What is a firewall in networking? What are the types of firewalls?
Any business’s primary objective is to secure its data. Data can be stored on paper or digitally on a hard disc drive. If the data is stored on a hard drive in a server that is accessible via a network, the business requires a firewall to protect its important information.
However, determining what type of firewall is suitable for a business and how it will secure its sensitive data is a significant question.
Moreover, installing and configuring a firewall requires additional expertise, which brings a burden to the company.
What is a Firewall in networking?
You can think of a firewall similar to a security guard at the entry of a residential building. When there is a visitor, he verifies the visitor information. Based on that it allows or denies.
In a computer network, a firewall performs a similar function by filtering network traffic. It can safeguard data from the outside, inside, or even from specific applications.
For instance, if a company in the United States of America wishes to prevent people from other countries from accessing its servers, it can use a firewall to block all traffic from outside the country.
A firewall can be hardware-based, cloud-based, or software-based. Which type you require is determined by a variety of factors, as each type has distinct advantages and disadvantages.
The fundamental purpose of a firewall is to protect internal data from malicious network packets while allowing legitimate traffic.
How does a firewall work?
The firewall works on the filtering mechanism. When a network packet enters the firewall, it inspects it against the rules configured. A rule could be a group of any parameters such as ports numbers, IPs, etc. Each rule is given a status of allowed or disallowed.
How a firewall is deployed in a network?
A firewall is placed just before the main server and is configured to filter all incoming and outgoing traffic. It can be a software firewall, a hardware firewall, or a cloud firewall.
- Software Firewall – It is distributed as a software package. On the server that needs to be protected from the external network, the user installs the firewall software. This is the simplest option, despite the fact that many operating systems include a software firewall.
For example, the Linux operating system has IP tables. With IP tables can add the rules to inspect the packets with an action(allow/drop).
- Hardware Firewall – The firewall comes as separate hardware with software installed. A network router is one example, where the external WAN plugin on one port and the internal LAN connects to another port. It adds some cost as needs additional hardware.
- Cloud Firewall – The kind of firewall, where the interception works on a cloud server. It is also known as the SAAS firewall as a service. A user should have a fast internet connection to the firewall. The best part is that one can start using a firewall with a very basic plan. Later as requirements grow he can add more to enhance the plan. This type of firewall keeps updated very regularly by the service provider.
Types of firewalls –
This is the very basic type of firewall, that works on the packet level. To do the packet filtering, firewalls create basic rules. A rule may have destination IP, source IP, source port, destination port, etc, and an outcome (allow/discard). Once a packet enters, it is inspected against all provisioned rules. The inspection performs a check on top-level packet parameters such as source IP, destination Ip, etc, against the rules.
If the inspection fails, the packet is discarded and may log an error for the operation guys.
A packet-filtering firewall consumes a very less number of resources. That means, they do not have any impact on the system performance. But at the same time, it just looks like surface-level parameters, so any attack that is performed by the content is not blocked.
Circuit level filtering –
Another basic type of firewall is that filters the packets for setting up dedicated circuits or connections. One example is a TCP connection. Once set up a circuit takes significant resources. If the number keeps increasing, at one point there will be a denial of service.
The simplest approach is to, allow creation only from trusted sources. E.g the firewall filters the packets for TCP handshake. The first packet is the TCP SYN segment, the firewall allows the connection if the source IP and ports are legitimate.
As do not look into the content, so good for if you want to protect the resource usage, not suitable to protect from the malicious contents in a packet.
Stateful Inspection Firewalls
As the name implies, the firewall inspects all packets for the duration of a TCP connection in addition to performing initial level filtering. To accomplish this, it stores connection information in the database, such as the source IP, the destination IP, and the connection state. It inspects all data that is transmitted over the connection.
A TCP connection lifetime starts with a 3-way handshake and ends with a connection termination. In a stateful inspection, a firewall inspects the actual data transfer too. That makes it a better option as compared to the other stateless firewalls. But it needs more resources.
Proxy Firewall –
A proxy firewall, in contrast to other types of firewalls, intercepts messages at the application layer. This is accomplished by deploying a proxy server as an intermediate node between the communicating hosts. The server hosts the proxy filtering application, which redirects all messages from one direction to another.
With a proxy server in the middle, there are logically four communicating hosts. In one direction, the middle server acts as a client, in another, it acts as a server.
A firewall at the application layer is application-specific. For instance, it can intercept web traffic and e-mail traffic.
If a business utilizes a proxy firewall to guard against unauthorized website visits. When an internal user accesses a website via the internet, the HTTP request is forwarded to the application firewall for packet examination before being forwarded to the webserver.
While this appears to be a very promising solution. But all of the application-level processing places additional strain on the hardware and introduces a delay between request and response.