• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Types of Firewalls

Firewalls are categorized as different types based on how they deal with network traffic and the layer of the OSI model at which they operate (if you need a refresher on the OSI model, take a look back at Chapter 5, “Network Protocols: Real and Imagined”). The higher the layer of the OSI model at which the firewall operates, the more sophisticated the firewall. Here are some specifics:

  • Packet filter firewall. This type of firewall uses a set of rules to determine whether outgoing or incoming data packets are allowed to pass through the firewall. The rules or filters designed to control the data traffic allowed by the firewall can be based on the IP address of the sending device and the particular port being used by the protocol that originated the data packet. A packet filter firewall moves data quickly and is the simplest type of firewall. It operates at the Data Link and Network layers of the OSI model. A router that uses access lists (rules for allowing or disallowing connections based on IP addresses) to filter data traffic can be considered a packet filter firewall.

  • Circuit-level firewall. This type of firewall is similar to the packet filter firewall (in that it filters packets based on a set of rules), but because circuit-level firewalls operate at the Transport layer of the OSI model, they have greater functionality. A circuit-level firewall can make packets sent from the internal network to a destination outside the firewall appear as if they originated at the firewall. This helps to keep information relating to hosts on the internal network secret. Circuit-level firewalls also can determine whether a connection between a network host and a computer on the other side of the firewall using the TCP protocol has been established appropriately (see Chapter 5 for more about TCP). If the connection has not been established appropriately, the firewall can terminate the connection. This cuts off any connection that has been hijacked by an outside attacker trying to sneak past the firewall.

  • Application-gateway firewall. This type of firewall operates at the Application layer of the OSI model. Application gateways use strong user authentication to verify the identify of a host attempting to connect to the network using a particular TCP/IP Application layer protocol such as Telnet or FTP. This type of firewall can also actually control the devices that an external host can connect to once the firewall has authenticated that particular user. Application gateways are even effective against IP spoofing (discussed earlier in the chapter) because they do not allow the connection to proceed inside the firewall unless the user can truly be authenticated to the network.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint