What is Firewall ?
A firewall is a network security device that monitors outgoing and incoming network traffic and protects the internal network by filtering the traffic / packets based on the pre-defined security rules.
Why Firewall is needed & how Firewall works ?
Today security has become one of the main concerns as Internet has become part of our daily life, be it browsing and accessing the websites, or be it using mobile for accessing apps. for shopping or using Internet in small office or in enterprise data centre where multiple websites & applications are hosted.
It is deployed between internal and external network with a purpose to act as barrier gate to block unwanted/malicious traffic based on IP Address, protocol, port, etc.
Example: Firewall can have a rule which can prevent the access to website from a specific IP address. In bigger / enterprise network, firewall is also placed between different internal network such as between User LAN and Server Farm to add security from respective user segment.
Different variant of Firewall
Firewall comes in both the variants, hardware appliance based, and software based. Both have their own flexibility & challenges. Based on our requirement, budget, flexibility and other factors we can decide which fits better in our requirement.
Types of Firewall
Although Firewall can be segregated in multiple types but majorly firewall are of three types
1. Stateless or Packet Filtering Firewall
2. Stateful Inspection Firewall
3. Application or Proxy Firewall
– Stateless or Packet Filtering Firewall
Packet is referred as data in Network Layer of OSI Model. Stateless or Packet Filtering Firewall will analysis each packet individually using pre-defined set of rules when its attempting to enter the network. It will not consider the trend of the data which is being send or entered through Firewall. If the packet matches the set of rules, it will pass the traffic to the destination else it will be dropped.
Advantages of Stateless or Packet Filtering Firewall
1. Stateless or Packet firewalls perform very fast.
2. Stateless Firewall are cheaper compare to Stateful & other firewalls
Disadvantages of Stateless or Packet Filtering Firewall
1. Stateless or Packet firewalls are not considered as very secure as they don’t do internal inspection of packet.
2. They don’t store any state information
3. Does not support user authentication for connection.
Stateful Inspection Firewall
Instead of doing the analysis of each packet like stateless firewall, stateful firewall keeps certain key attributes of each connection in a database of trusted information for each session. Firewall will determine their connection state first & then it applies the firewall rule, rather than applying the same to each individual packet. If the same is matching it will be allowed else the same will be discarded. Stateful Firewall inspection is a newer method of firewall filtering. Stateful firewall operates of Network, Transport & Session Layer of OSI Model
Advantages of Stateful Inspection Firewall
1. Maintain the state of the connection.
2. Can prevent multiple kinds of DOS attacks
3. To allow communication large range of ports is not required.
Disadvantages of Stateful Inspection Firewall
1. Cannot prevent application layer attacks.
2. All protocols don’t contain state information.
3. Maintaining state information involves additional overhead
4. Does not support user authentication for connection.
– Application or Proxy Firewall
Application Firewall is also referred as Proxy Firewall and this operates at Application Layer of OSI Model. This does everything like stateful Firewall, but it also does analyse of the actual data content of packet. This acts as intermediator between source machine and destination , hence prevent a direct connection between local machine with outside network which adds additional layer to protect your network. Instead of allowing the traffic directly, the proxy firewall first establishes a connection to the source of the traffic and inspects the incoming data packet and perform deep-layer packet inspection & checking the content of the packet for malware. Once the inspection is competed and packet is approved same is passed to destination.
Advantages of Application Firewall
1. Support user authentication for connection.
2. Tough for hacker for spoofing and doing DoS attacks.
3. Monitoring & filtering can be done at application level.
4. Provides detailed logging.
Disadvantages of Application Firewall
1. They process packets in software.
2. Limited number of applications are supported by these Firewalls.
3. In some cases, client/agent software is required to be installed
Frequently Asked Questions :
Q. Packet Filtering firewall operates at which OSI Layer ?
A: Packet Filtering or Stateless Firewall operates at Network Layer of OSI Model.
Q. How to decide which type of Firewall is best for our setup?
A: Each type of firewall is having its own pros & cons. Consider those and the budget & level of security is required once can decide.
Q: Which Firewall is better – Hardware Appliance based or Software based?
A : Feature wise both operates in same way. Hardware Appliance based firewall are easy & can be deployed in any network instantly as it doesn’t not require any other platform. Software based firewall is having flexibility in term of scalability or upgradation but is deployed as virtual machine in Virtualization platform such as Hyper-V or ESXi, etc.
Q: Can or should we deploy more than one Firewall for additional Security ?
A: Yes we can deploy multiple firewalls in different zones to have additional security & limiting / segregating the risk.
Q: Can firewall be hacked ?
A : Yes this can be hacked but by following best practices & reviewing necessary logs it can be restricted.
Q: How does a firewall protect a network ?
A: Firewall is deployed between internal network & external network (Internet) which acts as barrior gate and monitors and prevents the unwanted /malicious traffic.