Firewall is a network security system to control and monitor the incoming and outgoing traffic based on predefined security rules.A firewall is normally barrier between trusted internal network and outside network.All the traffics which are allows to transmit over the network is predefined inside the firewall policy. All other traffics are denied.
Ancient history firewall was used to prevent the spread of fire.After that firewall concept is borrowed for computer security.Before firewalls emerged in the late 1980s, the only real form of network security performed by Access Control List(ACL).It has a predefined list of IP addresses were granted or denied access to the network.
The growth of the internet and connectivity ACL wasn't enough to keep out malicious traffic.
Packet Firewalls
Packet filtering is a firewall technique used in used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet
Protocol (IP) addresses, protocol and ports.
Network layer firewalls define packet filtering rule sets, which provide highly efficient security mechanisms.Packet filtering is also known as static filtering.
Stateful Firewalls
In order to recognize a packet's connection state, a firewall needs to record all connections passing through it to ensure it has enough information to assess whether a packet is the start of a new connection,a part of an existing connection, or not part of any connection.This is what's called "stateful packet inspection."Stateful inspection was first introduced in 1994 by Check Point Software in its Firewall-1 software firewall, and by the late 1990s,it was a common firewall product feature.
This additional information can be used to grant or reject access based on the packet's history in the state table,and to speed up packet processing; that way,packets that are part of an existing connection based on the firewall's state table can be allowed through without further analysis.If a packet does not match an existing connection,it's evaluated according to the rule set for new connections.
Application Layer Firewalls
As attacks against Web servers become more common, so too did the need for a firewall that could protect servers and the applications running on them, not merely the notwork resources behind them, Application-layer firewall technology first emerged in 1999, enabling firewalls to inspect and filter packets on any OSI layer up to the application layer.
The key benefit of application-layer filtering is the ability to block specific content, such as known malware or certain websites, and recognize when certain applications and protocols such as HTTP,FTP and DNS are being misused.
Proxy Firewalls
Firewall proxy servers also operate at the firewall's application layer,acting as an intermediary for requests from one network to another for a specific network application. A proxy firewall prevents direct connections between either sides of the firewall; both sides are forced to conduct the session through the proxy, which can block or allow traffic based on its rule set.A proxy service must be run for each type of internet application the firewall will support,such as an HTTP proxy for Web services.
Advantages
-Higher security than packet filters
-Only need to scrutinize a few allowable applications
-Easy to log and audit all incoming traffic
Disadvantages
-Additional processing overhead on each connection (gateway as splice point)
No comments:
Post a Comment