# What is Firewall in Networking

March 24, 2018

The range of network security is very broad. The security in computer networks is a rapidly growing area of concern. Most of the valuable information resides on the network, making network an inevitable entity for survival. Security is optimized by lack of access; connectivity is optimized by complete access. Internet enabled organizations; wireless connectivity and roaming clientage have made network peripheries relatively transparent. With the rapid application and popularization of computer networks, the increase of difficult steps of enterprises and government information digitization, existing enterprise network system structure is increasingly complex. Complex network structure gives a lot of safety concerns; the need for network security is also in rapid increase of the nature of the unprecedented.

### Overview of Firewall

The rapid development of Internet has brought great convenience to people’s life, but at the same time, the Internet is faced with unprecedented threat. Therefore, how to use effective feasible method to make the network risk within an acceptable range is in the attention of more and more people get.

Firewalls are network devices which enforce an organization’s security policy. Firewalls protect a trusted network from an untrusted network by filtering traffic according to a specified security policy. A diverse set of firewalls is being used today. A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls have been a first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.  A firewall can be hardware, software, or both.

Installing a firewall at the network boundary is like aggregating the security at a single point. Firewalls are an important element in the quest to achieve network security for many reasons.

• To protect an internal network and the host.
• The untrusted Zone contains criminals, users from competing companies, ex-employees, espionage from unknown countries etc.
• To stop an attacker from launching DoS attacks on network resources.

### Types of Firewall

Firewalls protect a Network of Computers from being Compromised, Denial of Service and other Attacks from Hackers trying to intrude the network from outside. A Firewall can be in the form of a Hardware or a Software on a Computer, as well. Following are the firewall types in networks.

• Packet Filtering Firewalls
• Circuit Level Gateway Firewalls
• Application level Gateway Firewalls
• Stateful Multilayer Inspection Firewalls

#### Packet Filtering Firewall

• Packet Filtering Firewalls are normally deployed on the Routers which connect the Internal Network to Internet. Packet Filtering Firewalls can only be implemented on the Network Layer of OSI Model.
• Packet Filtering Firewalls work on the Basis of Rules defines by Access Control Lists. They check all the Packets and screen them against the rules defined by the Network Administrator as per the ACLs. If in case, any packet does not meet the criteria then that packet is dropped and Logs are updated about this information.
• Administrators can create their ACLs on the basis Address, Protocols and Packet attributes.

• The Biggest Advantage of Packet Filtering Firewalls is Cost and Lower Resource Usage. Best Suited for Smaller Networks.

• Packet Filtering Firewalls can work only on the Network Layer and these Firewalls do not support Complex rule based models. Also Vulnerable to Spoofing in some Cases.

#### Circuit Level Gateway Firewalls

• Circuit level gateways are deployed at the Session layer of the OSI model and they monitor sessions like TCP three way handshake to see whether a requested connection is legitimate or not.
• Major Screening happens before the Connection is established.
• Information sent to a Computer outside the network through a circuit level gateway appears to have originated from the Gateway. This helps in creating a stealth cover for the private network from outsiders.

• Circuit level gateways are comparatively inexpensive and provide Anonymity to the private network.

• Circuit level Gateways do not filter Individual Packets. After Establishing a Connection, an Attacker may take advantage of this.

#### Application level Gateway Firewalls

• Application level gateways work on the Application layer of the OSI model and provide protection for a specific Application Layer Protocol. Proxy server is the best example of Application Level Gateways Firewalls.
• Application level gateway would work only for the protocols which is configured. For example, if we install a web proxy based Firewall than it will only allow HTTP Protocol Data. They are supposed to understand application specific commands such as HTTP:GET and HTTP:POST as they are deployed on the Application Layer, for a Specific Protocol.
• Application level firewalls can also be configured as Caching Servers which in turn increase the network performance and makes it easier to log traffic.

#### Stateful Multilayer Inspection Firewall

• Stateful multilayer Inspection Firewall is a combination of all the firewalls that we have studied till now.
• They can filter packets at Network layer using ACLs, check for legitimate sessions on the Session Layers and they also evaluate packets on the Application layer (ALG).
• Stateful Multilayer Inspection Firewall can work on a transparent mode allowing direct connections between the client and the server which was earlier not possible.
• Stateful Multilayer Inspection firewall can also implement algorithms and complex security models which are protocol specific, making the connections and data transfer more secure.

### Characteristics of the Firewall

The main characteristics of the firewall protection include the following:

• #### Different protection levels based on the location of the computer

When your PC connects to a network, the firewall applies a security level in accordance with the type of network. If you want to change the security level assigned initially, you can do this at any time through the firewall settings.

• #### Protection of wireless networks (Wi-Fi)

This blocks intrusion attempts launched through wireless networks (Wi-Fi). When an intruder attempts to access, a pop-up warning is displayed that allows you to immediately block the attack.

It specifies which programs installed on your computer can access the network or the Internet.

• #### Protection against intruders

It prevents hacker attacks that try to access your computer to carry out certain actions.

• #### Blocks

The firewall can block the access of the programs that you specify should not be able to access the local network or the Internet. It also blocks access from other computers that try to connect to programs installed on your computer.

### References

[1] Jing Li, “The Research and Application of Multi-Firewall Technology in Enterprise Network Security”, International Journal of Security and Its Applications Vol. 9, No. 5 (2015), pp. 153-162

[2] Kamara, Seny, Sonia Fahmy, Eugene Schultz, Florian Kerschbaum, and Michael Frantzen. “Analysis of vulnerabilities in internet firewalls.” Computers & Security 22, no. 3 (2003): 214-232.

[3] “Firewall and types”, available online at: https://supportforums.cisco.com/t5/security-documents/firewall-and-types/ta-p/3112038

$${}$$