A firewall in a computer network is part of a system or computer network designed to prevent unauthorized access while allowing authoritative communications.
What is a Firewall, and What are its Types, Advantages, and Disadvantages?
It is a device or set of devices configured to allow, limit, encrypt, decrypt, and allow traffic between different scopes according to a set of rules and other criteria.
Firewalls can be implemented in hardware and software or a combination of both. A firewall is widely used to prevent unauthorized Internet users from accessing Internet-specific private networks, especially Intranets.
It passes through the firewall that blocks traffic that does not meet the security criteria and examines and analyzes all traffic that enters or exits the Intranet.
A properly configured firewall provides the necessary protection in LAN and WAN but should never be seen as an adequate stand-alone solution.
It covers more operating levels and protects computer security.
Firewall History
The term Firewall or Fireblock actually means a wall that limits the fire or potential fire hazard in a building.
In addition, it is used to express similar materials, such as sheet metal, that separate the engine compartment of a vehicle or aircraft.
Firewall technology turned out to be a reasonably new technology in the late 1980s in terms of global use of the Internet, connectivity, and security.
The basics of firewalls for network security were routers that were used in the late 1980s, keeping networks separate.
The optimism of a small user community with compatible machines that value internet sharing and availability came to an end with a series of significant internet security breaches that occurred in the late 1980s.
For example, Clifford Stoll, in his time, discovered how to manipulate the German spy system. Bill Cheswick, on the other hand, set up an electronic prison in 1992 to observe an attacker.
In 1988, an employee at NASA’s Ames Research Center in California reported to their colleagues that they were under attack from an internet virus and reached Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames.
This virus was a Morris worm that spread widely due to many vulnerabilities in computers of the time, making the first major attack on Internet security.
Packet Filtering Technology
The first document published for firewall technology, filter systems known as packet filtering of the DEC (Digital Equipment Corporation) engineer team, was developed in 1988.
This basic system became the first generation of security thanks to a more technical and advanced feature of Internet security.
At AT&T Bell, Bill Cheswick and Steve Bellovin continued their research on packet filtering and developed a working model for their own company based on their original first-generation architectures.
Packet filtering examines packets that represent the basic security of data transfer between computers on the Internet.
If a packet matches the filter ruleset, the packet is allowed or denied to pass. This type of packet filtering does not pay attention to whether the packet is part of the traffic flow. Instead, each package is filtered only based on the information contained in the package itself.
TCP and UDP protocols make up most of the communication over the Internet using the structures of certain types of traffic.
Therefore, if computers on both sides of the packet filter do not use the same non-standard ports, a packet filter can distinguish both types of traffic.
Packet filtering configured on a firewall affects the first three layers of the OSI reference model. It, therefore, means that all work is done between the network and physical layers.
When a package is created and requested to be sent, firewall filters will allow or deny that package.
When the packet passes through the firewalls, it filters the packet using a protocol and a port number.
For example, if there is a rule blocking telnet access, it will block the IP protocol for port 23.
Application Layer Technology
It is the security technology applied to the application layer of the OSI model.
The application firewall examines specific applications and protocols and can detect whether an unwanted protocol is sent through a non-standard port or if a protocol is maliciously misused.
This is much safer compared to the packet filtering firewall, as it affects all seven layers of the OSI reference model.
An application firewall can filter higher-layer protocols such as FTP, Telnet, DNS, DHCP, HTTP/HTTPS, TCP, UDP, and TFTP.
If an organization wants to block all information about a particular word, it can filter content to block that word, but application firewalls are slower than stateful ones.
Status Information Technology
Between 1989 and 1990, three colleagues from AT&T Bell Labs, Dave Presetto, Janardan Sharma, and Nigam Kshitij, developed stateful firewalls.
This third-generation firewall operates by taking into account the placement of each packet in a number of packets. This technology is commonly known as packet state inspection.
Being able to determine whether a package shows the beginning of a new connection can decide whether or not it is part of an existing connection or an incorrect package since it stores records of all traffic passing through the firewall.
Such methods can help prevent ongoing traffic or DDoS attacks.
Firewall Types
1) Gateway Application Level
Applies security filters for specific applications, such as FTP and Telnet servers. Although this is a very effective method, it may cause slow performance.
2) Circuit-Level Gateways
It implements security configurations when a TCP or UDP connection is established. After the connection is established, packets can roam between hosts without control.
Allows the establishment of a session originating from a lower security area than a higher security area.
3) Network Layer or Packet Filtering
It operates at the network level of the TCP/IP protocol as an IP packet filter, and it is one of the main types of firewalls, but it is challenging to configure, although effective and transparent. Filters can be made according to different areas of IP packets, such as source IP address and destination IP address.
Filters are usually allowed in this type of firewall based on transport-level fields such as source and destination port or data link level such as MAC address.
4) Application Layer
This method, which runs on the application layer, can be adapted to the features of the protocols. For example, if it is in HTTP traffic, the filter can be configured based on the URL you are trying to access.
Firewalls in the 7th layer of HTTP traffic are often called proxies and allow an organization’s computers to access the Internet in a controlled manner. Proxy is a technology that effectively hides real network addresses.
5) Personal Firewall
It is a special firewall installed on the computer as software, which filters the communication between the computer and the rest of the network and is therefore used on a personal level.
Firewall Advantages
The main advantages offered by firewall technology used in a computer network are:
- It creates a secure connection.
- It protects against attacks.
- It creates access to certain parts of a network and only allows authorized computers on other parts of the Internet.
- It helps protect private information.
- In an organization, it manages access levels so that each defined group of users can access only the services and information required.
- It provides access optimization.
- It defines the local and remote networks and provides security between them.
Disadvantages
The disadvantages of using a firewall are as follows;
- As a result of the behavior carried out by the attacker over the traffic allowed by the firewall, such attacks cannot be prevented.
- It cannot prevent traffic that the firewall does not filter.
- It cannot prevent local network attacks and attacks by malicious users inside the organization.
- It cannot prevent corporate spies from copying essential data to physical storage devices.
- It cannot protect against social engineering attacks.
- If antivirus software is not installed on the organization’s computers, the firewall may not be able to prevent these viruses.
- It does not protect against security failures of services and protocols that allow traffic.
Internet Safety
In general, the first step of a hacker is to know what form of information is collected and what kind of information it is at the same time.
It can create a database containing the organization of the attacker network and collect information about the built-in servers. So, a hacker can use TraceRoute, the SNMP protocol, DNS server access information, and Ping program to collect such information.
The solution to prevent the collection of such information is to use a firewall in the corporate network.
What Does Firewall Do?
Firewalls protect local networks from attacks launched against them from the Internet.
An Intranet is designed to protect against unauthorized access to company information and damage or denial of computer resources and services.
It is designed to prevent internal users from accessing Internet services through ports that are considered potentially dangerous, such as FTP.
Computers within the corporate network are only allowed to access the Internet after going through a firewall.
Requests need to be configured to allow them to pass through an internal browsing router, also called an internal filtering router or blocking router.
This router prevents remote snooping of packet traffic and examines information on all packets, such as a source and destination.
The router compares the information it finds with the rules in a filter table and then accepts or denies packets based on those rules.
The router also does not allow any packets to be sent to specific questionable Internet locations.
A router can also block every packet circulating between the Internet and the Intranet, except for email, and system administrators can configure which packets are supported and which are rejected.
When a firewall protects corporate networks, regular internal network services such as email, access to corporate databases and Web services, and the use of programs for group work can be used.
Some routers can select packets between the Internet and perimeter network using the same type of technology as the indoor selection router.
It can select packets according to the same rules applied by the internal router selection and protect the network even if the internal router fails. However, there may be additional rules for package selection that are effectively designed to protect the central server.
As an additional way of protecting a network from attacks, it is placed in a perimeter network, a subnet, within the firewall.
Thus, the server can act as the main point of contact for incoming connections from the Internet for email, FTP access, and all other data and services.
The server examines all these requests, and individuals only communicate with this server and do not connect directly with other servers. In this way, the servers in the local network are protected against attacks.
Monitoring Software
Monitoring software works like the packet filtering feature that routers use to filter.
Both examine the data in the header of each IP packet entering and leaving a network, and it is decided whether routers allow packets to be filtered. Still, monitoring software only keeps a record.
In addition to packet information, the monitoring software monitors and tracks data such as the sender and destination address, packet size, type of Internet service, and time of day in the database where these are recorded.
Since all packets pass through a server, it is not necessary to add the information of each packet to the database. They can only be configured to keep track of essential services.
For example, information about the packages of essential services such as HTTP, FTP, SMTP, and Telnet can be monitored during the flow of data traffic.
A monitoring program running on the server allows network administrators to examine and analyze local network and Internet traffic. Thus, you can analyze the total daily and hourly network traffic and, record which websites were visited, and display them graphically.