Firewall

What is a firewall?

A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.

In general, there are five types of firewall, they are:

1. packet filtering firewall
2. circuit-level gateway
3. application-level gateway (aka proxy firewall)
4. stateful inspection firewall
5. next-generation firewall (NGFW)

Packet Filtering Firewall

Packet filtering firewalls operate inline at junction points where devices such as routers and switches do their work. However, these firewalls don’t route packets; rather they compare each packet received to a set of established criteria, such as the allowed IP addresses, packet type, port number and other aspects of the packet protocol headers. Packets that are flagged as troublesome are, generally speaking, unceremoniously dropped — that is, they are not forwarded and, thus, cease to exist.

Circuit-Level Gateway

Using another relatively quick way to identify malicious content, circuit-level gateways monitor TCP handshakes and other network protocol session initiation messages across the network as they are established between the local and remote hosts to determine whether the session being initiated is legitimate — whether the remote system is considered trusted. They however don’t inspect the packets themselves. While circuit-level gateways provide a higher level of security than packet filtering firewalls, they should be used in conjunction with other systems. For example, circuit-level gateways are typically used alongside application-level gateways.

Application-Level Gateway

This kind of device — technically a proxy and sometimes referred to as a proxy firewall — functions as the only entry point to and exit point from the network. Application-level gateways filter packets not only according to the service for which they are intended — as specified by the destination port — but also by other characteristics, such as the HTTP request string.

While gateways that filter at the application layer provide considerable data security, they can dramaticaly affect the network performance and can be challenging to manage.

Stateful Inspection Firewall

State-aware devices not only examine each packet, but also keep track of whether or not that packet is part of an established TCP or other network session. This offers more security than either packet filtering or circuit monitoring alone but exacts a greater toll on network performance.

A further variant of stateful inspection is the multilayer inspection firewall, which considers the flow of transactions in process across multiple protocol layers of the seven-layer Open System Interconnection (OSI) Model.

Next Generation Firewall

A typical NGFW combines packet inspection with stateful inspection and also includes some variety of deep packet inspection (DPI), as well as other network security systems, such as an IDS/IPS, malware filtering and antivirus.

While packet inspection in traditional firewalls looks exclusively at the protocol header of the packet, DPI looks at the actual data the packet is carrying. A DPI firewall tracks the progress of a web browsing session and can notice whether a packet payload, when assembled with other packets in an HTTP server reply, constitutes a legitimate HTML-formatted response.

Firewall delivery methods

Firewalls today can be deployed as a hardware appliance, be software-based or be delivered as a service.

Hardware-based firewalls

A hardware-based firewall is an appliance that acts as a secure gateway between devices inside the network perimeter and those outside it. Because they are self-contained appliances, hardware-based firewalls don’t consume processing power or other resources of the host devices.

Software-based firewalls

A software-based firewall, or host firewall, runs on a server or other device. Host firewall software needs to be installed on each device requiring protection. As such, software-based firewalls consume some of the host device’s CPU and RAM resources.

Cloud/hosted firewalls

Managed security service providers (MSSPs) offer cloud-based firewalls. This hosted service can be configured to track both internal network activity and third-party on-demand environments. Also known as firewall as a servcie, cloud-based firewalls can be entirely managed by an MSSP, making it a good option for large or highly distributed enterprises with gaps in security resources. Cloud-based firewalls can also be beneficial to smaller organizations with limited staff and expertise.

How can we help?

Each organization’s threat exposure is different. Based on this, the appropriate solution must be identified. Reflect security helps you to choose the right solution and related product to protect your organization from such threats.

Implementation of best suited firewall, also demands significant setup effort in order to be effective. Reflect Security helps the organization configure appropriate rules and monitor the results for effective usage of your investment in endpoint solutions.

To know more about our services, please contact info@reflectsecurity.com. Also, subscribe to our newsletter to know more about cyber security and the latest trends.