The Essential Guide to Firewalls
Firewalls play a central role in IT security, standing between enterprise networks and the outside world to protect computers, applications and other resources from external attack.
While there are several types of firewalls, the technology can be broadly defined as a collection of related security programs that are stored on a network gateway server and collectively safeguard network assets from users on other networks.
While all firewalls run software, the firewall market itself is split into two general categories: hardware and software. Hardware firewalls are dedicated security appliances on which security software is preinstalled, typical on a proprietary OS. Software firewalls, on the other hand, can usually be installed on any available server that is equipped with a general-purpose network OS such as Windows or Linux. Businesses usually select firewalls on the basis of needs and preferences that are unique to each company. Common considerations include: the firewall architecture (hardware or software), the number of concurrent firewall sessions required, the range and types of external access required, the type and number of VPN (virtual private network) protocols needed, the number of concurrent VPNs that require protection, the preferred kind of management user interface (command line, graphical or Web-based), and the need for high-availability features. Firewall prices can range from less than $100 for a basic, no-frills software product that is designed to protect a home or small-business network, to $20,000 and more for an industrial-strength hardware appliance that is engineered to safeguard enterprise resources.
Since no two business networks are alike, vendors offer many different types of firewall approaches (both hardware- and software-based) that are designed meet specific customer needs. The fundamental approaches can be separated into packet-filtering, circuit-level and application-level categories. Packet-Filtering Firewalls: In its most basic form, a firewall does nothing but filter packets. This means that the firewall accepts or rejects IP packets on the basis of predefined rules. With packet filtering, the firewall carefully scrutinizes each packet's protocol and address information; content and context data are not considered. The main advantages of packet-filtering firewalls are their relative simplicity, low cost, and fast and easy deployment attributes. Software-only firewalls for home and small business are typically of this variety, including the firewall that is built in to more recent versions of Windows. Circuit-Level Firewalls: This type of firewall doesn't simply accept or reject packets, it also decides whether a connection is valid according to a set of configurable rules. If everything checks out, the firewall opens a session and allows traffic to flow in only from the authenticated source. The traffic may also be permitted to proceed for only a limited period of time. In addition, the firewall may perform connection validation on the source IP address and/or port, the destination IP address and/or port, the protocol used, user IDs, passwords, the time of day or, most likely, several of these conditions. In addition, packet-level filtering may also take place. The big drawback to circuit-level firewalls is that they function at the transport layer and therefore may necessitate a significant modification of the transport-function programming. This can impact the performance or operation of a network. Also, circuit-level firewalls require more expertise to install and maintain. Application-Level Firewalls: With this approach, the firewall acts as an application proxy, supplying all data exchanges with the remote system. The idea behind this concept is to make the server behind the firewall invisible to the remote system. An application-level firewall can accept or reject traffic based on a specific set of rules. The firewall may, for example, allow some commands to proceed to a server while rejecting others. The technology can also be used to restrict access to specified file types, as well as to provide different access levels to authenticated and non-authenticated users. Application-level firewalls tend to be preferred by users who require detailed traffic monitoring and logging on the host, since the addition of these activities is relatively simple and doesn't further impact performance. IT administrators can set an application-level firewall to trigger alarms and notifications in the event that a predefined condition occurs. Application gateways are typically deployed on a separate network-connected computer, commonly called a proxy server Stateful Multilevel Firewalls: Typically offered by vendors as "best-of-breed" solutions, this approach aims to combine the best attributes of multiple firewall types. Stateful multilevel firewalls are designed to perform network-level packet filtering while recognizing and processing application-level data. These firewalls often provide superior network protection but can be very expensive.
Most firewall vendors offer an array of add-on features that are designed to provide capabilities that extend well beyond basic firewall services. Such features include anti-virus protection, content filtering, intrusion prevention, and activity and usage reporting. Given the rapidly changing pace of network security, it's a good idea for a business to purchase a product that it can easily upgrade for enhanced performance and to accommodate new capabilities.
Contact Us for more details on Firewalls and IT Security