Overview

firewall can either be software-based or hardware-based and is used to help keep a network secure. Its primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not, based on a predetermined rule set. A network’s firewall builds a bridge between the internal network or computer it protects, upon securing that the other network is secure and trusted, usually an external (inter)network, such as the Internet, that is not assumed to be secure and trusted.

Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions

 

Firewalls Types

Network layer firewalls

Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IPprotocol stack, not allowing packets to pass through the firewall unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. The term “packet filter” originated in the context of BSDoperating systems.

Network layer firewalls generally fall into two sub-categories, stateful and stateless. Stateful firewalls maintain context about active sessions, and use that “state information” to speed packet processing. Any existing network connection can be described by several properties, including source and destination IP address, UDP or TCP ports, and the current stage of the connection’s lifetime (including session initiation, handshaking, data transfer, or completion connection). If a packet does not match an existing connection, it will be evaluated according to the ruleset for new connections. If a packet matches an existing connection based on comparison with the firewall’s state table, it will be allowed to pass without further processing

The Benefits of Firewalls

  • Secures a computer network from hostile intrusions.
  • Firewalls can monitor and record information. This can be of value in determining who is accessing what type of information.
  • Firewalls can be used to complement or supplement content and email filtering solutions.
  • Firewalls can automatically block most email viruses and malware attacks even before they start.
  • Firewalls can be set up to allow access for certain users to access certain information but prevent others from doing so.
  • Firewalls can also calculate usage of the internet, i.e. who spends most time using the internet and how this affects the performance of the network.
  • Some firewalls can cause constraints or bottlenecks on the network as they concentrate security in one area.
  • Organisations need to have a written policy or procedure that outlines what information can be accessed by employees and by whom. A firewall can be used to enforce these policies.

Proxy server

A proxy server (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. A proxy server is a gateway from one network to another for a specific network application, in the sense that it functions as a proxy on behalf of the network user

Application-layer firewalls

Application-layer firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgment to the sender).

On inspecting all packets for improper content, firewalls can restrict or prevent outright the spread of networked computer worms and trojans. The additional inspection criteria can add extra latency to the forwarding of packets to their destination.

Network Security Solutions

Juniper SRX Series
Barracuda NG Firewall
Dell SonicWall

Juniper Networks ISG Series Integrated Security Gateways are purpose-built security
solutions that are ideally suited for securing enterprise, carrier, and data center
environments where consistent, scalable performance is required.

Solution Description

Juniper SRX Series offers:

  • Predictable performance: ASIC-based architecture provides linear performance for all packet sizes at multi-gigabit speeds.
  • System and network resiliency: Hardware component redundancy, multiple high availability options and route based VPNs offer reliability and resiliency.
  • Network security: The SRX Series provides embedded Web filtering, anti-spam, IPS, ICAP antivirus redirect, and optionally integrated IDP.
  • Network segmentation: Security zones, virtual systems, virtual LANS and virtual routers allow administrators to deploy security policies to isolate guests and regional servers or databases.
  • Certifications: The SRXSeries fulfills the requirement for FIPS, common criteria, ICSA, and others.
  • Robust IPv6

More Information: https://www.juniper.net/us/en/products-services/security/

The Barracuda NG Firewall is an enterprise-grade next-generation firewall that was purpose-built for efficient deployment and operation within dispersed, highly dynamic, and security-critical network environments.

More Information: https://www.barracuda.com/products/cloud-generation-firewalls

Dell SonicWALL security solutions enable organizations to secure their network, systems, users and data without compromising network performance.

More Information: https://www.sonicwall.com/en-us/products/firewalls