Firewalls can block traffic and hide your network from the outside world. Stuart Eaton from Centrinet explains the three technologies involved. A firewall can be a piece of software, hardware, or a mixture of both, that enforces an access control policy between networks – for example between the private corporate network and the public Internet. A widely used analogy for a firewall is that of a lock on a door, although in reality a firewall offers far more flexibility. A firewall can block traffic, but it can also hide your network from the outside world and screen outgoing traffic. A firewall is an essential and minimum component in any Internet security strategy. Firewall technologies broadly fall into three categories: packet filter, application-level proxy server and stateful. We will discuss these three technologies below and list the most popular firewalls in each category.

Packet filter A packet filter is the most basic type of firewall and is often free and available on popular routers. A packet filter simply checks the IP address of incoming traffic against an access control list (ACL), and will deny access to addresses that don’t correspond to this list. Packet filters can also have rules based on data type or TCP/IP (transmission control protocol/Internet protocol) port numbers. Packet filters are often very fast and very cheap; however they are susceptible to IP spoofing. IP spoofing is a technique whereby an external address will ‘pretend’ to come from a trusted source, thereby defeating the rule base of the packet filter and gaining access to the network. Popular packet filters are Linux’s ‘ipchains’; OpenBSD’s ‘pf’ and FreeBSD’s ‘ipfw’.

Application proxy The second firewall technology is known as an ‘application proxy firewall’. An application proxy firewall uses software to intercept connections and examines the application used for each individual packet1 to verify its authenticity. Application-level firewall technology checks for permission to connect to another network and can enforce access control rules specific to the application. Each application has its own proxy program that emulates the application’s protocol – for example, FTP (file transfer protocol) for file transfers, HTTP (hypertext transfer protocol) for the Internet and SMTP/POP3 (simple mail transfer protocol/post office protocol, version 3.0) for email. Whilst proxy firewalls are considered to be very secure the processing overhead can lead to degradation in performance. Popular proxy firewalls are ‘WatchGuard’and NAI’s ‘Gauntlet’.

Stateful firewalls

Stateful inspection is a technology developed and patented by Check Point Technologies, a leading provider of software firewalls. Stateful inspection is an architecture that works at the network layer. Unlike packet filtering, which examines a packet based solely on the information in its header, stateful inspection tracks each connection and makes sure they are valid. A stateful firewall may examine not just the header information but also the contents of the packet in order to determine packet information further than simply source and destination. A stateful inspection firewall monitors the state of the connection and compiles this information in a dynamic-state table. Because of this, filtering decisions are based not only on IP address rules but also on behaviour that has been established by prior packets that have passed through the firewall. Stateful firewalls will also drop connections should they attempt an action that is not a standard use of the protocol. Popular stateful firewalls are ‘Cisco PIX’ and ‘Check Point’. Centrinet are a leading provider of Internet and network security solutions based on the innovative use of the best products and services. Our passion for customer service and technical excellence, combined with a no-nonsense approach to business, provides our clients with a refreshing and unique experience. For further information contact: Centrinet Limited, Witham Park House, Waterside South, Lincoln, Lincolnshire, LN5 7JN. Tel: +44 (0)1522 559 600; Fax: +44 (0)1522 533 745; Email: enquiries@centri.net; Webite: www.centri.net