What Is Firewall?
We can use a firewall to protect our home network and family from offensive web sites and potential hackers. Basically, a firewall is a barrier to keep destructive forces away from our property. In fact, that is why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.
How does a firewall work?
A network firewall works by establishing a border between the internet and the network it guards. It is inserted inline across a network connection and inspects all packets entering the network. As it inspects, a rules engine distinguishes between traffic that is benign and traffic that is potentially dangerous.
A firewall is not capable of making judgments on its own — no computer is. Instead, it follows the programmed rules created by humans. These rules dictate whether the firewall should let a packet through the network barrier. If a packet matches a pattern that indicates danger, the corresponding rule will instruct the firewall not to let the packet through. These rules have to be constantly updated because the criteria for what patterns indicate a dangerous packet change frequently.
Firewall may be classified into three different ways:-
- By their processing type
- By their evolutionary generation
- By the way they are implemented
- A packet-filtering firewall examines packets in isolation and does not know the packet’s context.
- A stateful inspection firewall examines network traffic to determine whether one packet is related to another packet.
- A proxy firewall (aka application-level gateway) inspects packets at the application layer of the Open Systems Interconnection (OSI) reference model.
- An NGFW uses a multilayered approach to integrate enterprise firewall capabilities with an intrusion prevention system (IPS) and application control.
- A personal firewall is software used to protect a single internet-connected computer from attacks, as opposed to a multitude of devices.
Packet filtering firewall come in three types:
- Traffic on a network is broken into packets,smaller message units.Each packet must hold at least two address.that of the sender and that of the recipient.A packet-filtering firewall will hold a database of rules that tells it what to do with packets.often the rules are based on the address mentioned above and the protocol the packet is being sent under.The rules may include all three ideas,
- The first rule says if the packet is from any address on the 172.16.0.0 network(172.16.x.x) and being sent to any address on the 10.10.0.0 network, using any protocol, drop the packet. The X character is used as WILDCARD on some firewall, as the text mention later. Other firewalls might use zeros instead, so we need to know the syntax for the fire we are configuring.
- The second rule says if the packet is from any address on the 192.168.0.0 network(192.168.x.x) and being sent to the specified address 10.10.10.25 (10.10.1.25), using the HTTP protocol, let that packet through. This tells me that 10.10.10.25 is the address of a web server on that network because HTTP is a web page.
- The third rule says if the source address is especially 192.168.0.1 and the destination address is specially 10.10.10.10, and the protocol is FTP, then let the packet through
- Static-a system administrator sets the rules for the firewall
- Dynamic-The firewall sets some rules for itself,such as dropping packets from an address that is sending many bad packets
- Stateful-Packets sent by an attacker often are sent to a port that the attacker has guessed is open; a stateful firewall denies packet sent to any por unless a connection to that port has already been negotiated; this kind of checking puts more processing overhead on the firewall.
2. Application gateway firewall:
The ISO-Open system interconnects the networking model has seven layers that describe what happens to a packet as it prepared to be sent out on the network, and what happens when that packet is received by the machine that is meant to act on it.