Firewalls in computer systems are either software based or hardware based. But they have the same purpose of keeping a control over the incoming as well as the outgoing traffic.
In this
article we discuss about how the network is secured by the firewalls.
- This
control is maintained through the analyzation of the data packets.
- After
analyzation, the firewall’s work is to determine whether to allow these packets
to pass or not.
- This decision is taken based up on some set of rules.
- With this
set of rules, a barrier is established by the firewall between the external
network that is not considered as secure and trusted and the internal network
which is secure and trusted.
- Most of the personal computer’s operating systems
come with a built-in software based firewall for providing protection
against the threats from external networks.
- Some firewall components might also
be installed in the intermediate routers in the network.
- Also some firewalls
have been designed to perform routing as well.
There are different types of firewalls which
function differently.This classification of the firewalls is based up on the
place where the communication is taking place i.e., whether at the network
layer or the application layer.
Packet filters or network
layer:
- Firewalls used at the network layer are often termed as the packet
filters.
- This firewall operates at low level of the protocol stack of the
TCP/ IP and so does not allow the packets to pass through it unless they
satisfy all the rules.
- These rules might be defined by the administrator
of the firewall.
- These firewalls can also be classified in to two
categories namely the stateless firewalls and the state-ful firewall.
- The
former kind use less memory and operates faster in the simple filters,
thus taking less time for filtering.
- These firewalls are used for
filtering the stateless network protocols i.e., the protocols which do not
follow the session concept.
- These firewalls are not capable of making
complex decisions based up on the state of the communication.
- The latter
kind maintains the context of the active sessions.
- This state info is used
by these firewalls for speeding up the packet processing.
- A connection is
described using any of the properties such as the UDP or TCP ports, IP
addresses and so on.
- If a match is found between an existing connection
and the packet, it is allowed to pass.
- Today firewalls have capabilities
of filtering the packets based up on attributes like IP addresses of
source and destination hosts, protocols, originator’s netblock, TTL values
and so on.
Application layer Firewalls:
- Firewalls of this type work on the TCP/ IP stack’s application level.
- All
the packets traveling in and out of the application are intercepted by
this firewall.
- This leads to blocking of the other packets also.
- Firstly, all the packets are inspected for any malicious content for preventing the
outspread of the Trojans and worms.
- Some additional inspection criteria
might be used for adding some extra latency to the packet forwarding.
- This
firewall determines whether a given connection should be accepted by a
process.
- This function is established by the firewalls by hooking
themselves in to the socket calls for filtering the connections.
- These
application layer firewalls are then termed as the socket filters.
- There
way of working is somewhat similar to the packet filters except that the
rules are applied to every process rather than connections.
- Also, the rules
are defined using the prompts for those processes that have not been
provided with a connection.
- These firewalls are implemented in combination
with the packet filters.
No comments:
Post a Comment