Firewall

A firewall in an information technology context controls and limits network traffic to and from specific network locations based on an administered set of rules. A firewall is usually a combination of hardware and software. A firewall controls network traffic which may attempt to pass into different zones of trust.

Typically a firewall will control traffic between a trusted zone (private network), untrusted zone (the internet) and a semi-trusted zone (DMZ). The firewall blocks or prevents some communication (network traffic) going between zones based on the rule set programmed into it by the firewall administrator. The firewall will allow some network traffic and prevent other traffic based on the rules.

Firewalls limit remote access to specific parts of an operating system or programs running on the system. Firewalls may block incoming data which attempts to connect to an application or exploit a vulnerability. Firewalls block many of the possible methods used to break into a computer without permission. Firewalls can help stop hackers, viruses, worms, and trojans. Firewalls may also block spyware from contacting the spying entity.

Firewalls may also be called packet filters or border protection devices.

There are several types of firewalls which vary widely in complexity and the network layers they operate at. There are two main types of firewalls including;

  1. Network firewall - Used to protect the boundary of a network for a corporation or organization. It protects many computers by filtering traffic to several network zones based on rules set by an administrator. Network firewalls are mainly used as a means to protect an organization's internal network from those on the outside (internet). It is used to keep outsiders from gaining information to secrets or from doing damage to internal computer systems. Firewalls are also used to limit the access of individuals on the internal network to services on the internet along with keeping track of what is done through the firewall.
  2. Personal firewall - Personal firewalls filter network traffic for a single computer. Personal firewalls are usually purchased to protect home computers against attacks on the internet. Personal firewalls filter network traffic based on the application that is using it. They can be configured to allow application programs to access the internet as a client or to allow an application to act as a server on the internet. An application acting as a server on the internet is not normal for most personal computers and should usually be investigated.

Of the network firewall type there are several categories including:

  1. Packet filtering firewalls - A packet filtering firewall filters packets based on its rules which govern what IP address and port numbers are allowed to pass through. It will consider both source and destination addresses and ports. This type of firewall works at the network and transport layers of the OSI network model.
  2. Circuit level gateways - This type of firewall looks at the state of sessions going through the firewall to filter traffic based on session rules and whether the packet is associated with a legitimate session. A circuit level gateway does not filter traffic by packets and IP port and address.
  3. Application level gateways - These firewalls filter traffic based on the application that is sending traffic or receiving traffic. These usually protect a single computer and also provide filtering based on sessions similar to circuit level gateways. This type of firewall filters at the application level of the internet network model.
  4. Stateful multilayer inspection firewalls - This type of firewall provides packet filtering, session state tracking, and evaluate data at the network layer to filter network traffic and determine whether to pass or drop traffic. This is the most expensive and complicated firewall type. Generally this firewall type is very secure but must be properly configured by a skilled administrator to be effective. This type of firewall works at the network, transport, and application layers of the TCP/IP network model.