First, let us define a firewall. A firewall is a system or group of systems utilized to enforce access control between two network entities.
This can be accomplished in a variety of ways but fundamentally the firewall is a pair of mechanisms: the first exists only to block traffic and the second one exists to permit traffic. It allows people inside the organization, behind the firewall, to access information on the outside and prevents people on the outside from getting into the user’s system. The singular most important aspect of a firewall is to allow the System Administrator to easily implement an access control policy.
The Internet has become, in many ways, a mirror of society. Within our society there is a segment of jerks, malcontents and rip-off artist who delight in spray painting other people’s walls, knocking down stop signs and mail boxes and perpetrate all manners of scams such as credit card fraud and embezzlement. All of these, and more, has become a routine part of the Internet society. Web sites are defaced, phony misleading press releases are issued to manipulate stock prices and large databases of credit card numbers are broken into for fun and profit. A firewall is the first line of defense against the cyberpunks attempting to rip the fabric of the Internet society.
A firewall appliance is a dedicated hardware and software system whose sole purpose is to function as the implementer of the defined access control policy. A fully featured firewall appliance will include NAT (Network Address Translation), DMZ (De-Militarized Zone), VPN (Virtual Private Network), Intrusion Detection and extensive audit logging with alarm condition detection and reporting. Content Filtering can be a highly desirable option to prevent pornography and specific non-work related web sites from being accessed.
In the most ideal of situations, the firewall appliance should be as ubiquitous as a telephone: take it out of the box, plug it in and use it. The real world is not so utopian due to the large variety of options for blocking or passing data in or out of the network as well as all of the network specific information. At its worst, the time to properly configure a firewall can be measured in hours. At its best, like the iSentinal™ appliance, much of the configuration will be performed at the factory prior to shipment, requiring only minutes for final configuration.
Basic firewall technology.
A firewall is generally a software package or a combination of hardware and software and typically consists of several layers of protection designed to intercept and prevent penetration by intruders. Today there are three basic types of firewalls.
The simplest type is known as a screening router or packet filter firewall. This approach screens every packet for content and decides whether to pass through or deny access. This approach provides the very minimum of security and is easily broached by sophisticated intruders who can falsify or spoof a packet so that it appears to come from a legitimate source.
A second firewall approach utilizes a technique known as stateful inspection. This approach is more adept than packet filtering at preventing spoofing by comparing patterns of arriving data with data from previously accepted packets.
The third and generally accepted as the most secure approach is known as the proxy server. The proxy server sits between the internal network and all locations outside the network and does not allow direct traffic to pass directly through. The proxy server changes the IP address of the user from anyone outside of the firewall. When an internal user access an external web site the source IP address on the outbound HTTP packet appears as the address of the firewall and not that of the originator. When an external data packet arrives at the firewall, the application software examines and evaluates the packet’s IP address and content, compares it with the firewall appliance’s rule set to verify whether it complies with the pre-defined security policies.