Skip navigation.
Home

Firewall

A firewall is a component of a network, which is designed to block unauthorized access while permitting authorized communications and data-exchange. It may consist of a single device or set of devices configured to permit or deny, encrypt or decrypt, or proxy all (in coming and out going) computer traffic between different security domains based upon a set of rules and other criteria.
 
A typical firewall implementation diagram.

There are different types of Firewalls one can use. One can implemented a Firewall using either hardware or software, or a combination of both. 
 
For business operations, most of the business organisations are compelled to connect their private networks to Internet. To prevent unauthorized Internet users from accessing private networks connected to the Internet, Firewalls are used. There are many organisations who run intranets together with Internet where the need of a Firewall is specially felt. All messages entering or leaving the network pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.
 
One may find several vendors who are ready to offer services related to Firewall building. One must look for a solution which will provide maximum security and the will be easy to maintain or administer, and finally will be least visible to end users.
 
One may insist on 'certification of a firewall' from the vendor. The 'certification of a firewall' establishes the fact that the firewall can be confirgured in such a way that it can pass a series of recommended tests.
 
Different types of firewall implementation:
 
There several techniques used for Firewall implementation. Some of the common techniques are:
 
Packet filter
 
Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
 
Application gateway
 
Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose performance degradation.
 
Circuit-level gateway
 
Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
 
Proxy server
 
Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.