A firewall is a device or software running on a device that inspects network traffic and allows or blocks traffic based on a set of rules.
The following table explains different firewall types:
|Packet filtering||A packet filtering firewall makes decisions about which network traffic to allow by examining information in the IP packet header such as source and destination addresses, ports, and service protocols. A packet filtering firewall: Operates up to OSI layer 3 (Network layer). Uses access control lists (ACLs) or filter rules to control traffic. Offers high performance because it only examines addressing information in the packet header. Can be implemented using features that are included in most routers. Is not very intelligent, thus it is subject to DoS and buffer overflow attacks. Is a popular solution because it is easy to implement and maintain, has a minimal impact on system performance, and is fairly inexpensive. A packet filtering firewall is considered a stateless firewall because it examines each packet and uses rules to accept or reject each packet without considering whether the packet is part of a valid and active session.|
|Stateful||The stateful inspection firewall (also known as circuit-level proxy or gateway) makes decisions about which traffic to allow based on virtual circuits or sessions. The firewall is considered stateful because it keeps track of the state of a session. A stateful inspection firewall: Operates up to OSI Layer 5 (Session layer). Keeps track of known connections and sessions in a session table (also referred to as a state table). Allows only valid packets within approved sessions. Verifies that packets are properly sequenced. Ensures that the TCP three-way handshake process occurs only when appropriate. Can filter traffic that uses dynamic ports because the firewall matches the session information, and not the port numbers, for filtering. In general, stateful inspection firewalls are slower than packet filtering firewalls; although if only the session state is being used for filtering, a stateful inspection firewall can be faster after the initial session table has been created.|
|Application||An application layer firewall (also referred to as an application level gateway or proxy) makes security decisions based on information contained within the data portion of a packet. An application level gateway: Operates up to OSI Layer 7 (Application layer). Stops each packet at the firewall and inspects it; therefore, there is no IP forwarding. Inspects encrypted packets, such as in SSL inspection. Examines the entire content (not just individual packets). Understands or interfaces with the application-layer protocol. Can filter based on user, group, and data such as URLs within an HTTP request. Is the slowest form of firewall because entire messages are reassembled at the Application layer. A proxy server is a device that stands as an intermediary between a secure private network and the public and is a specific implementation of an application level firewall. With a proxy, every packet is stopped and inspected at the firewall which causes a break between the client and the source server. Proxies can be configured to: Control both inbound and outbound traffic. Increase performance by caching heavily accessed content. Content is retrieved from the proxy cache instead of being retrieved from the original server. Filter content. Shield or hide a private network. Restrict access by user or by specific Web sites. Allows inspection of encrypted packets such as SSL inspection.|
Be aware of the following for managing firewalls: