Kennisbank

Gemaakt 13 jun. 2002
Bijgewerkt 13 mei 2007

A firewall is a system designed to reinforce the Security of the data flowing between two Networks, the Internal Network and the outside Network. There are several ways to accomplish this but most firewalls use two or more of the following methods as none of them alone provides adequate security.

Packet Filtering:
Works at the Internet protocol layer and enables you to accept, reject or drop packets based on IP Address, Ports or Protocols. Packet filters perform these duties based on a set of configurable rules called Policies. Packet filtering is the original and the most basic type of firewalling and most routers provide packet filtering. Disadvantages of packet filtering however are:

• Address information on a packet can potentially be spoofed or falsified.
• The data contained in allowed packets can't be checked so they ultimately may contain exploits.
• Packet filters can't provide application level or user level authentication.
• Once a particular protocol is allowed to pass, external hosts can establish a direct connection to hosts on the Internal Network using that protocol. It could therefore expose the private Network configuration to everyone outside of the Network and reduce Network security.

The advantage of Packet filters is that they are very fast and transparent to users.

Application gateway:
Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.

Circuit-level gateway:
Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Proxy server:
Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

Stateful inspection It is a newer method that does not examine the contents of each packet but compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through.

For more information on Firewalls, please read the following Wikipedia article:
Firewall