Understanding the Different Classes of Firewalls

For the enforcement and the tight control of security and the flow of traffic within and given network or between networks, the firewall is one very important piece of software and also hardware that is entrusted with these functions. An understanding of how the firewall is able to achieve its functions through the capabilities a firewall is able to provide. These are the capabilities which determine the type of firewall to be sourced to meet a certain and specific set of security needs.

Most of the firewalls will work through the packet filtering method which is one of the most effective methods of implementing security for the network through validation of data packets. The validation of the data packets is usually based on a number of factors which are the destination and the source internet protocol (IP) addresses, protocol, type of service, the source and the destination ports and port numbers, the differentiate services code point, the time range and a host of other parameters associated with the internet protocol header. These criteria are usually tested and matched for all individual packets so as to guarantee or deny these packets. This packet filtering comes about or rather is implemented through the use access control lists (ACL) which are found on switches and routers. The ACl has the advantage of being very fast when coupled with the application specific integrated circuit. Having seen these features of the packet filtering firewalls, the most obvious strong point for this type of firewall is that it is most common and can be found in about every component of the network. The packet filtering firewall is found in switches and routers as mentioned earlier, the wireless access points, the virtual private network aggregators are other devices on the network which use this type of firewall. The downside with the packet filtering firewall is that it is static and has been exploited by hackers who channel suspicious traffic through the TCP 80 port which grants unobstructed access.

The proxy firewalls also called the application firewalls work on a more complex model which can be explained by the Open System interconnection (OSI). This model seeks to explain the   transmission  of information from one computer to another application on a second computer. The information is passed through layers to make sure security is not compromised. The information according to the OSI model is passed through seven different layers starting with the application layer (7th layer) which is usually the interface in the form of programs used on the computer. The next layer is the presentation layer which is the translator between systems and converts the application layer information to a format acceptable to various different systems. Encryption is done in this layer.

The session layer is the fifth and manages service requests between computers. The transport layer provides reliable ordering and communication of data by preparing the data for delivery to the network  transmission  control protocol. The third layer is the network layer at which data is referred to as packet and this layer is responsible for routing and IP addressing. The data link layer handles the reliability of data which at this point is referred to as a frame. Finally, the first layer is the physical layer which is now composed of the devices which we can see as well as their electrical characteristics. The application firewalls work at layer seven which is the application layer just as the name suggests and they give a buffer often acting on behalf of a client. It is also patches easily in case vulnerabilities are identified. The only disadvantage is that they are slow in the manner that they handle data and traffic.

The next type of firewall is the reverse proxy firewall which will work in a similar manner to the application firewall. The difference lies in that the reverse proxy firewalls are deployed for the servers and not clients as in the case of application servers. The effectiveness of this firewall lies in the reverse proxy understanding how the application behaves and the intelligence to do away with problems like the buffer overflow.

A last form of firewall is the packet inspection firewall which takes care of session information and is even able to perform deep packet inspection to enforce compliance and scan for viruses all the time making sure that operation speed is superb.

These are the basic types of firewalls and which are chosen dependent on security needs and on to which many features have been added by different security vendors to make them better adapted for use.