Firewall:
- Firewalls are used to prevent unauthorized Internet users from accessing private networks connected to the Internet. All data entering or leaving the intranet pass through the firewall, which examines each packet and blocks those that do not meet the specified security criteria.
- Firewalls examine all the data packets passing through them to see if they meet the rules defined by the ACL (Access Control List) made by the administrator of the network. Only if the Data Packets are allowed as per ACL, they will be transmitted over the Connection.
- Firewalls are configured to protect against unauthenticated interactive logins from the outside world. This helps prevent hackers from logging into machines on your network. Firewalls are essential since they provide a single block point, where security and auditing can be imposed.
- The purpose of the Firewall is to protect a private network from the threats of hackers coming from the Internet (a public network). Firewall can filter contents on the basis of Address, Protocols, Packet attributes, State, and it’s generally only Screen the Packet headers.
Capabilities and limitations of firewall:
The capabilities and limitations of firewalls are as follows:
Capabilities:
- A firewall defines a single choke point that blocks malicious traffic. The use of a single choke point simplifies security management because security capabilities are consolidated on a few points.
- A firewall is an excellent location for monitoring security-related events. Audits and alarms can be implemented on the firewall system.
- A firewall is a convenient platform for several internet functions that are not security related. 4. A firewall can serve as a platform for IPSEC.
Limitations
- It cannot protect against attacks that by-pass the firewall.
- It may not protect against internal threats when an insider collaborates with an outside adversary. An attacker may be able to break into network by completely bypassing the firewall, if he can find a ``helpful'' insider who can be fooled into giving access to a modem pool.
- Firewalls cannot protect against tunneling over most application protocols. For example, firewall cannot protect against the transfer of virus-infected programs or files.
Types of Firewalls:
- There are three common types of firewalls, the packet-filtering router, the Application- Level Gateway, and the Circuit-Level Gateway.
- A packet-filtering router examines the packets and decides whether they could flow through. An application level gateway works as a proxy server and examines the traffic at the application layer.
- A circuit level gateway simply establish two different connections, one with the server, and one with the client outside the network, and forward TCP packets.
Packet-filtering Router:
- A packet filter Firewall blocks or forwards packets based on the transport and network layer addresses and protocols. It is typically set up as a list of rules based on matches of fields in the IP or TCP header.
- A packet-filtering router has a set of rules. It checks each packet against these rules and decides whether they can go through. The rules could be based on the following parameters:
- Source IP address.
- Destination IP address.
- Source and destination transport-level address.
- IP protocol field.
- Interface.
- Thus, for instance, such a firewall may have a rule that only the packets having a specific destination address will go through. When it checks that a packet does not have the destination address, it will reject the packet.
- There is certainly the possibility that a packet does not match any of the rules. In this case there could be two approaches: the firewall will either by default accept the packet or reject the packets.
- Packet-filtering is an intuitive concept for a firewall. Such a router is relatively simple.
Advantage:
- The biggest advantage of Packet filtering firewalls is cost and lower resource usage and best suited for smaller networks.
- Packet-filtering firewalls provide a reasonable amount of protection for a network with minimum complications. Packet-filtering rules can be extremely intuitive and thus easy to set up.
- Packet-filtering firewalls also tend to have the least negative effect on the throughput rate at the gateway compared with other types of firewalls.
- They also tend to be the most transparent to legitimate users. If the filtering rules are set up appropriately, users obtain their required access with little interference from the firewall.
Disadvantage:
- Packet Filtering Firewalls can work only on the Network Layer and these Firewalls do not support Complex rule based models. And it’s also Vulnerable to Spoofing in some cases.
- Packet filtering is not sufficiently fine-grained to block specific application commands. All the traffic intended for an application will be flowed through or blocked. We can allow certain interactions with an application and block others.
- They may also lack remote administration facilities that can save considerable time and effort.
Application-level Gateway:
- Application level gateways firewalls work on the Application layer of the OSI model and provide protection for a specific Application Layer Protocols. Proxy server is the best example of Application Level Gateways Firewalls.
- An Application Gateway blocks or forwards packets based on the information in the application layers.
- Application level gateway, also called a Proxy Server acts as a relay of application level traffic.
- Users contact gateways using an application and the request is successful after authentication. The application gateway is service specific such as FTP, TELNET, SMTP or HTTP.
- Application level firewalls can also be configured as Caching Servers which in turn increase the network performance and makes it easier to log traffic.
Advantages:
- Application inspection firewalls can prevent more kinds of attacks than stateful firewalls can.
- For example, application inspection firewalls can stop an attacker from trying to set up a virtual private network (VPN) tunnel (triggered from inside the network) through an application firewall by way of tunneled HTTP requests.
Circuit Level Gateway:
- Circuit level gateways firewalls are deployed at the Session layer of the OSI model and they monitor sessions like TCP three way handshake to see whether a requested connection is legitimate or not.
- Circuit-level gateway can be a standalone or a specialized system. It does not allow end-to-end TCP connection; the gateway sets up two TCP connections.
- Once the TCP connections are established, the gateway relays TCP segments from one connection to the other without examining the contents.
- The security function determines which connections will be allowed and which are to be disallowed.
Advantage:
- Circuit level gateways are comparatively inexpensive and provide anonymity to the private network.
Disadvantage:
- Circuit level Gateways do not filter Individual Packets. After establishing a Connection, an Attacker may take advantage of this.
- The task of modifying all clients to make them aware of the proxy mechanism is potentially costly and time-consuming.
- In addition, SOCKS has several limitations. Most implementations of SOCKS are deficient in their ability to log events.
- Furthermore, SOCKS neither supports strong access authentication methods nor provides an interface to authentication services that could provide this function.
Stateful multilayer Inspection firewall:
- It is a combination of all the firewalls. They can filter packets at Network layer using ACLs, check for legitimate sessions on the Session Layers and they also evaluate packets on the Application layer (ALG).
Advantages:
- Stateful Multilayer Inspection Firewall can work on a transparent mode allowing direct connections between the client and the server which was earlier not possible.
- It can also implement algorithms and complex security models which are protocol specific, making the connections and data transfer more s