Depending on the location of the system, different security levels are applied including firewall. One type of firewall is not suitable for all the conditions.
Therefore, different types of firewalls have been designed depending up on the following three things:
1. Place at which the communication takes place,
2. Where the communication is intercepted
3. The state that is to be traced.
Types of Firewalls
Basically we have two major types of firewalls:
1. Packet Filters or the Network Layer Firewall:
– Packet filters or the network layer firewalls operate at a level of TCP/ IP protocol stack that is relatively low.
– It does not allow the data packets to pass through the wall until and unless a match is found in them to the already established rule set.
– This rule set is defined by the administrator of the firewall.
– If not, the firewall has its own default rules to apply.
– This is what that gave the name ‘packet filters’ to this class of firewalls.
– The term originated in relation with the BSD operating systems.
These firewalls can again be sub – divided in to following two categories:
a) State-ful Firewalls:
– In these firewalls, the context is maintained about the sessions that are currently in an active state.
– The state information so obtained is used for speeding up the packet processing.
– There are several properties that can be used for describing any existing connection such as UDP and TCP ports, source and destination IP address, current connection stage, completion connection, handshaking, session initiation and so on.
– If no match is found for a packet within the existing connection, it is inspected as per the rule set for new connections along with some additional processing.
– On the other hand, if a match is found within existing rules, the packet is allowed to pass directly without any additional processing.
b) Stateless Firewalls:
– The memory requirement of these firewalls is very less and they are usually fast for simple filters that take less for filtering.
– These filters are necessary for filtering the network protocols that are stateless and do not support the ‘session’ concept.
– But these firewalls do not have ability to make complex decisions based up on the stage of communication reached between hosts.
– There are firewalls that have capability of filtering the traffic based up on a number of attributes such as source port, destination service, IP address, TTL values, net-block, and protocols and so on.
2. Application Layer Firewalls:
– These are the firewalls that work on the TCP/ IP stack’s application level (i.e., including ftp or telnet traffic, browser traffic and so on.).
– All the packets in and out of the application are intercepted by this firewall.
– Some other unauthorized packets are blocked by firewall without the acknowledgement of the user.
– All the packets are inspected for their improper content in order to restrict the spread of the Trojans and other computer worms.
– Extra latency can be added through the additional inspection criteria for forwarding the packets.
– These firewalls work up on the determination of whether a given connection should be or not accepted by a process.
– These firewalls hook themselves in to the socket calls for filtering the connections existing between lower OSI layers and the application layer.
– This is why these firewalls are often termed as the socket filters.
– These firewalls work more like packet filters (explained above) but with the application of the filter rules.
– Here, the rules are applied on a per process basis rather than applying them on per port basis.
– Usually, the rules are defined using the prompts for the processes without a connection.
– Application firewalls being used in combination with the packet filters are very rare.
– The connections are further filtered through the examination of the process ID of the packets against a predefined rule set.
– This rule set only defines the extent of filtering that is to be carried out.
– These rule sets might be very complex.