What are the Types of Firewalls?

There are two general categories: hardware and software. Firewalls can be implemented in both hardware and software or a combination of both.

Hardware Firewall

A hardware firewall is a box that sits between you and the internet that performs the filtering function. Traffic that is filtered out never reaches your computer. Broadband routers perform the function of a firewall quite nicely.

Software Firewall

A software firewall is a program that runs on your computer and at the very lowest level monitors your network traffic. The firewall prevents filtered traffic from getting through to the operating system. All network traffic reaches your computer but the firewall prevents your system from actually doing anything with it.

There are several classifications of firewalls depending on where the communication is taking place, where the communication is intercepted, and the state that is being traced. Firewalls use one or more of the following methods to control traffic flowing in and out of the network:

Packet filtering – In its most basic form, a firewall does nothing but filter packets. Packets are analyzed against a set of filters. Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure.

Application-layer– Application-layer firewalls work on the application level of the TCP/IP stack, and may intercept all packets traveling to or from an application. Application firewalls can prevent all unwanted outside traffic from reaching protected machines. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls.

Circuit Level Relay – This type of firewall doesn’t simply accept or reject packets, it also decides whether a connection is valid according to a set of configurable rules. If everything checks out, the firewall opens a session and allows traffic to flow in only from the authenticated source. The traffic may also be permitted to proceed for only a limited period of time. Once the connection has been made, packets can flow between the hosts without further checking.

Application Proxy Gateway – Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. The users connect to the outside using the proxy. The proxy gets the information and returns it to the user. The proxy can record everything that is done. This type of firewall may require a user login to use it. Rules may be set to allow some functions of an application to be done and other functions denied.

Stateful inspection – A newer method that doesn’t examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics; the incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise, it is discarded.