Irrespective of our profession we have all encountered the term “firewalls” in our life. We are all glued to our laptops or mobile devices and are constantly engaged in business or personal conversations all the time. These digital and electronic conversations will sooner or later bring the malicious part of the Internet into play. We come across viruses/malicious traffic/ worms/phishing scams all out to steal our personal and business information. Firewalls are a type of countermeasure to stop these elements.
What are firewalls?
Firewalls are used to protect the home network or business network from scrupulous and malicious elements. They are primarily used to shield a personal or business network from the bad traffic of the Internet. They can also be used within an organization to prevent one department from accessing the resources of another department. A firewall is popularly referred to as the “chokepoint” within a network. There are “software based firewalls” and “appliance based firewalls”. The most common type of firewall that most of us encounter in our personal life is the software based firewall.
Software based firewall:
When it is a software based firewall, it is configured with a set of “rules”. The basic concept before configuring software based firewalls is “Deny all, add as needed”. Rules are written for FTP servers, web servers, telnet servers to name a few services.
One important point to note when working with firewalls is to align firewalls with the “security policy” of an organization. A policy stating that certain services or ports must be avoided or what IP address must be restricted must be strictly adhered to when configuring a firewall.
Types of firewalls:
According to the NIST 800-10 document, firewalls are divided into
- Packet filtering firewall
- Stateful firewall
- Proxy firewall
We will discuss the packet filtering firewall and stateful firewall in this post.
Packet filtering firewall:
The packet filtering firewall is a first generation firewall and it works at the network layer. In packet filtering, the source and destination addresses of the packets, protocols are checked and the packet is either allowed to pass or denied entry into the network. Packet filtering firewall’s greatest disadvantage is that it cannot look deep inside the packet and only checks the header of each packet. If there are vulnerabilities present in the application itself, it will not be caught by this type of firewall.
The disadvantage of the packet filtering firewall enables us to find alternative solutions such as the stateful firewall. The stateful firewall is a third generation firewall. It works at the network and transport layers. The stateful firewall holds information such as IP addresses ,ports and state information (such as TCP or UDP connections) and various other attributes in a “state table”. The incoming and outgoing packets are examined and the information is stored in dynamic state tables. Filtering decisions are made on security rules as well as on the context of previous connections in the state table. (https://en.wikipedia.org/wiki/Stateful_firewall)
The disadvantage with the stateful firewall is the overhead that is associated with creating and maintaining the state table. The state tables are also subject to denial of service attacks.
We have seen firewalls, the need for them and the different types of firewalls in this post. We will explore yet another security concept in the next post. Stay tuned!