A Firewall is a device, usually a router or a computer, installed between the internal network of an organization and the rest of the Internet. It is used to control the access of the Internet. It is designed to forward some packets and filter others. A firewall can be used to deny access to a specific host or a specific service in the organization.
A firewall is usually classified as Packet-filter Firewall & Proxy firewall on the basis of its working.
A packet-filter firewall is a router that uses a filtering table to decide which packets must be discarded i.e. not forwarded. A firewall can be used as a packet filter. It can forward or block packets based on the information in the headers: source and destination IP addresses, source and destination port addresses, type of protocol (TCP or UDP). A packet-filter firewall filter at network or transport layer.
An example of a filtration table for such firewall can be shown below.
As per the figure above, following are the details of filtration:
Security precaution: incoming packets from network “220.127.116.11”. Here “*” means any. Incoming packets destined for any internal TELNET Server (port 23) are blocked. Incoming packets destined for internal host “18.104.22.168” are blocked. The organization wants this host for internal use only. Outgoing packets destined for an HTTP server (port 80) are blocked. The organization does not want employees to browse the internet.
The packet-filter firewall is based on the information available in the network layer and transport layer headers (IP and TCP/UDP). Sometimes we need to filter a message based on the information available in the message itself at the application layer. Installing a proxy computer between the customer computer and corporation computer can be a solution to this situation as shown in the figure below.
When the user client process sends a message, the proxy firewall runs a server process to receive the request. The server opens the packet at the application level and finds out if the request is legitimate. If it is, the server acts as a client process and sends the message to the real server in the corporation. If it is not, the message is dropped and an error message is sent to the external user. In this way, the requests of the external users are filtered based on the contents at the application layer. A proxy firewall filters at the application layer.
Categories: tech blogs