A firewall (FW) in a computer network is part of a system or computer network designed to prevent unauthorized access while allowing authoritative communications.
What is a Firewall, and What are its Types, Advantages, and Disadvantages?
It is a device or set of devices configured to allow, limit, encrypt, decrypt, and allow traffic between different scopes according to a set of rules and other criteria.
Firewalls can be implemented in hardware and software, or a combination of both. A firewall is widely used to prevent unauthorized Internet users from accessing Internet-specific private networks, especially Intranets.
It passes through the firewall that blocks traffic that does not meet the security criteria that examines and analyzes all traffic that enters or exits the intranet.
A properly configured firewall provides the necessary protection in LAN and WAN, but should never be seen as an adequate stand-alone solution.
It covers more levels of operating and protection of computer security.
The term Firewall or Fireblock actually means a wall that limits the fire or potential fire hazard in a building.
In addition, it is used to express similar materials, such as sheet metal, that separates the engine compartment of a vehicle or aircraft.
Firewall technology turned out to be a fairly new technology in the late 1980s in terms of global use of the Internet, connectivity, and security.
The basics of firewalls for network security were routers that were used in the late 1980s, keeping networks separate.
The optimism of a small user community with compatible machines that value the Internet’s sharing and availability ended with a series of major Internet security breaches that occurred in the late 1980s.
For example, Clifford Stoll in his time discovered how to manipulate the German spy system. Bill Cheswick, on the other hand, set up an electronic prison in 1992 to observe an attacker.
In 1988, an employee at NASA’s Ames Research Center in California reported to their colleagues that they were under attack from an internet virus and reached Berkeley, UC San Diego, Lawrence Livermore, Stanford, and NASA Ames.
This virus was a Morris worm that spread widely due to many vulnerabilities in computers of the time, making the first major attack on Internet security.
Packet Filtering Technology
The first document published for firewall technology, filter systems are known as packet filtering of the DEC (Digital Equipment Corporation) engineer team, was developed in 1988.
This basic system became the first generation of security thanks to a more technical and advanced feature of Internet security.
At AT&T Bell, Bill Cheswick and Steve Bellovin continued their research on packet filtering and developed a working model for their own company, based on their original first-generation architectures.
Packet filtering examines packets that represent the basic security of data transfer between computers on the Internet.
If a packet matches the filter ruleset, the packet is allowed or denied to pass. This type of packet filtering does not pay attention to whether the packet is part of traffic flow. Instead, each package is filtered only based on the information contained in the package itself.
TCP and UDP protocols make up most of the communication over the Internet using the structures of certain types of traffic.
Therefore, if computers on both sides of the packet filter do not use the same non-standard ports, a packet filter can distinguish both types of traffic.
Packet filtering configured on a FW affects the first three layers of the OSI reference model. It, therefore, means that all work is done between the network and physical layers.
When a package is created and requested to be sent, FW filters to allow or deny that package.
When the packet passes through the firewalls, it filters the packet using a protocol and a port number.
If an organization wants to block all information about a particular word, it can filter content to block that word, but application firewalls are slower than stateful ones.
Status Information Technology
Between 1989 and 1990, three colleagues from AT&T Bell Labs, Dave Presetto, Janardan Sharma, and Nigam Kshitij developed stateful firewalls.
This third-generation FW operates by taking into account the placement of each packet in a number of packets. This technology is commonly known as packet state inspection.
Being able to determine whether a package shows the beginning of a new connection, it can determine whether it is part of an existing connection or an incorrect package since it stores records of all traffic passing through the FW.
Such methods can help prevent ongoing traffic or DDoS attacks.
Gateway Application Level
Applies security filters for certain applications, such as FTP and Telnet servers. Although this is a very effective method, it may cause slow performance.
It implements security configurations when a TCP or UDP connection is established. After the connection is established, packets can roam between hosts without control.
Allows the establishment of a session originating from a lower security area than a higher security area.
Network Layer or Packet Filtering
It operates at the network level of the TCP/IP protocol as an IP packet filter, and it is one of the main types of firewalls, but it is difficult to configure, although effective and transparent. Filters can be made according to different areas of IP packets, such as source IP address, destination IP address.
Filters are usually allowed in this type of FW based on transport-level fields such as source and destination port or data link level such as MAC address.
This method, which runs on the application layer, can be adapted to the features of the protocols. For example, if it is in HTTP traffic, the filter can be configured based on the URL you are trying to access.
Firewalls in the 7th layer of HTTP traffic are often called proxies and allow an organization’s computers to access the Internet in a controlled manner. Proxy is a technology that effectively hides real network addresses.
It is a special FW installed on the computer as software, which filters the communication between the computer and the rest of the network, and is therefore used on a personal level.
The main advantages offered by firewall technology used in a computer network are:
It creates a secure connection.
It protects against attacks.
It creates access to certain parts of a network and only allows authorized computers on other parts or the Internet.
It helps protect private information.
In an organization, it manages access levels so that each defined group of users can access only the services and information required.
It provides access optimization.
It defines the local and remote networks and provides security between them.
The disadvantages of using a firewall are as follows;
As a result of the behavior carried out by the attacker over the traffic allowed by the FW, it cannot prevent such attacks.
It cannot prevent traffic that is not filtered by the FW.
It cannot prevent local network attacks and attacks by malicious users inside the organization.
It cannot protect against social engineering attacks.
If antivirus software is not installed on computers in the organization, the FW may not be able to prevent these viruses.
It does not protect against security failures of services and protocols that allow traffic.
In general, the first step of a hacker is to know what form of information is collected and what kind of information it is at the same time.
It can create a database containing the organization of the attacker network and collect information about the built-in servers. So, a hacker can simply use TraceRoute, the SNMP protocol, DNS server access information, and Ping program to collect such information.
The solution to preventing the collection of such information is to use a FW in the corporate network.