Firewall, Types & importance
Introduction
An organization’s
network is setup in a manner so that there is a single point of entry and exit
to the Internet. A firewall, which is essentially a set of hardware devices and
software, is then placed at the entry point of the organization's private
network and works to screen off all unwanted access both-ways. All
communication data packets from any computer inside the private network to the
outside world will be routed through the firewall. Also, all data packets from
any computer in the outside world to any computer within the private network
will always be routed through the firewall. The organization would implement a
strict policy not to permit anyone to connect through any other means that may bypass
this arrangement, such as a direct dial-up wireless modem. Thus the
organization will need to focus only on fortifying the firewall, which will
singly control access between the two networks.
The firewall in this
configuration has two components -
i.
two routers that do
packet filtering, and
ii.
an application
gateway.
1. Packet Filters
Packet filters are typically
driven by tables configured by the system administrator. These tables list
sources and destinations that are acceptable, sources and destinations that are
blocked, and default rules about what to do with packets coming from or going
to other machines.
The dominant network protocols in
use on the Internet, viz. TCP, IP, and UDP, carry certain control information
which can be used to restrict access to hosts within the organizational
network. The IP packet header contains the network addresses of both the sender
and recipient of the packet. Further, the TCP and UDP protocols provide the
notion of aport, which identifies the
endpoint of a communications path. In the common case, a source or destination
consists of an IP address and a port number. Port numbers indicate which
service is desired. For example, port no. 23 is for Telnet, port no. 79 is for
Finger, port no. 119 is for USENET news, and port no. 80 is for normal web
service.
2. Application Gateway
The second part of the
firewall mechanism is the application gateway. Rather than just looking at raw
packets, the gateway operates at the application level. A mail gateway, for
example, can be set up to examine each message going in or coming out. For each
message it makes a decision to forward through or discard it based on the
message header fields, message size, or even the content (e.g., at a military
installation, the presence of words like nuclear or bombmight
require some special action to be taken). Firewall installations normally have
more than one application gateway, one for each specific type of service.
Types of Firewalls and
there uses.
However, several types
of firewall configurations exist, each having their own advantages and
disadvantages. Below is a list of some commonly used configurations:
1. Firewall using Screening Routers
2. Firewall using Dual Homed Gateway
3. Firewall using Screened Host Gateways
4. Firewall using Screened Subnets
5. Firewall using Hybrid Gateways
Essentially, which
configuration is adopted by an organization would depend upon the relative
importance of the following factors:
1.
Damage
control: If the firewall
is compromised, to what kinds of threats does it leave the private network
exposed? If destroyed, to what kinds of threats does it leave the private
network exposed?
2.
Zones
of risk: How large is the
zone of risk during normal operation? A measure of this is the number of hosts
or routers that can be probed from the outside network.
3.
Failure
mode: If the firewall
is broken into, how easy is this to detect? If the firewall is destroyed, how
easy is this to detect? In a post mortem, how much information is retained that
can be used to diagnose the attack?
4.
Ease
of use: How much of an
inconvenience is the firewall?
5.
Stance: What is the underlying design philosophy
of the firewall? There are principally two fundamental philosophies, one of
which can be adopted – (a) Whatever is not expressly permitted is forbidden,
and (b) Whatever is not expressly forbidden is permitted.
Other factors such as
cost, corporate policy, existing network technology, staffing, and
organizational politics may also come into play and may influence the technical
considerations.
Hey, checkout this informative blog.I have learned a lot of good and informative stuff from your blog.Thank you so much for sharing this wonderful post. Keep posting such valuable contents.
ReplyDeleteWe are also into the Digital Marketing space.
Please visit our website by clicking the links given below.
Best Digital Marketing Training Course in Kolkata
Best Digital Marketing Training Centre in Kolkata
Best Digital Marketing Training Center in Kolkata
Best Digital Marketing Training Institute in Kolkata
Best SEO/Search Engine Optimization Training Centre in Kolkata
Best SEO/Search Engine Optimization Training Center in Kolkata
Best SEO/Search Engine Optimization Training Course in Kolkata
Best SEO/Search Engine Optimization Training Institute in Kolkata
Best Digital Marketing SEO Internship in Kolkata
Best Digital Marketing SEO Agency in Kolkata
Best Digital Marketing SEO Jobs in Kolkata
Digital Marketing Course Fees in Kolkata
Digital Marketing Course Online in Kolkata
Digital Marketing Expert Abuzar Shah Qureshi in Kolkata
Digital Marketing Expert in Kolkata
Best Digital Marketing Company in Kolkata
Best SEO Company in Kolkata
Best SEO Services in Kolkata
Digital Marketing Jobs for Fresher in Kolkata
Best SEO Jobs for Fresher in Kolkata