The Internet is not only the global computer network, but it becomes a live environment together with potential aggressivity and possible attacks.
Organizations around the world are embracing the Internet and Internet technologies to forge new and profitable business relationships. Firewalls help organizations balance the openness of the Internet with the need to protect the privacy and integrity of sensitive business communications and internal network and data against attacks from the Internet.
What is a firewall?
A firewall is a network security device positioned between two different networks, usually between an organizations internal, trusted network and the Internet.
What do firewalls do?
A firewall ensures that all communications attempting to cross from one network to the other meet an organizations security policy. Firewalls track and control communications, deciding whether to allow, reject or encrypt communications. In addition to protecting trusted networks from the Internet, firewalls are increasingly being deployed to protect sensitive portions of local area networks and individual PCs.
Typical firewall implementation:
How do firewalls work?
Historically, three different technologies have been used to implement firewalls: Packet Filters, Application-Layer Gateways and Stateful Inspection.
Packet filters, usually implemented on routers, filter traffic based on packet content, such as IP addresses. They examine a packet at the network layer and are application independent, which allows them to deliver good performance and scalability. They are the least secure type of firewall, however. The reason is that they are not application aware, they cannot understand the context of a given communication, making them easier for hackers to break.
Application gateways improve on security by examining all application layers, bringing context information into the decision process. However, they do this by breaking the client/server model. Every client/server communication requires two connections: one from the client to the firewall (which acts as a "proxy" for the desired server) and one from the firewall to the (actual) server. In addition, every application requires a new proxy, making scalability and
support for new applications a problem.
Stateful Inspection provides the highest level of security possible and overcomes the limitations of the previous two approaches by providing full application-layer awareness without breaking the client/server model. Stateful Inspection extracts the state-related information required for security decisions from all application layers and maintains this information in dynamic state tables for evaluating subsequent connection attempts. This provides a solution that is highly secure and offers maximum performance, scalability, and extensibility. The leading product based
upon Stateful Inspection is the Check Point FireWall-1, which has become the de facto standard for firewalls.
YieldTech provides the network security solution on the Linux platform based on Linux kernel packet filtering or
Firewall-1 from CheckPoint Software Technologies Ltd. and
InterScan VirusWall from Trend Micro.