A firewall is between two networks such as the internet and a computer so that it functions as protection. The main purpose of a firewall is to allow unwanted traffic or data to enter your internal network by predefined criteria. A firewall can also analyse networks that are trying to break into your network and can do what to do when those networks enter. For example, firewalls can be set up to block all types of networks that try to exit or log suspicious network traffic.
By having a firewall, users can easily create rules on certain networks such as being able to add or remove to reject certain networks. For example, it can only access a certain IP address or collect all access from other places to one secure place first.
Here are some of the ways a firewall works based on its type, there are:
- Packet-Filter Firewall
- Circuit Level Gateway
- Application Level Firewall
- NAT firewall
- Stateful firewall
- Virtual firewall
- Transparent firewall
Packet-Filter Firewall
In its simplest form, a firewall is a router or computer equipped with two NICs (Network Interface Card) capable of filtering incoming packets. This type of device is generally called a packet-filtering router.
This type of firewall works by comparing the source address of these packets with the access control policies listed in the firewall’s Access Control List, the router will try to decide whether to forward the incoming packet to its destination or stop it. In an even simpler form, a firewall only tests the IP address or domain name that is the source of the packet and will determine whether to forward or reject the packet. However, packet-filtering routers cannot be used to grant access (or deny it) based on user rights.
Packet-filtering routers can also be configured to stop certain types of network traffic and of course, allow it. Generally, this is done by enabling / disabling TCP / IP ports in the firewall system. For example, port 25 used by the SMTP protocol (Simple Mail Transfer Protocol) is generally left open by some firewalls to allow e-mail from the Internet to enter the private network, while other ports such as port 23 used by the Telnet Protocol can be disabled to prevent users. Internet to access services contained in the private network. Firewalls can also provide some kind of exception (exception) so that some applications can bypass the firewall. By using this approach, security will be stronger but have a significant drawback, namely the complexity of the configuration of the firewall: the firewall’s Access Control List will expand with the number of IP addresses, domain names, or ports entered into it, as well as of course exceptions that are applied.
Circuit Level Gateway
Another type of firewall is Circuit-Level Gateway, which is generally a component in a proxy server. This type of firewall operates at a higher level in the OSI seven-layer reference model (working at the session layer) than the Packet Filter Firewall. This modification makes this type of firewall useful in hiding information about a protected network, even though this firewall does not filter the individual packets flowing in the connection.
By using this type of firewall, the connection that occurs between the user and the network is hidden from the user. The user will be directly confronted with the firewall during the connection creation process and the firewall will establish a connection with the network resource that the user intends to access after changing the IP address of the packet transmitted by the two parties. This results in a virtual circuit between the user and the network resources he has access to.
This firewall is considered more secure compared to Packet-Filtering Firewall because external users cannot see the IP address of the internal network in the packets they receive, but the IP address of the firewall.
Application Level Firewall
Application Level Firewall (also known as application proxy or application-level gateway)
Another type of firewall is an Application Level Gateway (or Application-Level Firewall or often referred to as a Proxy Firewall), which is generally also a component of a proxy server. This firewall does not allow incoming packets to pass through the firewall directly. However, the proxy application running on the computer running the firewall will forward the request to the services available on the private network and then pass the response from that request to the computer that made the first request that is located on an insecure public network.
Generally, this type of firewall will first authenticate the user before allowing the user to access the network. Also, this firewall implements auditing and logging mechanisms as part of its security policy. Application Level Firewalls also generally require some user-enforced configuration to allow client machines to function. For example, if an FTP proxy is configured on top of an application layer gateway, the proxy can be configured to allow some FTP commands, and override some other commands. This type is most often implemented in SMTP proxies so that they can receive e-mail from outside (without showing the internal e-mail address), and then forward the e-mail to e-mail servers on the network. However, due to more complicated processing, this type of firewall requires that computers configured as application gateways have high specifications, and of course it is much slower than packet-filter firewalls.
NAT firewall
NAT (Network Address Translation) Firewall automatically protects systems behind the firewall because NAT Firewall only allows connections coming from computers that are behind the firewall. The purpose of NAT is to multiplex traffic from the internal network to then pass it on to a wider network (MAN, WAN, or Internet) as if the packet came from an IP address or several IP addresses. NAT Firewall creates an in-memory table that contains information about the connections that the firewall sees. This table will map the internal network addresses to external addresses. The ability to put the entire network behind an IP address is based on the mapping to the ports in the NAT firewall.
Stateful firewall
A stateful firewall is a firewall that combines the advantages offered by packet-filtering firewalls, NAT Firewalls, Circuit-Level Firewalls, and Proxy Firewalls in one system. Stateful Firewalls can filter traffic based on packet characteristics, much like packet-filtering firewalls, and also have connection session checks to ensure that the connection sessions are allowed. Unlike Proxy Firewalls or Circuit Level Firewalls, Stateful Firewalls are generally designed to be more transparent (such as packet-filtering firewalls or NAT firewalls). However, a stateful firewall also includes several aspects that are owned by an application-level firewall, because it also inspects data coming from the application layer by using certain services. This firewall is only available on some high-end firewalls, such as the Cisco PIX. Because they combine the advantages of other types of firewalls, stateful firewalls are more complex.
Virtual firewall
A virtual firewall is a name for some logical firewall that resides in a physical device (computer or another firewall device). This setting allows multiple networks to be protected by a unique firewall that enforces a unique security policy, using only one device. By using this type of firewall, an ISP (Internet Service Provider) can provide firewall services to its customers, thereby securing their network traffic, using only one device. This is a significant cost-saving, even though this type of firewall is only available on high-end firewalls, such as the Cisco PIX 535.
Transparent firewall
A transparent Firewall (also known as a bridging firewall) is not a pure firewall, it is simply an extension of a stateful firewall. Instead of other firewalls that operate at the IP layer and above, the transparent firewall works at the Data-Link Layer, and then it monitors the layers above it. Apart from that, a transparent firewall can also do what a packet-filtering firewall can do, just as a stateful firewall can and is not visible to users (hence, it is referred to as a Transparent Firewall).
In essence, a transparent firewall works as a bridge whose job it is to filter network traffic between two network segments. By using a transparent firewall, the security of a network segment can be strengthened, without having to apply NAT Filter. Transparent Firewall offers three benefits, namely as follows:
Easy configuration (some products even claim to be “Zero Configuration”). This is because the transparent firewall is connected directly to the network it wants to protect, by modifying little or no modifying the firewall configuration. Since it works at the data-link layer, changing the IP address is not necessary. Firewalls can also be configured to segment a network subnet between low and high-security networks or to protect a host, if necessary.
High performance. This is because firewalls running in the data-link layer are simpler than firewalls running in higher layers. Because it works simpler, the processing requirements are smaller than firewalls that run at high layers, and finally, the performance it shows is higher.
Invisible to the user (stealth). This is because Transparent Firewall works at the data-link layer, and does not require an IP address assigned to it (except for managing it, if it is a managed firewall). Because of this, the transparent firewall is invisible to attackers. Since it is unreachable by the attacker (it does not have an IP address), even the attacker cannot attack it.
If you are interested or want to know more information about services and products and other advantages of IIJ Global Solutions Indonesia. Please contact us, we are ready to help and serve you wholeheartedly.