1. Packet-filtering firewalls.
Packet-filtering firewalls inspect the contents of each IP packet entering the firewall device and, based on predefined and configured rules, allow or block packets inside the network. These firewalls permit or block access to specific ports or IP addresses. These firewalls work on two basic policies: Allow by Default and Deny by Default. In the Allow by Default policy, all traffic is allowed to enter the network except specifically denied traffic. In the Deny by Default policy, all traffic entering the firewall is blocked except that which is specifically allowed. Deny by Default is considered the best firewall policy, as only authorized traffic is allowed to enter the network using specified port numbers or IP addresses.
Packet-filtering firewalls use IP addresses and TCP/IP port numbers to decide whether certain traffic is to be allowed or blocked. The firewall can be configured to allow or deny traffic based on the source IP address, the destination IP address, the source port, or the destination port. TCP/IP port numbers fall into the following three categories:
• Well-known port numbers that range from 0 to 1023.
• User ports (registered ports) that range from 1,024 to 46,151.
• Dynamic/private ports that range from 46,152 or 65,535.
Packet-filtering firewalls inspect the contents of each IP packet entering the firewall device and, based on predefined and configured rules, allow or block packets inside the network. These firewalls permit or block access to specific ports or IP addresses. These firewalls work on two basic policies: Allow by Default and Deny by Default. In the Allow by Default policy, all traffic is allowed to enter the network except specifically denied traffic. In the Deny by Default policy, all traffic entering the firewall is blocked except that which is specifically allowed. Deny by Default is considered the best firewall policy, as only authorized traffic is allowed to enter the network using specified port numbers or IP addresses.
Packet-filtering firewalls use IP addresses and TCP/IP port numbers to decide whether certain traffic is to be allowed or blocked. The firewall can be configured to allow or deny traffic based on the source IP address, the destination IP address, the source port, or the destination port. TCP/IP port numbers fall into the following three categories:
• Well-known port numbers that range from 0 to 1023.
• User ports (registered ports) that range from 1,024 to 46,151.
• Dynamic/private ports that range from 46,152 or 65,535.
Packet-filtering firewalls work at the Network layer (Layer 3) of the OSI model. One of the benefits of these is the ease of configuration because a packet is either allowed or blocked. This technique also does not cause any delays in transmissions. There are certain limitations also. The firewall can just inspect the header of the packet but does not read the contents of the packet. Another drawback is that if a certain application opens a port dynamically and does not close it, the open port remains a security risk to the network.
2. Application-layer firewalls.
Application-layer firewalls work at the Application layer (Layer 7) of the OSI model. They are also known as Application firewalls or Appli- cation layer gateways. This technology is more advanced than packet filtering because it examines the entire packet to allow or deny traffic. Proxy servers use this technology to provide application-layer filtering to clients. Application-layer packet inspection allows firewalls to examine the entire IP packet and, based on configured rules, allow only intended traffic through them.
One of the major drawbacks of application-layer firewalls is that they are much slower than packet-filtering firewalls. Every IP packet is broken at the firewall, inspected against a complex set of rules, and re-assembled before allowing it to pass. For example, if the firewall finds virus signatures in a packet, it can block them. Although this technique allows for more rigorous inspection of network traffic, it comes at the cost of administration and speed.
Application-layer firewalls work at the Application layer (Layer 7) of the OSI model. They are also known as Application firewalls or Appli- cation layer gateways. This technology is more advanced than packet filtering because it examines the entire packet to allow or deny traffic. Proxy servers use this technology to provide application-layer filtering to clients. Application-layer packet inspection allows firewalls to examine the entire IP packet and, based on configured rules, allow only intended traffic through them.
One of the major drawbacks of application-layer firewalls is that they are much slower than packet-filtering firewalls. Every IP packet is broken at the firewall, inspected against a complex set of rules, and re-assembled before allowing it to pass. For example, if the firewall finds virus signatures in a packet, it can block them. Although this technique allows for more rigorous inspection of network traffic, it comes at the cost of administration and speed.
3. State-full Inspection Firewalls.
State-full Inspection Firewalls work by actively monitoring and inspecting the state of the network traffic and keeping track of all the traffic that passes through the network media. This technology overcomes the draw- backs of both packet-filtering and application-layer firewalls. It is programmed to distinguish between legitimate packets for different types of connections, and only those packets are allowed that match a known connection state. This technology does not break or reconstruct IP packets and hence is faster than application-layer technology.
Using this technology, a firewall can monitor the network traffic and dynamically open or close ports on the device on an as-needed basis, as the communication states of common applications are known to the firewall. For example, if legitimate HTTP traffic enters the firewall, it can dynamically open port 80 and then close it when traffic has been allowed. This is in contrast to packet filtering, where the administrator would have to permanently keep port 80 open on the firewall.
State-full Inspection Firewalls work by actively monitoring and inspecting the state of the network traffic and keeping track of all the traffic that passes through the network media. This technology overcomes the draw- backs of both packet-filtering and application-layer firewalls. It is programmed to distinguish between legitimate packets for different types of connections, and only those packets are allowed that match a known connection state. This technology does not break or reconstruct IP packets and hence is faster than application-layer technology.
Using this technology, a firewall can monitor the network traffic and dynamically open or close ports on the device on an as-needed basis, as the communication states of common applications are known to the firewall. For example, if legitimate HTTP traffic enters the firewall, it can dynamically open port 80 and then close it when traffic has been allowed. This is in contrast to packet filtering, where the administrator would have to permanently keep port 80 open on the firewall.
Benefits of Using a Firewall
The main benefits of using a firewall are:
(i) Protection from services which are inherently more prone to attackes.
(ii) Access to host in the network can be strictly controlled.
(i) Security is concentrated on a single firewall system. This leads to better implementation of authentication procedures.
(ii) Logging and statistics of network use and misuse.
(iii) Policy enforcement.
The main benefits of using a firewall are:
(i) Protection from services which are inherently more prone to attackes.
(ii) Access to host in the network can be strictly controlled.
(i) Security is concentrated on a single firewall system. This leads to better implementation of authentication procedures.
(ii) Logging and statistics of network use and misuse.
(iii) Policy enforcement.
No comments:
Post a Comment