What Is a Firewall – Answered

What Is a Firewall

What Is a Firewall?

What is a firewall? A firewall is basically any component (software or hardware) that restricts the flow of network traffic. This is a sufficiently broad definition to allow for all of the various ways people have chosen to implement firewalls. Some firewalls are notoriously limited in capability and others are extremely easy to use. The question of “what is a firewall” has evolved over time as the capabilities of firewalls have increased.

Within the realm of firewalls there are many different ways to restrict network traffic. Most of these methods vary in the level of intelligence that is applied to the decision-making process. For example, to permit or deny traffic based on which network device is the sender or recipient, you would use a packet-filtering firewall. In reality, even the simplest packet-filtering firewalls can typically make decisions based on the source Internet Protocol (IP) address, the destination IP address, and the source and/or destination port number. While this type of firewall may sound overly simplistic, consider the case where you have a server running a web site for use on the Internet. In all likelihood, the only traffic that you need to allow to the server uses a destination port of TCP (Transmission Control Protcol) 80 or 443. As a result, you could configure your firewall to permit only that traffic. Because the server is available for the Internet, you can’t filter traffic based on the source address or source port, which will be different for each connection.


The primary drawback with a simple packet filter is that the packet filtering firewall has to rely on very primitive means to determine when traffic should be allowed (e.g. synchronous [SYN] or acknowledgement [ACK] bits being set). While this was adequate in the early data of the Internet when security was not as big of a concern, it won’t work anymore. It is trivial to set the bits on the packet using freely available software to make the traffic look like it is a reply to another connection.

What Is a Firewall: Stateful Firewalls (Second Generation)

Thus the stateful inspection firewall was born of necessity. Developed initially at AT&T Bell Laboratories in 1989-90, this type of firewall performs the work of their first-generation predecessors but operates up to layer 4 (transport layer) of the OSI model. It monitors all connections (inbound or outbound), and as the connection is permitted (based on the firewall’s rules), it enters the connection into a table. When the reply to this connection comes back, even if the reply uses a port that the firewall was not previously configured to permit, it can intelligently realize the traffic is a response to a permitted session and permit the traffic.

Unfortunately, even as the firewalls get better, so do the methods hackers use to circumvent them. Suppose you have configured your firewall perfectly and there are no holes: every permitted port is one you expressly want to allow. Using the previous example, no traffic is allowed to the web server except web traffic. This sounds like a solid policy, but the problem is even if the firewall is completely secure, the server might not be. Flaws in the web server software could allow the attacker to send the server an HTTP request that is 10,000 characters long, overflowing the buffers and allowing the attacker to execute the code of his choice. The packets used to transport the 10,000-character HTTP request are all legal TCP packets as far as the firewall is concerned: therefore, it would permit them to pass through to the web server. The next step in firewall evolution serves to combat this type of attack: application gateways, or layer 7 firewalls. The first transparent application level firewall was Gauntlet, an outgrowth of Toolkit, developed by Marcus Ranum, Wei Xu, and Peter Churchyard.

What Is a Firewall: Application Layer Firewalls (Third Generation)

This type of firewall not only filters network traffic based on the standard network parameters, but they also understand the higher layer protocol information contained within the packet. In this example, the firewall would be looking for HTTP requests. The firewall knows what a legitimate HTTP request looks like and can out a malformed or malicious request even though, from a network perspective, it might otherwise be a permitted packet. There is a down side to this type of approach: the firewall must be programmed with all the same intelligence needed to filter normal traffic, plus the firewall must fully understand the protocols it is inspecting. This means additional programming for any protocol you want the firewall to understand. Most of the major commercial application gateways offer support for the major protocols such as HTTP, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP).

Generally speaking, you can find many free varieties of firewalls that perform some type of stateful inspection. Application layer gateways are not really available for free. In reality, few organizations have the funds to use application gateways extensively. One ramification of not using an application gateway is that you need to ensure that the service that is exposed to untrusted traffic is configured as securely as possible and that the server itself is hardened against attack. Keeping the service patches up-to-date will help reduce the odds that an application-level attack will be successful.


External Links for “What Is a Firewall – Answered”:

Firewall (computing) at Wikipedia

What Is a Firewall at Indiana University Information Technology Services Knowledge Base

What Is a Firewall at searchsecurity.techtarget.com

What Is a Firewall? at Netgear Support

Be Sociable, Share!

Speak Your Mind

*

© 2013 David Zientara. All rights reserved. Privacy Policy