TYPES OF FIREWALL
Packet Filtering: Packet filter firewall examines each packet that crosses the firewall and checks the packet according to the set of rules which are defined. If all rules are satisfied with the packet that it is allowed and if not then the packet is rejected.
It is the very least expensive type of firewall. Packet filters work by inspecting the source IP address, destination IP address, a port number assigned to each service.
The decision can be based on factors other than IP header fields such as ICMP message type, TCP SYN, and ACK bits, etc.
Packet filtering rule has two parts:
• Selection criteria − It is used as a condition and pattern matching for decision making.
• Action field − this part specifies an action to be taken if an IP packet meets the selection criteria. The action could be either block (deny) or permit (allow) the packet across the firewall.
Packet filtering is generally accomplished by configuring Access Control Lists (ACL) on routers or switches. ACL is a table of packet filter rules. As traffic enters or exits an interface, firewall applies ACLs from top to bottom to each incoming packet, finds matching criteria and either permit or denies the individual packets. As it is the most common firewall technique it has its own weakness.
One of the biggest weaknesses of packet filtering is that it trusts that the packets themselves are telling the truth when they say who they’re from and who they’re going to. Hackers exploit this weakness by using a hacking technique called IP spoofing, in which they insert fake IP addresses in packets and they send to your network.
Another weakness of packet filtering is that it examines each without considering what packets have gone through the firewall before and what packets may follow. In other words, packet filtering is stateless. In spite of these weaknesses, packet filter firewalls have several advantages also.
Packet filters are very efficient. They hold up each inbound and outbound packet for only a few milliseconds while they look inside the packet to determine the destination and source ports and addresses. After these addresses and ports have been determined, the packet filter quickly applies its rules and either sends the packet along or rejects it.
Packet filters are inexpensive. Most routers include built-in packet filtering
Stateful Packet Inspection: Stateful firewalls can watch traffic streams from end to end. They are aware of communication paths and can implement various IP Security (IPsec) functions such as tunnels and encryption. In technical terms, this means that stateful firewalls can tell what stage a TCP connection is in (open, open sent, synchronized, synchronization acknowledges or established). It can tell if the MTU has changed and whether packets have fragmented. etc. Stateful firewalls are better at identifying unauthorized and forged communications
Circuit Level Gateway: A circuit-level gateway manages connections between clients and servers based on TCP/IP addresses and port numbers. After the connection is established, the gateway doesn’t interfere with packets flowing between the systems.
SOCKS(RFC 1928) refers to a circuit-level gateway. It is a networking proxy mechanism that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side without requiring direct IP reachability. The client connects to the SOCKS server at the firewall. Then the client enters a negotiation for the authentication method to be used and authenticates with the chosen method.
The client sends a connection relay request to the SOCKS server, containing the desired destination IP address and transport port. The server accepts the request after checking that the client meets the basic filtering criteria. Then, on behalf of the client, the gateway opens a connection to the requested untrusted host and then closely monitors the TCP handshaking that follows.
The SOCKS server informs the client, and in case of success, starts relaying the data between the two connections. Circuit level gateways are used when the organization trusts the internal users and does not want to inspect the contents or application data sent on the Internet.
Application Level Gateway:
Application level gateway firewall systems are more advanced in terms of its features and working in compare to packet filtering or stateful packet inspection or circuit level gateway. It treats all the packets as equal level or equal priority. Application gateway firewall system knows the details that which application has generated these packets.
In addition to that application level gateway is also worked as proxy servers. A proxy server is a server that sits between the client machine and server machine. The proxy server will intercept the packet and will identify that the packets that are intended for the server machine or not and then it process them.
For eg: web proxies are often stores the copies of the commonly used web pages in their local cache memory. When a user requests to access such pages which are present in the local cache memory that proxies itself reply to the user request, which in turns is very effective for the faster response. If it does not have the copy of the webpage it passes the request to the server machine.
Application level gateway is aware of the details, how a server machine handles TCP/IP requests and sequence of packets. So they can easily identify if the incoming packet is legitimate or fake or is part of an attack.
Application level gateway is more costly in terms of the price and cost of configuration and maintaining them. Application level gateway can slow down the network as it checks every packet in the deep which takes more time to process the packet before allowing them in or out of the network.
Firewall with Demilitarized Zone(DMZ): The term DMZ originally arrives from the military where an area between two territories, military operations are prohibited.Similar way, many organizations are facing is how to enable or allow to access to legitimate services of their organization to public services. While considering that not to compromise any other services of the organization. To achieve this the typical approach is to use a firewall to achieve the DMZ.
It will help to maintain and improve the security of the organization, by segregating the devices and machines on the opposite sides of the firewall. DMZ will act as a small and isolated network established between that internet and private network.
Some of the important functions of the DMZ are:
• All the traffic that goes in and out is inspected.
• Resources inside the DMZ are under continuous security monitoring to save them from being compromised from external cyber attack.
• It acts as a protective boundary for the private network
Subscribe on YouTube - NotesWorld
For PDF copy of Solved Assignment
Any University Assignment Solution
.webp)
