No one can deny the fact that the dynamic rise of the Internet has brought the world closer. But at the same time, it has left us with different kinds of security threats. To ensure the confidentiality and integrity of valuable information of a corporate network from outside attacks, we must have some robust mechanism. This is where the Firewall comes into the picture.
It can be compared with a security guard standing at the entrance of a minister’s home. He keeps an eye on everyone and physically checks every person who wishes to enter the house. It won’t allow a person to enter if he/she is carrying a harmful object like a knife, gun, etc. Similarly, even if the person doesn’t possess any banned object but appears suspicious, the guard can still prevent that person’s entry.
The firewall acts as a guard. It guards a corporate network acting as a shield between the inside network and the outside world. All the traffic in either direction must pass through the firewall. It then decides whether the traffic is allowed to flow or not. The firewall can be implemented as hardware and software, or a combination of both.
Packet Filters –
Packet filter firewall
- It works in the network layer of the OSI Model. It applies a set of rules (based on the contents of IP and transport header fields) on each packet and based on the outcome, decides to either forward or discard the packet.
- Packet filter firewall controls access to packets on the basis of packet source and destination address or specific transport protocol type. It is done at the OSI (Open Systems Interconnection) data link, network, and transport layers. Packet filter firewall works on the network layer of the OSI model.
- Packet filters consider only the most basic attributes of each packet, and they don’t need to remember anything about the traffic since each packet is examined in isolation. For this reason, they can decide packet flow very quickly.
- Example: Filter can be set to block all UDP segments and all Telnet connections. This type of configuration prevents outsiders from logging onto internal hosts using Telnet and insider from logging onto external hosts using Telnet connections.
Application Gateways –
Application level gateway
- Application-level gateway is also called a bastion host. It operates at the application level. Multiple application gateways can run on the same host but each gateway is a separate server with its own processes.
- These firewalls, also known as application proxies, provide the most secure type of data connection because they can examine every layer of the communication, including the application data.
- Example: Consider FTP service. The FTP commands like getting the file, putting the file, listing files, and positioning the process at a particular point in a directory tree. Some system admin blocks put command but permits get command, list only certain files, or prohibit changing out of a particular directory. The proxy server would simulate both sides of this protocol exchange. For example, the proxy might accept get commands and reject put commands.
It works as follows:
Step-1: User contacts the application gateway using a TCP/IP application such as HTTP.
Step-2: The application gateway asks about the remote host with which the user wants to establish a connection. It also asks for the user id and password that is required to access the services of the application gateway.
Step-3: After verifying the authenticity of the user, the application gateway accesses the remote host on behalf of the user to deliver the packets.
Difference :
| Packet filter | Application-level |
|---|---|
| Simplest | Even more complex |
| Screens based on connection rules | Screens based on behaviour or proxies |
| Auditing is difficult | Activity can audit |
| Low impact on network performance | High impact on network performance |
| Network topology can not hide | Network topology can hide from the attacker |
| Transparent to user | Not transparent to the user |
| See only addresses and service protocol type | Sees full data portion of a packet |