Thursday, September 17, 2015

What is a Firewall and how does it work ?

What is a Firewall ?

A firewall is a network security system, that establishes a barrier between an internal network and an outside network, and monitors and controls network traffic based on some predetermined security rules. Firewall is designed to prevent unauthorized access to and from the private network, thus making the internal private network more trusted and secure.

How does Firewall work ?

Firewalls can be either network firewalls or host based firewalls. Network firewalls are software appliances running on some hardware based firewall computer appliances, that filter the traffic of the internal network. Host based firewalls, on the other hand, provide a layer of software that controls the traffic of a single machine.

There are mainly three different types of firewalls, based on network communications:

  • Packet Filters
  • Application Layer Firewalls
  • Proxy Servers

What are Packet Filters ?

Packet Filters monitor each packet entering or leaving the network and accept or reject them based on some predefined rules. These filters can be stateful or stateless.

In stateful packet filters maintain context about active sessions and can accept or reject packets based on source and destination IP address, TCP or UDP ports, current stage of connection's lifetime.

Stateless packet filters, on the other hand, do not maintain any context of the current session, thus requiring less memory and relatively faster. But they, however, cannot take more complex decisions about acceptance or rejections of packets.

What are Application Layer Firewalls ?

This type of firewalls work on the application layer of the TCP/IP stack, and inspect all packets travelling to or from an application. They can prevent computer worms or trojans.

Application layer firewalls often hook into the socket calls to monitor the packets, so they are called socket filters also. These type of firewalls are much like packet filters, but apply filtering rules based on per process basis instead of per port basis.

What are Proxy Servers ?

A proxy server works as a gateway between the internal network and the outside network, for a specific network application, and acts as a proxy on behalf of the network user. It hides the true network addresses and intercepts all packets entering or leaving the network. Proxy servers make tampering with an internal system, from external network, more difficult.

So, this was an introductory article on firewalls. Hope this helped.

Read More

What is Web Application Firewall ?

What is an Intrusion Detection System ?

What is Next Generation Firewall ?

How to configure iptables firewall on Linux ?

How to install Snort IDS on Linux ?

What is Deep Packet Inspection ?

How to prevent Phishing ?

How to create a strong password ?

What is Smishing ?

What is Vishing ?

What is Rootkit and how to prevent it ?

1 comment: