Tuesday, October 1, 2013
Firewalls in computer systems are either software based or hardware based. But they have the same purpose of keeping a control over the incoming as well as the outgoing traffic.
In this article we discuss about how the network is secured by the firewalls.
- This control is maintained through the analyzation of the data packets.
- After analyzation, the firewall’s work is to determine whether to allow these packets to pass or not.
- This decision is taken based up on some set of rules.
- With this set of rules, a barrier is established by the firewall between the external network that is not considered as secure and trusted and the internal network which is secure and trusted.
- Most of the personal computer’s operating systems come with a built-in software based firewall for providing protection against the threats from external networks.
- Some firewall components might also be installed in the intermediate routers in the network.
- Also some firewalls have been designed to perform routing as well.
There are different types of firewalls which function differently.This classification of the firewalls is based up on the place where the communication is taking place i.e., whether at the network layer or the application layer.
Packet filters or network layer:
- Firewalls used at the network layer are often termed as the packet filters.
- This firewall operates at low level of the protocol stack of the TCP/ IP and so does not allow the packets to pass through it unless they satisfy all the rules.
- These rules might be defined by the administrator of the firewall.
- These firewalls can also be classified in to two categories namely the stateless firewalls and the state-ful firewall.
- The former kind use less memory and operates faster in the simple filters, thus taking less time for filtering.
- These firewalls are used for filtering the stateless network protocols i.e., the protocols which do not follow the session concept.
- These firewalls are not capable of making complex decisions based up on the state of the communication.
- The latter kind maintains the context of the active sessions.
- This state info is used by these firewalls for speeding up the packet processing.
- A connection is described using any of the properties such as the UDP or TCP ports, IP addresses and so on.
- If a match is found between an existing connection and the packet, it is allowed to pass.
- Today firewalls have capabilities of filtering the packets based up on attributes like IP addresses of source and destination hosts, protocols, originator’s netblock, TTL values and so on.
Application layer Firewalls:
- Firewalls of this type work on the TCP/ IP stack’s application level.
- All the packets traveling in and out of the application are intercepted by this firewall.
- This leads to blocking of the other packets also.
- Firstly, all the packets are inspected for any malicious content for preventing the outspread of the Trojans and worms.
- Some additional inspection criteria might be used for adding some extra latency to the packet forwarding.
- This firewall determines whether a given connection should be accepted by a process.
- This function is established by the firewalls by hooking themselves in to the socket calls for filtering the connections.
- These application layer firewalls are then termed as the socket filters.
- There way of working is somewhat similar to the packet filters except that the rules are applied to every process rather than connections.
- Also, the rules are defined using the prompts for those processes that have not been provided with a connection.
- These firewalls are implemented in combination with the packet filters.