 |
What is Firewall ?
Firewall is a system that prevents unauthorized access from a private network. It isolates your computer from the outside world of internet by building a wall of codes which inspects data packets
those which arrive at the wall (by making a decision whether to allow or block it).Â
Whether you are using a small or a large network firewall is a must to enhance the security of your computer network. It is most important to the companies those which are trying to secure their confidential information. For almost 25 years it had been the primary line of defense for network security. Before that Access Control Lists (ACL) performed the task of securing the network. But ACL was not able to identify the nature of data packets efficiently. Therefore Firewalls was introduced. The main purpose of a firewall is to filter the data packets and lower the risk of malicious attacks.Â
However Internet Protocol (IP) was able to filter the network traffic. Due to the massive growth of the internet, the filtering of network traffic alone was not enough to prevent potential threats. As a result the users are in a risk of hacking, malware attacks, identity theft and many more by exposing themselves to the open internet. Firewall can be filtering set on a network cable or a Wifi router and also it can be a software for the operating system. Therefore firewalls can be implemented in both hardware and software forms.
How does Firewall works ?
Both Firewall and Anti Virus software on your computer does almost the same work ; protecting your PC. Firewall blocks potential threats and Anti Virus scans for malwares. There are different types of firewall techniques available. Among them Packet Filtering is most common and oldest way of firewall architecture. Every message you send from the internet is in the form of packets. Each pocket has the information of IP address, source port and destination.Â
Packet filtering is process that reviews these packets for any malicious content. Firewall establishes a wall that separates internet with the network connection. Through this they will decide whether to allow these packets or not. Firewalls on their won cannot make any decisions. It decides using the programmed rules those which are created by the humans. If the rules matches the corresponding packet is a threat, firewall will take immediate measures to block it.
Other types of Firewall
More complex traffics are developed over the years. Due to this different kinds of firewall techniques have evolved to make a consideration whether to allow these traffic of not. Therefore apart from Packet filtering there are several types of firewall techniques present depending on the situation and the method of operation. Firewalls in general use 2 or more of these techniques.
Let's look at some of them,
Proxy Server - Proxy Server is a gateway which hides the network address of the system connecting it by monitoring the traffic for protocols such as HTTP or FTP. This is a type of firewall which acts as a intermediate between the clients and the server. Therefore they does the function of both packet filtering and circuit level gateway. It has the firewall capabilities since only certain types of traffic is allowed to pass. Because of the fact that it is actually analyzing the traffic passing through it, it has the potential to slowdown the network performance.
Stateful Inspection - Stateful inspection is a type of firewall that inspects network traffic to identify whether one packet is related to another. This inspection is not just about header information, it deeply analyzes the inbound and outbound data parts. After the final inspection it will decide whether the information is authorized to pass through the firewall. However Stateful inspection do put a lot of strain on computing resources which ultimately slowdown the transfer of packets. But they are actually faster compared to a proxy based firewall since they do not inspect each packets individually.
Circuit Level Gateway - Circuit level gateway applies a security mechanism whenever a TCP or UDP connection is formed. But it does not inspect the packet itself, it just checks whether it has the correct TCP handshake. Once the connections are made there is no further checking between the hosts. One major advantage of a circuit level gateway is, it has the capability to work without using much of computer resources.
Web Applications - Any type of software filter, hardware appliance or a server plugin which implements set of rules to the HTTP conversation is known as Web application firewall. These rules in general identify and block many of the HTML attacks. Web application firewall establishes it connection between servers which controls web applications
Software Vs Hardware Firewall
Firewalls are categorized into 2 as Network based and Host based depending on the place of which they are present. Network based firewalls are placed at the gateway of LAN, WAN and Intranet servers. And Host based firewalls are placed at the host itself.Â
Network based firewalls are further classified as hardware and software firewalls. Hardware firewalls are found on your broadband routers. They typically contain minimum of 4 network ports for connecting other computers. For the networks larger than that, network firewall solutions are present. A major weakness present in a hardware firewall is, it is often easy for the attackers inside to bypass them. And also capability of a hardware firewall depends on the manufacturer. Some of the hardware firewalls will have more capability of providing defense than the other.Â
On the other hand, same as a software program, Software firewalls are installed on your computer. Windows firewall is an example of software based firewall program preinstalled on your operating system. Unlike a hardware firewall, it provides the user a chance to customize it, allowing you to modify its function. And also compared to hardware firewall, software firewalls are capable of providing in depth of defense against malicious traffics. However maintaining a software firewall can be difficult and time consuming task. In addition to that software firewall fails to provide two way protection, meaning no restriction is imposed against what comes into your device and what goes out.
Future of Firewall
Modern threats such as application layer and malware are evolved to an extent that simply packet filtering and stateful inspection cannot block it. Therefore many companies are deploying their Next Generation Firewall (NGFW) to overcome them. NGFW functions by combining standard firewall technology with additional functions. While traditional firewalls only inspect packet header, NGFW looks deep inside the packets to efficiently block malicious attacks. This process is known as Deep Packet Inspection (DPI) .Â
Additionally NGFW are included with Intrusion Prevent Systems (IPSs) that automatically stops attack made to your system.Â
No comments:
Post a Comment