Types of Firewalls

Updated: March 18, 2010

Some of the most powerful firewall software on the market is designed to run on an ordinary computer — probably a dedicated server if you're securing a large network. Other firewall software is designed to run on proprietary hardware that you have to buy along with the software, turning the bundle into a "security appliance." As a general rule, appliances are faster, easier to install and operate — and also more expensive. But there's no guarantee that an appliance will do a better job than a software-only firewall. Software firewalls tend to be more flexible, and it's easier to upgrade the hardware it's running on.

Network-Level Firewalls

The first generation of firewalls (c. 1988) worked at the network level by inspecting packet headers and filtering traffic based on the IP address of the source and the destination, the port and the service. Some of these primeval security applications could also filter packets based on protocols, the domain name of the source and a few other attributes.

Network-level firewalls are fast, and today you'll find them built into most network appliances, particularly routers. These firewalls, however, don't support sophisticated rule-based models. They don't understand languages like HTML and XML, and they are capable of decoding SSL-encrypted packets to examine their content. As a result, they can't validate user inputs or detect maliciously modified parameters in an URL request. This leaves your network vulnerable to a number of serious threats.
 

Circuit-Level Firewalls

These applications, which represent the second-generation of firewall technology, monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on specified session rules and may be restricted to recognized computers only. Circuit-level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets.
 

Application-Level Firewalls

Recently, application-level firewalls (sometimes called proxies) have been looking more deeply into the application data going through their filters. By considering the context of client requests and application responses, these firewalls attempt to enforce correct application behavior, block malicious activity and help organizations ensure the safety of sensitive information and systems. They can log user activity too. Application-level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address.

If that sounds too good to be true, it is. The downside to deep packet inspection is that the more closely a firewall examines network data flow, the longer it takes, and the heavier hit your network performance will sustain. This is why the highest-end security appliances include lots of RAM to speed packet processing. And of course you'll pay for the added chips.
 

Stateful Multi-level Firewalls

SML vendors claim that their products deploy the best features of the other three firewall types. They filter packets at the network level and they recognize and process application-level data, but since they don't employ proxies, they deliver reasonably good performance in spite of the deep packet analysis. On the downside, they are not cheap, and they can be difficult to configure and administer.

Featured Research
  • Video Conferencing

    For many, the mere mention of video conferencing brings about bad memories of conference rooms full of people staring at a screen with dodgy sound, fuzzy images, and broken connections. What if we were to tell you that over the past decade, video conferencing solutions have evolved to where they are affordable to businesses of every size and have evolved beyond just the standard boardroom. Today, 74% of B2C marketers and 94% of B2B marketers use video in their marketing efforts. more

  • EHR Implementation

    More and more medical practices are selecting and implementing electronic health records (EHR) than ever before. In fact, statistics show that the number of practices who have purchased an EHR has doubled in just three years. That being said, many practices fail to prepare for their new EHR and thus do not gain the full benefits that come with implementing a solution. more

  • Selecting the Right EHR for Your Practice

    The purchase and implementation of an electronic health record (EHR) system is no small feat and is a big step for a practice, small or large, to take. Selecting your new EHR is one of the most important decisions that you will make for your practice. more

  • 8 Ways Business Travelers Can Save with VoIP

    Do you or any part of your workforce travel for work, or even telecommute? If that answer is yes, then you should be utilizing mobile VoIP. With VoIP, businesses have been found to save as much as 40% on local calls and a whopping 90% on international calling expenses. more

  • Top 10 Contact Center Tools for an Unforgettable Customer Experience

    It should come as no surprise that consumers have only increasingly become less and less brand loyal in the modern age. In fact, 89% of them have switched brands within the last year due to a poor customer experience. One of the major steps to preventing this customer churn is to invest and invest heavily into improving your customers' experience. Now the major question to ask yourself is, "of all the contact center tools available, what are the ones that I should be utilizing for my business?" more