Firewall: purpose and principle of operation

The firewall is designed to protect the local network from various external threats, which ensures the safety and security of the corporate information. A functional and reliable firewall ensures the smoothness of data exchange, the stability of communication and the efficiency of the entire system.

Firewall meaning

A firewall is a specially designed software or hardware solution whose main task is to protect server equipment and the network from illegal access and external threats.

Firewall gives the ability to:

• Prevent unplanned network connections;
• Control data flows going through the firewall, blocking their access if necessary;
• Manage network traffic;
• monitor incoming and outgoing data packets.

There are different types of firewalls to meet the specific needs and requirements of the local network.

The principle of Firewall operation

The firewall can allow or block individual data streams. Its work is based on following the rules and algorithms approved by the developer and the administrator:

• Analyzes network traffic;
• Blocks traffic if any errors or security risks occur;
• Applies the specified parameters for processing data packets;
• Protects the organization's network from possible attacks and scanning;
• Differentiates rights for various groups of users.

Types of Firewalls

The most common firewalls are:

• Status screen is responsible for analyzing the network connection, as well as for the implementation of sessions;
• Logged – keeps detailed records of all network events and enables monitoring and recording of security incidents;
• The packet filter makes a decision about admission or blocking by analyzing headers.

Another popular option nowadays is the applied Firewall. It is capable of performing detailed data authentication as well as data encryption.

Traffic filtering

Traffic filtering, which can be regulated by the user, is the main security mechanism in computer networks. Traffic filtering gives an opportunity to:

• Protect network resources;
• Prevent unplanned access;
• Regulate the flow of data between different systems and devices.

There are two main approaches to implementing traffic filtering:

1. A wide range of filters, guided by specific rules, passes all traffic not included in the list of prohibited.
2. Passes only traffic marked as acceptable by the system.

Firewalls classification

Below we will consider the main parameters by which firewalls are classified:

• By architecture – software or hardware;
• By network capabilities – analyze the information of a more advanced OSI network model or operate at the IP address level;
• By filtering methods – allow, reject or discard;
• By packet visibility – perform a general analysis of data packets or carry out their detailed analysis.

Proxy servers that control incoming and outgoing network traffic can ensure local network protection and user anonymity.

Software variety

A firewall is a type of software that is responsible for redirecting all traffic to a single working network, which as a result leads to its filtering. The firewall is installed on a specific device (virtually or in reality).

Hardware variety

This is a specialized technical device, the main task of which is traffic processing. The basis of its work is a special software, laid down by the manufacturer or installed by a specialist to perform work processes. In comparison with the software version, the hardware is more powerful, but it costs much more, accordingly, not everyone can buy it. There are a large number of hardware options.

Proxy as an alternative to the modern screen

The proxy server is called the gateway of programs for a reason, as it controls traffic at the last level of the stack. The principle of operation is to filter data by header fields, as well as the content included directly in the field, payload and its scales. In order for the result to meet the requirements of the organization, there is an opportunity to define additional parameters for filtering. The use of proxy servers is considered more complex and universal, since they are provided for established protocols.

Realization

According to the method of implementation, the following firewall options are distinguished:

Virtual. They function on virtual hosts or servers. They provide management and simple scalability processes. Virtual firewalls are a very good option for cloud infrastructures.

Software. These firewalls are elements of the operating system or third-party applications. They are updated via the Internet and flexibly configured. Installed on a separate server or device.

Hardware. Physical devices that have a high level of scalability and efficiency. Additional features such as fault tolerance, load balancing and many others are provided.

Limitations of Firewall analysis

Next, we will consider some limitations in the work of firewall:

• Deep packet inspection – firewalls often involve only superficial data checking. Because of this, many hidden attacks are not detected.
• Visibility – due to the limitations of network traffic analysis, some types of attacks are not detected.
• Reaction time – processing a large amount of data often requires high speed, and firewall is often not fast enough for these purposes.

The effectiveness of preventing potential errors and problems depends on timely configuration and necessary Firewall updates.

Additional filtering within the network

Much attention should be paid to what methods of parsing data packets will be used directly within the network. It is possible to separate servers from each other using three main technologies:

• Creating multiple virtual parts of the network at the 3rd level of the OSI model.
• Creating multiple virtual copies based on one real router.
• Creating logistics-type networks in physical networks.

The most suitable option can be chosen taking into account your own capabilities and preferences, since the method of separation does not play a fundamental role.

Managed Switches

Managed switches are capable of filtering traffic between certain network nodes, as well as between several networks. This function sometimes allows to equate managed switches with a list of firewalls. In this case, traffic separation is carried out within a specific local network to which the managed switches are connected, since their operation relates only to the link layer.

Using managed switches will not be useful if you need to filter external traffic. Here they will not perform the necessary tasks, which can lead to negative consequences in various aspects.

The right choice

To choose a suitable option, you need to make a little preparation:

• Approve clear requirements and needs, as well as determine what functions are required – protection against malware, information filtering, access control, etc.
• Take into account the size and type of network that needs to be protected.
• Analyze the functionality and parameters such as protocol support, efficiency, filtration quality, etc.

It is also necessary to check compatibility with operating systems, network devices, etc.

What is the function of Firewalls?

As mentioned earlier, the main task of firewalls is to ensure the security and protection of the network, as well as to increase the level of its performance.

Performing the following actions allows to achieve this goal:

• Preventing the spread of errors, viruses, potential security threats and other malware within the network.
• Network access control (firewall prevents overloads).
• Protection against failures, unauthorized access, hacking, etc.
• Traffic optimization by selecting only the right data packets, which improves performance.
• Protection of internal company information.

Firewalls Rules

The network traffic coming to the screen is filtered based on the rules set by the system administrator. If necessary, these rules may be regulated.

It is possible to set rules:

• "skip" – traffic will be passed into the system.
• "prohibit" – traffic will not be allowed into the system.
• "discard" – certain traffic will be left without a response until a response message is received from the administrator.

Firewall functionality

Firewalls perform a list of important operations:

• Log and analyze network activity – keep records of the operations performed.
• Monitor traffic (analyze and filter data transfer between systems and devices).
• Configure VPN connections for secure remote access.
• Block malware.
• Prevent not allowed connections – deter attacks, eliminate security threats, block unauthorized access attempts to the network.

Together, these operations allow you to manage current processes, identify potential threats and promptly resolve emerging problems.

Where is the Firewall installed?

Several configurations for installing Firewalls are offered. The most important of them are:

• On the host – installed on a separate server or computer.
• On the border of the external and internal network – this makes it possible to control access to external resources and eliminate invalid connections.
• On a gateway between two networks – responsible for filtering and controlling access between networks.
• Within the local network – provides improved access control to network resources and an additional level of security.

The choice of placement option depends on the required tasks and features of the network architecture.

Firewall cost

Being an important element of network security, the firewall is widely used among users. The cost of firewalls depends on a number of factors. The main ones are:

• model,
• manufacturer's brand,
• functionality,
• additional parameters.

The high level of reliability and quality of the firewall is accompanied by quite high prices. However, there is a wide range of more affordable options at a lower price. Thus, it is possible to purchase a firewall that provides basic protection against threats and at the same time not overpay for additional parameters which are not often needed.

Firewall functions

Next, we will consider the most important firewall functions:

• Provides VPN support – responsible for secure remote connection.
• Filters traffic – controls incoming and outgoing flows, eliminates errors and blocks potentially dangerous connections.
• Protects against hacker attacks (including DDoS attacks).
• Determines which devices to grant access and which to deny.
• Performs network monitoring, identifying problems and possible errors.

How to disable the Firewall?

It is recommended to be very careful when changing the firewall settings, since disabling it may result in a violation of network security. If there is still a situation that requires a temporary shutdown of the firewall, you should follow several steps:

• open the firewall control panel,
• find the item "Enable firewall" or something similar,
• set a parameter that gives an opportunity to disable the firewall,
• save changes.

It is important not to forget to enable the firewall after completing all necessary work.

The main difference between a Firewall and a router

Next, we will consider the distinctive characteristics and parameters of these two elements:

Priority. The firewall is primarily responsible for protection and security. Router – for data transmission.

Functionality. The firewall involves filtering and controlling traffic between different networks. The router determines the data transmission path.

The level of work. The firewall operates at the network level and the OSI model. The router is only on OSI level.

Location. The firewall can be located inside the network, on its border (including other places). The router is installed at the intersection of two or more networks.

Thus, the firewall and the router are two network devices that differ from each other in a number of parameters and functions performed.

At what level does the Firewall work?

A firewall can operate on several levels:

• Network – manages IP addressing (provides work with routing protocols – IP, OSPF, ICMP and BGP).
• Physical – a device located between the equipment, monitors traffic, filters by MAC addresses.
• Transport – traffic control is carried out at the TCP or UDP protocol level.
• Channel – data transmission protocols are checked. Blocking or allowing operations are performed too.

Access control can also be implemented by some firewalls at the application level. At this level, the data packets are analyzed. Certain services or applications such as SMTP, HTTP or FTP are blocked or allowed.

Firewall classes

Next, we will consider the existing classes of firewalls:

• Deep Packet Inspection – perform detailed data analysis, search for hidden threats, viruses, etc.
• Packet-Filters – determine which packets can be allowed.
• Application-Level Gateways – analyze the content at the network and application level.
• Stateful-Inspection – analyze the header and the content at the level of the data packet and the connection status.

Firewall capabilities at the application layer compared to the network layer

At the application level, firewall provides the ability to:

• Control the transfer of confidential information, analyze potentially dangerous programs, and block suspicious sites.
• Perform a more detailed inspection of the data packets (conduct accurate content research).
• Provide access to certain services and applications, guided by the security policy.
• Using digital signatures and encryption, verify the authenticity and integrity of data.

At the application level, firewalls are able to offer more powerful, convenient and flexible means to protect networks and data, compared to the network level.

Types of Firewalls and their functionality

Today's market offers only 2 main options:

• Stateless TCAM – the necessary information about the device status is not filled in.
• Stateful TCAM – filling in the required data is carried out on the basis of previous requests (a certain table contains all the information). This option is considered the most profitable, as it allows you to easily and quickly find the necessary information.