Types of Firewall
Types of Firewall
Types of Firewall:Firewalls fall into four broad categories
- Packet filters
- Circuit level gateways
- Application level gateways
- Stateful multilayer inspection firewalls
Packet Filters:
- Packet filtering firewalls work at the network level of the OSI model, or the IP layer of TCP/IP.
- They are usually part of a router.
- In a packet filtering firewall each packet is compared to a set of criteria before it is forwarded.
- Depending on the packet and the criteria, the firewall can drop the packet, forward it or send a message to the originator.
- Rules can include source and destination IP address, source and destination port number and protocol used.
- The advantage of packet filtering firewalls is their low cost and low impact on network performance.
- This type of firewall only works at the network layer however and does not support sophisticated rule based models.
Circuit Level Firewall
- Circuit level Firewall work at the session layer of the OSI model, or the TCP layer of TCP/IP.
- They monitor TCP handshaking between packets to determine whether a requested session is legitimate.
- Information passed to remote computer through a circuit level gateway appears to have originated from the gateway.
- This is useful for hiding information about protected networks.
- Circuit level firewalls are relatively inexpensive and have the advantage of hiding information about the private network they protect.
- On the other hand, they do not filter individual packets.
Application Level Firewalls:
- Application level firewalls, also called proxies, are similar to circuit-level gateways except that they are application specific.
- They can filter packets at the application layer of the OSI model.
- Incoming or outgoing packets cannot access services for which there is no proxy.
- An application level gateway that is configured to be a web proxy will not allow any ftp, gopher, telnet or other traffic through.
- Because they examine packets at application layer, they can filter application specific commands such as http:post and get, etc.
- This cannot be accomplished with either packet filtering firewalls or circuit level neither of which knows anything about the application level information.
- Application level gateways can also be used to log user activity and logins. They offer a high level of security, but have a significant impact on network performance.
- This is because of context switches that slow down network access dramatically. They are not transparent to end users and require manual configuration of each client computer.
Stateful multilayer inspection firewalls
- Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls.
- They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer.
- They allow direct connection between client and host, reducing the problem caused by the lack of transparency of application level gateways.
- They rely on algorithms to recognize and process application layer data instead of running application specific proxies.
- Stateful multilayer inspection firewalls offer a high level of security, good performance and transparency to end users.
- They are expensive however, and due to their complexity are potentially less secure than simpler types of firewalls if not administered by highly competent personnel.