A firewall is part of a computer system or network designed to prevent unauthorised access while allowing verified and safe communications. It usually consists of a device or set of devices. It can also be implemented via hardware or software, or often a combination of both. Firewalls are most commonly used to prevent unauthorised internet users from accessing private networks, especially intranets. Each firewall has a different kind of authorisation criteria. Information entering or leaving the network through firewall that doesn’t meet this standard is blocked.
Firewall techniques consist of four main types:
1. Packet filter: Packets are the most basic unit of data transfer between computers and networks. A packet filter uses a set of user defined rules for identifying the source, destination address, protocol and port number. If a particular packet matches the rules, the filter either discards it or rejects it (also drops the packet, but sends an error response to the source). Fairly effective and transparent, packet filters are nonetheless tough to configure. They’re also susceptible to IP spoofing wherein packets with forged IP addresses are created to either impersonate an “accepted” source or conceal the identity of the sender.
2. Application gateway: Also referred to as application proxies, they are located between the end user and network. The end user directly contacts the gateway, after which it performs requested function for the user. Specific programs use specific mechanisms. It is however not transparent to users, who must install custom applications to contact the gateways. This type is simple, since it only functions to proxy requests from end users. It also intercepts IP packets from the net. However, it causes strain on system performance.
3. Stateful firewall: It keeps track of the network connections moving across it (TCP streams, for example). It distinguishes legitimate packets for different connections and only allows packets matching a specific connection state. All others will be rejected. Sessions without traffic for a specific period will eventually time out to prevent the table from being filled. Stateful firewalls are advantageous as opposed to packet filters since it need only check the connection against its table rather than an extensive rule- set.
4. Proxy server: “Proxy” meaning “substitute”. One of the more popular types, proxy servers act as go-betweens for outside clients seeking information from servers. The request is filed and checked according to various filtering rules hence filtering traffic from certain IP addresses. Direct access to the server is subsequently handled by the proxy on behalf of the client. It may speed up resource management by caching and delivering responses according to specific requests. The servers are hence kept anonymous and safe from attack.
An easy-to-use and powerful firewall can be found in ZoneAlarm, the newest release being ZoneAlarm Security Suite 2009. Besides an inbound intrusion detection system, it can also control which programs can make outbound connections. ZoneAlarm does this by dividing access into two “zones”. There’s the trusted zone, which includes computers and devices such as printers connected by LAN. Then there’s the “internet zone”. The user must manually specify permissions to give to a program before it tries to access the internet. ZoneAlarm may also prompt the user for permission the first time the program attempts net access. A freeware version is available, but there’s plenty of incentive to purchase the full versions. These are the OSFirewall and SmartDefense Advisor features. OSFirewall is present in all paid versions and monitors programs for suspicious behaviour. SmartDefense is only featured in the premium versions. It uses a large database of reliable program signatures to guide users with respect to allowing or denying program access to the internet. Different versions of ZoneAlarm also provide protection against viruses and spyware.