The Essential Guide to Firewalls

Updated: August 20, 2012

Firewalls play a central role in IT security, standing between enterprise networks and the outside world to protect computers, applications and other resources from external attack.

While there are several types of firewalls, the technology can be broadly defined as a collection of related security programs that are stored on a network gateway server and collectively safeguard network assets from users on other networks.

Firewall Types

While all firewalls run software, the firewall market itself is split into two general categories: hardware and software. Hardware firewalls are dedicated security appliances on which security software is preinstalled, typical on a proprietary OS. Software firewalls, on the other hand, can usually be installed on any available server that is equipped with a general-purpose network OS such as Windows or Linux.

Businesses usually select firewalls on the basis of needs and preferences that are unique to each company. Common considerations include: the firewall architecture (hardware or software), the number of concurrent firewall sessions required, the range and types of external access required, the type and number of VPN (virtual private network) protocols needed, the number of concurrent VPNs that require protection, the preferred kind of management user interface (command line, graphical or Web-based), and the need for high-availability features.

Firewall prices can range from less than $100 for a basic, no-frills software product that is designed to protect a home or small-business network, to $20,000 and more for an industrial-strength hardware appliance that is engineered to safeguard enterprise resources.

Firewall Operation

Since no two business networks are alike, vendors offer many different types of firewall approaches (both hardware- and software-based) that are designed meet specific customer needs. The fundamental approaches can be separated into packet-filtering, circuit-level and application-level categories.

Packet-Filtering Firewalls: In its most basic form, a firewall does nothing but filter packets . This means that the firewall accepts or rejects IP packets on the basis of predefined rules. With packet filtering, the firewall carefully scrutinizes each packet's protocol and address information; content and context data are not considered. The main advantages of packet-filtering firewalls are their relative simplicity, low cost, and fast and easy deployment attributes. Software-only firewalls for home and small business are typically of this variety, including the firewall that is built in to more recent versions of Windows.

Circuit-Level Firewalls: This type of firewall doesn't simply accept or reject packets, it also decides whether a connection is valid according to a set of configurable rules. If everything checks out, the firewall opens a session and allows traffic to flow in only from the authenticated source. The traffic may also be permitted to proceed for only a limited period of time. In addition, the firewall may perform connection validation on the source IP address and/or port, the destination IP address and/or port, the protocol used, user IDs, passwords , the time of day or, most likely, several of these conditions. In addition, packet-level filtering may also take place.

The big drawback to circuit-level firewalls is that they function at the transport layer and therefore may necessitate a significant modification of the transport-function programming. This can impact the performance or operation of a network. Also, circuit-level firewalls require more expertise to install and maintain.

Application-Level Firewalls: With this approach, the firewall acts as an application proxy, supplying all data exchanges with the remote system. The idea behind this concept is to make the server behind the firewall invisible to the remote system.

An application-level firewall can accept or reject traffic based on a specific set of rules. The firewall may, for example, allow some commands to proceed to a server while rejecting others. The technology can also be used to restrict access to specified file types, as well as to provide different access levels to authenticated and nonauthenticated users. Application-level firewalls tend to be preferred by users who require detailed traffic monitoring and logging on the host, since the addition of these activities is relatively simple and doesn't further impact performance. IT administrators can set an application-level firewall to trigger alarms and notifications in the event that a predefined condition occurs. Application gateways are typically deployed on a separate network-connected computer, commonly called a proxy server

Stateful Multilevel Firewalls: Typically offered by vendors as "best-of-breed" solutions, this approach aims to combine the best attributes of multiple firewall types. Stateful multilevel firewalls are designed to perform network-level packet filtering while recognizing and processing application-level data. These firewalls often provide superior network protection but can be very expensive.

Add-Ons

Most firewall vendors offer an array of add-on features that are designed to provide capabilities that extend well beyond basic firewall services. Such features include anti-virus protection, content filtering , intrusion prevention , and activity and usage reporting. Given the rapidly changing pace of network security , it's a good idea for a business to purchase a product that it can easily upgrade for enhanced performance and to accommodate new capabilities.

Related Categories
Featured Research
  • Baselining Best Practices

    IT must ensure new applications are rolled out quickly, reliably, and without risk, while at the same time guaranteeing performance and availability. Read this VirtualWisdom white paper to find out how to achieve application-aligned infrastructure performance, and more. more

  • Next Generation End User Experience Management: APM

    In an era of new technologies and cloud-based application delivery models, your business success depends on your ability to ensure optimal application performance and quality user experiences at all times. This complimentary white paper from AppNeta will enlighten you to the new frontiers in end user experience management and much more. more

  • Optimizing Application Delivery to the Network Edge

    Increasingly, the success of business is being tied to the network. The transformation of the network and IT can help organizations deliver and support highly available applications and services while reacting more quickly to changes in the business environment. In this complimentary white paper from IDC, learn how HP can help its customers and partners improve the overall application experience. more

  • Networking Routers Buyer's Guide for SMB & Enterprise

    This buyer's guide presents an overview of leading products on the market today and aims to improve research for companies needing to purchase or upgrade their equipment. more