filter. It uses information in the header of every packet to decide whether a packet is acceptable to pass the firewall. Recall that a packet contains the address of its sender, the address of the destination, and data. If a packet's source or destination is not acceptable, the packet is blocked, and a record is entered in a log that can be inspected by the network manager.
Packet filters allow only fairly coarse access control. The reason is that they have to make filtering decisions exclusively based on whether specific header fields (for example, port numbers or IP addresses) match or do not match certain well-known values. For example, it is possible to restrict the applications that can send data through the firewall based on port numbers. Because email usually uses port 25, legitimate email traffic sent to port 25 can pass through the firewall. It is also possible to restrict, based on IP addresses, with which hosts or destination networks corporate systems can communicate. For example, the packet filter can prevent communication with specific websites. However, if a Web server uses non-standard port numbers or if proxies are used to mask IP addresses, a packet filter may not be able to catch all packets that violate corporate policies.
A more recent packet filtering method compares certain key parts of the packet. The firewall examines packets and tracks their state from packet to packet. It also tracks inter packet communication to ensure data coming back was requested from inside the firewall.