Firewall

Organisations or personal users both have information that they don't want others (mostly malicious users) to see. Cryptogrpahy and encryption is one way to secure the data while transmission  but this is sometimes not enough because cracker can find way to hack into your system and steal it. So, we need some kind of a guard who makes sure that this doesn't happen. Firewall is such an electronic security guard.

In more technical terms, a firewall is a program or a device that filters the information from the Internet that is coming to your private network or computer. Its basic role is to protect the network so that nothing private goes out and nothing malacious comes in the network, same applies for a host based firewall(single computer). Firewall can be implemented at both hardware and software levels.

Firewall Capabilities:

  1. They are mostly instlled on the gateways of a private network which provides a point for filtering the kind of data that comes in or leaves the network.
  2. By using firewall access control policies you can filter the traffic on the basis of IPs and port numbers.
  3. It can allow or disallow (the users) access to certain services.

Firewall Limitations:

  1. If some of the services are allowed to bypass firewall then a firewall can't protect against attack on such services.
  2. A gateway firewall can't protect against an attack on the internal network from an inside system. One can use host based firewalls to prevent such attacks.
  3. If all your firewall does is just packet filtering then it can't filter application specific packets and hence can't protect you against such attacks.

Types of firewall

1) Packet filters (also known as network layer based firewalls).

These are probably the earliest and still a pretty popular model of firewall. Even though they name is network layer firewall, they actually filter packets on the set of access rules provided by the sys admin on  both IP and TCP headers. Usually the positive access rules are provided i.e. we tell the firewall in the form of a few rules who and what is permitted and the rest of the traffic that don't follow these rules will be discarded or blocked.

There are 2 types of Network layer firewall:

  1. Stateless firewall - Such type of firewalls don't keep track of the state of the connection. They consider each packet as a separate and isolated. So, these firewall don't know if a packet is already a part of the connection, is trying to initiate a connection or is some random(could be malicious) packet. This type is prone to IP spoofing and other similar attacks.
  2. Stateful firewall - A stateful firewall keeps the track of the existing connections b/w the internal and the external system. In this way, it doesn't consider each packet a completely new one. It can directly allow access to packets which are part of an existing connection thus increasing the packet filtering speed and reducing the load on the server.

Most operating systems have a built in firewall. You can additionally install an additional firewall in the form of a software.


Why do we need Firewall Security?
Remote Login
Application backdoors
SMTP session hijacking
Viruses
Spam
Redirects loops

Proxy server - It can also acts as a firewall by responding to input packets via connection request in same manner as an application and block insecure packets.