Architecturally, a firewall can be software, hardware, or a combination of software and hardware.
software firewall
Software firewalls are installed separately on individual devices. It provides more granular control as you can allow access to an app or feature and block others. However, it can be expensive in terms of resources as it uses the CPU and RAM of installed devices and requires administrators to configure and manage them for each device individually. Also, not all devices within an intranet are compatible with a single software firewall and multiple firewalls may be required.
hardware firewall
A hardware firewall, on the other hand, is a physical device, each with its own computing resources. It acts as a gateway between your internal network and the Internet, holding data packets and traffic requests from untrusted sources outside your private network. Physical firewalls are great for organizations with many devices on the same network. It blocks malicious traffic long before it reaches the endpoint, but does not provide security against insider attacks. Therefore, a combination of software and hardware firewalls can provide the best security for an organization's network.
Four types of firewalls
Firewalls are classified by how they work, and they can be installed as any type of software or physical device. There are four types of firewalls, depending on how they work.
1. Packet Filtering Firewall
Packet filtering firewalls are the oldest and most basic type of firewall. Data packets running at the network layer are checked against predefined rules for source IP and destination IP, protocol, source port, and destination port to determine whether a packet is forwarded or dropped. Packet filtering firewalls are stateless by default and monitor each packet independently, without tracking established connections or packets that have previously passed through those connections. As a result, the capabilities of these firewalls to protect against advanced threats and attacks are very limited.
Packet filtering firewalls are fast, inexpensive, and effective. However, the security they provide is very basic. These firewalls cannot protect against malicious data packets from trusted source IPs because they cannot inspect the contents of data packets. Because it is stateless, it is also vulnerable to resource redirection attacks and chip attacks. However, despite their minimal functionality, packet filtering firewalls have paved the way for modern firewalls that offer stronger and deeper security.
2. Circuit Level Gateway
Circuit-level gateways operating at the session layer control established Transmission Control Protocol (TCP) connections and monitor active sessions. It is very similar to a packet filtering firewall in that it performs a single inspection and uses minimal resources. However, it operates at a higher layer of the Open Systems Interconnection (OSI) model. First, it determines the security of the established connection. When an internal device initiates a connection with a remote host, a circuit-level gateway establishes a virtual connection to the internal device name, keeping the internal user's identity and IP address confidential.
Circuit-level gateways are cost-effective, simple, and have little impact on network performance. However, since you have no control over the contents of the data packet, it becomes a flawed security solution on its own. With a legitimate TCP handshake, data packets containing malware can easily bypass circuit-level gateways. Therefore, for additional protection, other types of firewalls are often configured over circuit-level gateways.
3. Stateful Firewall
One step ahead of circuit-level gateways, stateful firewalls not only verify and monitor established connections, but also perform packet inspection, providing better and more comprehensive security. It works by creating a state table with source IP, destination IP, source port and destination port when a connection is established. Based on this information, it dynamically creates its own rules to allow expected inbound network traffic, rather than relying on a set of hard-coded rules. Easily drop data packets that do not belong to verified active connections.
A stateful firewall determines which data packets can pass by checking source and destination IPs and legitimate connections. These additional checks provide more security, but can consume a lot of system resources and slow traffic significantly. Therefore, it is vulnerable to distributed denial-of-service attacks (DDoS).
No comments:
Post a Comment