What Is Firewall? & Its Types

What Is a Firewall?

A firewall is a network of a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and an untrusted external network, such as the Internet.

Firewall

A firewall can be hardware, software, or both.

Most people think that a firewall is a device that is installed on the network, and it controls the traffic that passes through the network segment.

What Firewalls Do?

•  Defend resources

• Validate access

• Manage and control network traffic

• Record and report on events

If You Read About TCP/IP Model? Click on Link and Read Out.

Firewalls are used to protect both home and corporate networks. A typical firewall program or hardware device filters all information coming through the Internet to your network or computer system.

How Firewall Works?

To get a basic grasp of how firewalls work, it's important to understand how TCP packets work. 

The data that your computer sends and receives over the internet or an internal the network is comprised of TCP packets and UDP packets. TCP packets can be more effectively filtered by firewalls because they contain more information in their headers.

TCP packets contain information such as source and destination addresses, packet sequence information, and payload. That information allows your network interface to deliver data properly, and a firewall can compare that information to the rules you configured it with.

Generation of Firewall:

First Generation- Packet Filtering Firewall : 

Packet filters act by inspecting packets transferred between computers. Packet filtering firewall is used to control network access by monitoring outgoing and incoming packet and allowing them to pass or stop based on source and destination IP address, protocols and ports.

Second Generation- Stateful Inspection Firewall :

From 1989–1990, Stateful firewalls (performs Stateful Packet Inspection) can determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient.

This type of firewall is potentially vulnerable to denial-of-service attacks that bombard the firewall with fake connections in an attempt to overwhelm the firewall by filling its connection state memory.

Third Generation- Application Layer Firewall : 

Marcus Ranum, Wei Xu, and Peter Churchyard released an application firewall is known as Firewall Toolkit (FWTK) in October 1993.

Application layer firewalls can inspect and filter the packets on any OSI layer, up to the application layer. It can block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused.

If You Don't Know About IDS and IPS? Click On Link and Read Out.

Next-generation firewall (NGFW):

Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.

Types of Firewall:

Firewalls are generally of two types: Host-based and Network-based.

Host-based Firewalls : 

Host-Based Firewall

• A host-based firewall is installed on each network node which controls each incoming and outgoing packet.

• Host-based firewalls are needed because network firewalls cannot provide protection inside a trusted network. Host firewall protects each host from attacks and unauthorized access.

Network-based Firewalls : 

Network-Based Firewall

• Network firewall functions on the network level.

• It protects the internal network by filtering the traffic using rules defined on the firewall. A network-based firewall is usually a dedicated system with proprietary software installed.

Firewalls use one or more of three methods to control traffic flowing in and out of the network:

Packet filtering - 

Packets are analyzed against a set of filters. A packet-filtering firewall examines packets in isolation and does not know the packet's context. Packets that make it through the filters are sent to the requesting system and all others are discarded.

Proxy service - 

Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Proxy servers can mask real network addresses and intercepts every message that enters or leaves a network.

Stateful inspection - 

These are then compared to a trusted information database for characteristic matches. This determines whether the information is authorized to cross the firewall into the network.