Cyber Security Expo
 
What is a Firewall? A high level explanation of firewall technologies and their features by B. Scott Wilson on 05/09/02

What You’ll Learn

  • The definition of a firewall
  • The three main firewall technologies
    • The purpose of the main firewall technologies in the industry

  • The definition of network address translation (NAT)
    • The purposes of using network address translation

  • Where to find more information about firewalls


Firewall Definition

A system or group of systems designed to preventunauthorized access to a network, a system, or group of systems.
Purpose is to divide the world into two or more networks which exist at various security levels
– A “DMZ” network
– A secured zone
– An insecure zone, etc.


Firewall Technologies

Packet filtering
– 1st generation technologies
– Examples are routers

Application Proxy
– 2nd generation technologies
– Examples are SOCKS, Metaframe

Stateful Inspection
– 3rd Generation technologies
– Examples are Check Point FireWall-1, Cisco PIX

Packet Filters

  • Purpose is to filter traffic based on packet content, such as IP address or protocol type
  • Examines a packet at the network layer
    – Application independent
  • Delivers good performance and scalability.
  • Least secure type of firewall - they are not application aware
    – Cannot understand the context of a given communication (e.g. cannot read the contents of a packet)

Application Layer Gateways

  • Examines all application layers, bringing context information into the decision process.
  • Every client/server communication requires two connections
    – First connection is from the client to the firewall
    – Second connection is from the firewall to the server
  • Proxies are application dependant, making scalability and support for new applications a problem
    – Exception is SOCKS, which is a generic proxy which supports any TCP or UDP application

Stateful Inspection

  • Provides the highest level of security possible
  • Provides full application-layer awareness without breaking the client/server model
  • Extracts the state-related information required for security decisions from all application layers and maintains this information in a dynamic state table for evaluating subsequent connection attempts.
  • Provides a highly secure solution
  • Maximum performance, scalability, and extensibility.


Network Address Translation

  • Known by the acronym NAT
  • Used to change the source IP, destination IP, or both
  • NAT is used for many reasons:
    – A known shortage of IP addresses
    – Ease and flexibility of network administration
    – Security needs regarding Internet communications

NAT Modes

  • 1-to-1 NAT
    – Used to translate either the source or destination IP address, one for one
    – Requires a mapping table to indicate which translation address belongs to which physical address
  • NAT-hide
    – All traffic on one network can “hide” behind an interface of a NAT device
    – Often used in conjunction with a private addressing scheme (e.g., an RFC1918 network)


An example of Network Address Translation


References

Vicomsoft Resource Knowledge Base - http://www.vicomsoft.com/knowledge/reference/
RFC 1631 - The IP Network Address Translator (NAT)
InterHack.net’s Firewalls FAQ - http://www.interhack.net/pubs/fwfaq/
PhoneBoy’s FireWall-1 FAQ - http://www.phoneboy.com/
DeathStar’s Firewall Security website - http://www.deathstar.ch/security/fw1/
SecurityPortal.com’s Enterprise Firewall documentation - http://securityportal.com/firewalls/enterprise/
Check Point FireWall-1/VPN-1 - http://www.checkpoint.com/products/firewall-1/

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.