What is a firewall in networking? What are the types of firewalls?
Securing its data is the primary goal of any business. Data can be in hard paper files or in a digital format on a hard disk drive. If it is in a hard drive and accessible over the network, a company needs a firewall. But what kind of firewall they need, how it will secure their sensitive data is a big question. Apart from that, installing and configuring a firewall also needs additional expertise.
What is a Firewall in networking?
You can think of a firewall similar to a security guard at the entry of a residential building. When there is a visitor, he checks for credentials and based on that it allows or does not. A fire is a networking solution to filter the network traffic between. A firewall can protect the data from outside, inside, or maybe from specific applications.
For example, if a company USA does not want to access its servers from another country, it can use a firewall that blocks all traffic that comes outside from the USA.
A firewall comes in many types, it could be hardware, cloud, or software-based firewall. What types you need depends on many factors as each type having its advantages and disadvantages. The basic aim of a firewall is to protect the internal data from the outside malicious network packets and allow genuine traffic.
How firewall is deployed?
A firewall is deployed just before the main server so that all incoming and outgoing traffic passes through it. It can be a software, hardware, and cloud firewall.
- Software Firewall – It comes as a software package. A user installs the firewall software on the server that needs to protect from the external network. This is a most easier option, even many operating systems come with a software firewall. For example, the Linux operating system has IP tables. With IP tables can add the rules to inspect the packets with an action(allow/drop).
- Hardware Firewall – The firewall comes as separate hardware with software installed. A network router is one example, where the external WAN plugin on one port and the internal LAN connects to another port. It adds some cost as needs additional hardware.
- Cloud Firewall – The kind of firewall, where the interception works on a cloud server. It is also known as FAAS firewall as a service. The user should have a fast internet connection. The best part is that one can start using a firewall with a very basic plan. Later as grow can add enhance the plan. This type of firewall keeps updating very regularly by the service provider.
Types of firewalls –
This is the very basic type of firewall, that works on packet level. To do the packet filtering, firewalls create basic rules. A rule may have destination IP, source IP, source port, destination port, etc, and an outcome (allow/discard). Once a packet enters, it is inspected against all provisioned rules. The inspection performs a check on top-level packet parameters such as source IP, destination Ip, etc, against the rules.
If the inspection fails, the packet is discarded and may log an error for the operation guys.
A packet-filtering firewall consumes a very less number of resources. That means, they do not have any impact on the system performance. But at the same time, it just looks surface-level parameters, so any attack that is performed by the content is not blocked.
Circuit level filtering –
Another basic type of firewall, that filters the packets for setting up dedicated circuits or connections. One example is a TCP connection. Once set up a circuit takes significant resources. If the number keeps increasing, at one point there will be the denial of service.
The simplest approach is to, allow creation only from trusted sources. E.g the firewall filters the packets for TCP handshake. The first packet is the TCP SYN segment, the firewall allows the connection if source IP and ports are legitimate.
As do not look into the content, so good for if you want to protect the resource usage, not suitable to protect from the malicious contents in a packet.
Stateful Inspection Firewalls
As the name suggests, the firewall inspects all packets for a TCP connection lifetime along with Initial level filtering. To do that, it saves the connection information in the database, e.g source IP, destination IP, connection state, etc. All data during the lifetime of a connection is inspected.
A TCP connection lifetime starts with a 3-way handshake and ends with a connection termination. In a stateful inspection, a firewall inspects the actual data transfer too. That makes it a better option as compared to the other stateless firewalls. But it needs more resources.
Proxy Firewall –
Unlike other firewalls, a proxy firewall intercepts the messages at the application layer. To do this a proxy server is deployed between the communicating hosts as an intermediate node. The server runs the proxy filtering application, which terminates all messages from one direction and sends the messages to another direction (if the inspection result is not to drop).
Being in the middle, with a proxy server there are logically four communicating hosts. The middle server works as a client in one direction while as a server in another.
An application-layer firewall is application-specific. For example, it can intercept, web traffic, mail traffic, etc. If a company has a proxy firewall to protect unauthorized website visits. If a user inside the company accesses a website via the internet, the HTTP request reaches the application firewall and then forwarded to the web server after packet examination.
Looks very promising, but all the application level processing adds extra load on hardware and introduces the delay in request and response.