Firewalls are placed to protect and restrict access to sensitive or valuable computing and network resources. Firewalls control access between two or more network connections through the use of security policies composed of rules which either allow, deny or log network packets as they transit the device. Firewalls also may provide secure remote access technologies such as secure shell or Virtual Private Networking over IP Sec tunnels.
Firewalls come in several forms: appliances, computers and software.
Firewall applicances may have dedicated chipsets for processing network packets and crunching through encryption at maximum speed. Firewall appliances are typically less expensive, but less flexible as the capabilities are either stored in flash and or built into dedicated chips. Upgrades may require replacing the appliance itself.
Computers running as firewalls may be running a vendor's proprietary security software to manage and control network access, or be a Linux computer running iptables.
Finally, there is firewall software which may be installed on an ordinary computer to protect it from network access, such as the firewall built into every copy of Microsoft Windows. It is always wise to have some sort of firewall protecting desktop computers from the Internet.
Conceptually, a firewall will have at least one 'outside' and one 'inside' zone, and possibly a 'demilitarized' zone (DMZ). Each zone is served by a separate network interface or sub-interface connected to a VLAN. Inside and outside are defined by whether the interface serves the network being protected (inside) or the unprotected network (outside). Traffic flow between zones in either direction is filtered in order to control and block access to the protected network from outside systems and resources. Difficulties arise when two devices separated by a firewall attempt to communicate, and the firewall's policies are not configured to permit the communication.
In network diagrams, a firewall is usually represented by a red brick wall, often with flames.
The top manufacturers of firewalls and security devices include Cisco, NetScreen / Juniper, Symantec, CheckPoint, Barracuda, BlueCoat, Infoblox to name just a few.
Firewall Types
- Hardware Based Firewall
- Software Based Firewall
Firewall Features
- Policy-Based Access Control
- Packet Filtering
- Network Address Translation
- Proxy
- Encryption
- Tunnelling
- Virtual Private Networking
- Failover
Firewall Characteristics
- STATEFUL vs. STATELESS
- RULES BASED vs. POLICY BASED
- PACKET INSPECTION vs. PACKET FILTERING
- STATEFUL PACKET INSPECTION
- PROXIES
- Network Address Translation (NAT/NAT with Overload)
- Virtual Private Networking (VPN)