A firewall is an appliance, or software running on a computer, which inspects network traffic passing through it, and after inspecting the traffic it denies or permits the traffic passage based on a set of rules. Basically a firewall operates between the networks of different trust levels such as an internal network which is a zone of higher trust and an external network which is a zone with no trust. A zone with intermediate trusted level zone situated between internal and external network is Demilitarized zone (DMZ).
A Firewall is a program or hardware device that protects the resources of a private network from users of the others networks. A firewall acts as a wall around the network that allows only authenticated users to access network resources, and it restricts attackers form entering the networks by denying them access. Today, most organizations rely heavily on firewalls for their internal security. A firewall without proper configuration is worthless
Generation of Firewall
Packet Filter: First Generation
Packet filters act by inspecting the “Packets” which represent the basic unit of data transfer between computers on the Internet. If a packet matches the packet filter’s set of rules, the packet filter will drop (silently discard) the packet, or reject it (discard it, and send “error responses” to the source).
This type of packet filtering pays no attention to whether a packet is part of an existing stream of traffic (it stores no information on connection “state”). Instead, it filters each packet based only on information contained in the packet itself (the information can be like the packet’s source and destination address, its protocol, and, for TCP and UDP traffic, the port number and no packets contents (data)is actually inspected).
The problem with this type of firewall is that it stores no information on connection “state”.
Stateful Filters: Second Generation
Second Generation firewalls in addition regard placement of each individual packet within the packet series. This technology is generally referred to as a Stateful firewall as it maintains records of all connections passing through the firewall and is able to determine whether a packet is either the start of a new connection, a part of an existing connection, or is an invalid packet. Though there is still a set of static rules in such a firewall, the state of a connection can in itself be one of the criteria which trigger specific rules. This type of firewall can help prevent attacks which exploit existing connections, or certain Denial-of-service attacks.
Application Layer: Third Generation
This type of firewall operates at Application Layer. It uses various proxy servers to proxy the traffic instead of routing it on network. As this firewall operates on Application Layer it can inspects the contents of the traffic and based upon the view of the administrator for the inappropriate contents, such as certain websites, viruses, attempts to exploit known logical flaws in client software (such as web applications), and so forth the firewall allows or blocks the traffic through it.
This firewall does not route the traffic within the network but it proxy the traffic and if the traffic is clean only then the proxy server insatiate a connection for that traffic otherwise the proxy server drops that traffic as all traffic stops at the firewall which may initiate its own connections if the traffic satisfies the rules.
Types of Firewalls
Network Layer and Packet Filters
Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set.
Network layer firewalls generally fall into two sub-categories,
· Stateful Firewalls
· Stateless Firewalls
Stateful firewalls maintain context about active sessions, and use that “state information” to speed packet processing. Any existing network connection can be described by several properties, including source and destination IP address, UDP or TCP ports, and the current stage of the connection’s lifetime (including session initiation, handshaking, data transfer, or completion connection).
If a packet does not match an existing connection, it will be evaluated according to the rule-set for new connections. If a packet matches an existing connection based on comparison with the firewall’s state table, it will be allowed to pass without further processing.
Means when a new packet comes then this type of firewall inspects that packet to check whether it is a new packet and allows that packet towards it destination if that packet fulfill the criteria made by the administrator of the organization listed within the rule-sets of the firewall. If the packet is already a part of some previous connection then the firewall allows that packet to pass through without being inspected.
Stateless firewalls require less memory, and can be faster for simple filters that require less time to filter than to look up a session. Hence these firewalls operate fast than that of the Stateful firewall as these firewalls have no concept of a session. However, they cannot make more complex decisions based on what stage communications between hosts have reached.
Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, netblock of originator, domain name of the source, and many other attributes.
Case-1: In most firewall implementations, it is relevant to allow a response to an internal request for information.
Source Destination-> 1023 Source Port-> Any Destination Address->10.10.10.0 Destination Port->Any Action->Allow
Case-2: Generally it is good to allow all internal traffic out.
Source Destination->10.10.10.0 Source Port-> Any Destination Address-> Any Destination Port -> Any Action->Allow
Case-3: Example of firewall rule for SMTP, allows packets governed by this protocol to access local SMTP Gateway (10.10.10.6).
Source Destination->Any Source Port-> Any Destination Address-> 10.10.10.6 Destination Port -> Any Action->Deny
Application Layer Firewall
This type of firewall operates at Application Layer. It uses various proxy servers to proxy the traffic instead of routing it on network. As this firewall operates on Application Layer it can inspects the contents of the traffic and based upon the view of the administrator for the inappropriate contents, such as certain websites, viruses, attempts to exploit known logical flaws in client software( such as web applications), and so forth the firewall allows or blocks the traffic through it.
If the computer is not protected when the user connects to the Internet, hackers can gain access to personal information from the computer. They can install code on the computer that destroys files or causes malfunctions. They can also use user’s computer to cause problems on other home and business computers connected to the Internet.
A firewall places a virtual barrier between the computer and hackers, who might seek to delete information from the computer, make it crash, or even steal personal information.
A firewall helps to screen out many kinds of malicious Internet traffic before it reaches to the user’s system. Using a firewall is important no matter how the user connects to the Internet — dial-up modem, cable modem, or digital subscriber line (DSL or ADSL).
The firewall serves as the primary defense against a variety of computer worms that are transmitted over the network. It helps to protect the computer by hiding it from external users and preventing unauthorized connections to the computer
For home users, a firewall typically takes one of two forms:
Personal firewall - specialized software running on an individual Computer.
Hardware firewall – a separate device designed to protect one or more computers.
If user is having a home network, it is recommended that he should have both types of firewall installed i.e. hardware firewall at the router and personal firewall at each system using that network.
But if the user is using a stand-alone PC only, then it is recommended that he should have at least a personal firewall installed on the PC.
Installing Personal Firewalls
A Personal firewall or desktop firewall is a software program that provides primary defense mechanism for the desktop computer connected to the internet.
The firewall acts like a guard, who checks everybody entering or going out of the home and based on some prior knowledge allows or disallows the people.
Once the personal firewall is being installed, it is continuously running in the background, watching out all the incoming and outgoing traffic. Simultaneously it reports to the user by giving a pop-up about the program which is trying to access the internet or conversely trying to access the user’s system.
Users should be exceptionally careful when allowing a particular program or file through the firewall and have to be very considerate about which file is used by which particular program.
Configuring Windows XP Firewall Settings
Start–>Settings–> Control Panel
Search for Windows Security Center. Open the Security center. This should appear similar to that shown in the screen below. If the recommended settings are in place the entries should appear green. If any of the security essentials are inactive, then they will appear in red.
Ensure that the Firewall is enabled by click on the Windows Firewall icon in ‘Manage security setting’ situated at the bottom. This will open the Windows Firewall dialog box as shown below.
It is important that On (recommended) is selected to ensure that unwanted incoming connections to your computer are automatically blocked. At this point your computer should remain updated and protected from incoming connections.