Firewalls are one of the first security protocols implemented in the network and in computers. Developed in the late 80s, it has become the standard security measure for network administrator as well as for private individuals.
Firewalls are essentially an application that filters content which is being transmitted. Network administrators can set the parameters as to what will be accepted and transmitted. Although it could be used in different settings, firewalls are basically used to protect computers and other devices from intrusion and hacking.
Firewalls also provides security in the sense that it provides proxy for communication. With the use of a proxy, the identity of the network or computer will remain unknown as a single identity could be used as a tool in attacking the computer.
Intrusion and IPS
In a network setting, firewall goes hand in hand with IPS or Intrusion Prevention System. This simple protocol could be used in a network for filtering and controlling the flow of information. However, IPS is only limited to attacks that identify themselves as one. On the other hand, firewalls are used in a network to screen the information that tries to enter from the outside. It is also used to prevent outside information and application to extract the sensitive information from the network.
The Need of a Firewall
Understand the need for a firewall requires understanding of the dangers of an external communication. Everyday, hackers around the world are creating something new and devising schemes so that they could enter the computer and hack the network. Because of the internet, these schemes could be easily implemented and hack the network or computer in no time. However, these attacks require that the network or computer identify itself to the attacker. Without the information, the hacking tool will never have any idea who to attack.
Since most attacks cover themselves as a website or a user friendly application, users would tend to provide them information as this is the only way users will be able to use their services. But instead of providing them with the right information, a separate or proxy information is used. Hackers may have some information but it is not the right information.
Stronger firewalls will also have the ability to provide information as to how the information is streamlined. Through this, network administrators could detect the source of intrusion. The intrusion might be external but it still triggered from the inside. With the use of the firewall, the transfer of data is detected so that additional security measures if necessary will be made.
Components of a Firewall
Content Filtering – One of the most powerful features of a firewall is the ability to protect the user from outside intrusion through e-mails, attachments and other content related information. This is however, a fairly new feature in firewalls but this feature is available almost any firewall available in the market today. With this ability, Trojans, spam e-mails, unknown activeX programs and even file names that are not in terms with the set parameters will be blocked through firewalls.
Proxy – Network administrator use proxies as a tool for security with a price. Since it adds another host which will divert network attacks, it practically slows down execution of the application. When proxy is properly implemented, it builds another layer of security to the server. Proxy provides another host to the attack so that it will concentrate on something that does not actually exist. The use of proxy also uses IP as its identification tool instead of a name so that it will never be identified and ultimately attacked.
Packet Filtering – This security measure is very ideal when the network wants to protect itself from DoS type of attacks. Packet filtering also identifies the sources of the application and creates the necessary blocks before it could be admitted to the system. Packet filtering also helps network administrators control the incoming flow of information from the outside. DoS (Denial of Service) comes from the fact that hackers concentrate service request that looks legitimate but in the end, its main goal is to cripple the server to a halt. With a firewall, network administrators could control how much information is being requested at the same time and if possible, queue the request of information.
Selecting the Right Firewall
There are hundreds and thousands of firewalls in the market today. However, determining them is very easy. It all comes down to the network activity of the users. If users are restricted from internet access, simple firewalls could be implemented. It is even possible for some network developers to build firewalls without any extra cost. However in larger business setting, no cost is too small as network attacks could mean a crippling halt for the company if there are no firewalls installed as a precautionary protocol.
Firewall and Architecture
In an age where more and more people are using the Internet for business and entertainment, it has become more important than ever before to use firewalls to block others from accessing your system. Without a good firewall, your computer is fair game to hackers.
However, not all firewalls are created equal, and before you go out and purchase one, it is important to learn about them. Firewalls can be broken down into two categories, and this is hardware firewalls and software firewalls. One myth that you may have heard people say is that "hardware firewalls are a lot more powerful than software firewalls."
The truth of the matter is that hardware firewalls are not necessarily more powerful than software firewalls. Some hardware firewalls do not have the necessary security patches, and the reason for this is because the process of re-imaging ASIC chips (which contain the OS for the firewall), is far too challenging for many network administrators. At the same time, some administrators add security patches to multi-use operating systems and the firewall software. A firewall which is well designed, like ISA 2004 for example, will prevent network traffic which is disallowed prior to the OS processing it.
This means that it will basically get rid of the OS as an attack vector. One thing that I should also note is that as technology continues to advance, the line which exists between the hardware and software firewalls has become more blurred. The reason for this is because many companies are now selling firewalls which use elements of both physical firewalls and their software counterparts. The distinction basically continues to become much less clear. When you’re looking to purchase a firewall, one thing that you should always consider is the protection of Layer 7.
The Protection of Layer 7
The standard firewalls which function at the Layers 3 and 4 within the OSI(Open System Interconnect) model are not capable of protecting your system against the latest attacks, and the reason for this is because they will not inspect the traffic that is present in the application Layer, also known as Layer 7. Many firewall companies have addressed this problem by making use of application layer filtering. When this inspection is made, the firewall will take one packet, or it may also structure multiple packets which comprise application traffic, and will make certain decisions based on this traffic.
The application layer firewall can also be responsible for the security of traffic which uses FTP. FTP will utilize a specific connection among the client and server, and it can negotiate an additional connection for the actual transfer of data. The application support will allow the firewall to analyze these control connections, and it will also allow the additional connection to utilize the port that both the client and server agreement on. In the past, most firewalls used Layers 3 or 4, but they are not very efficient against the newest attacks.
Hackers eventually figured out that many of the rules which comprise these older firewalls will allow them to transmit traffic to an internal network, so long as their tools made use of port 80 as the primary source port. Due to these weaknesses, any good firewall today will not be totally dependent on packet filtering. An inspection of the circuit level was made to find ways to bypassing the weaknesses that are prevalent in firewalls that make use of Layers 3 or 4. The stateful firewalls will be responsible for analyzing all the connections that are made between systems, rather than one IP packet.
Shopping for a Firewall
When you go shopping for a firewall, you may notice that many vendors use marketing terms such as "Layer 7 filtering" on their products. They may also use the term "Application Intelligence." Despite the ways in which this term is used, the application layer filtering plays an important role in contemporary firewalls, and you will not want to be without it. In fact, the application layer abilities of a firewall should play an important role in your decision to buy it. Purchasing a firewall can be challenging since different vendors will have different views on what they consider to be application layer filtering.