A firewall is a network security device which monitors the incoming and outgoing network traffic and decides whether to block or permit the specific traffic based on certain rules. Thus, it acts like a barrier between trusted and un-trusted network. Firewall is the first line of defense in the network security. It can be software, hardware or both.
Types of Firewalls:
Generally there are five different types of firewalls:
Packet filtering firewall:
Packet filtering firewall filters IP packets based on source and destination IP address and ports. It examines each packet that passes firewall and tests the packet according to security rules that have been set by the user. But it has no way to tell the difference between good web traffic and bad web traffic, which means it can allow both kind of packets into the network.
Stateful packet firewall is also known as dynamic packet filtering. It is similar to packet filtering firewall but it is more intelligent in tracking active network connections. Stateful firewall constantly analyse complete traffic and data packets and only allow those packets into the network that are part of established outbound connection. But still it can’t tell the difference between good and bad web traffic.
Deep packet inspection firewall:
Deep packet inspection (DPI) looks not only at header and footer of a packet but also examines content of the packet searching for illegal statements and looks at application layer attacks. DPI has capabilities to overcome the limitation of traditional firewalls that depends upon dynamic packet filtering. It provides a more robust mechanism for network packet filtering.
Also Read: What is Keylogger? How Hackers use it?
Application aware firewall:
An application-aware firewall understands not only ports, but that specific applications listen to specific ports. They are indeed host based (installed on a user server) and prevents malware from listening on a port that would normally be used by a legitimate application. Application aware firewall is quite similar to deep packet inspection but it can also understand signatures within packets which specifically address certain fields in the protocol.
Application proxy firewall:
Proxy firewall protects the network resources by filtering the packets at the application layer. It is also called application gateway firewall. Proxy firewall thus acts as intermediary between client and server on the internet. It also monitors incoming traffic for application layer 7 protocol such as HTTP and FTP.
Proxy firewall is the most secure type of firewall because it prevents direct network contact with other networks. It has own IP address, so it creates own network and never receives packets from other networks directly.
Benefits of Firewall Protection: