Open-Source Internship opportunity by OpenGenus for programmers. Apply now.
What is a Firewall
Before we learn about the different types of a firewall, we should first understand what is a firewall? Back in the day when the Internet was first created, we did not need anything like firewalls. The concept itself was fairly new and not many people were able to comprehend it. But later as the Internet grew so did it's knowledge among people. Some people found out ways to exploit the Internet and use it for malicious intentions. During this age to prevent compromisation of the integrity of the network infrastructure, we developed the concept of firewalls.
A firewall is basically the concept of filtering any form of unwanted data, packet or, activity from the system. It was to make sure that no unwanted or "bad packet" reached the infrastructure, so that it could stay functional and, secure from any external attacker.
To understand more about firewalls we first need to understand how data is transmitted between applications, clients, and, servers. To do this we need to understand the basics about TCP/IP
Model, since this one is used generally in transferring the bulk of the Internet traffic, like transfer of files, other data like authentication tokens, etc. Other models like UDP
are also used to do some tasks but they are not used for the general purposes of the Internet, they are used for more sophisticated side of the internet like the Tor network, and multiple torrent networks.
Brief note on the TCP/IP Model
The TCP/IP (Transmission Control Protocol/Internet Protocol) Model is in its simplicity, a suite of rules, regulation, and, protocols to be used by the computers connected in the intranet(local interconnected computers), or the extranet(externally interconnected computers). The Model allows for a fluid and systematic interaction between systems, which allows more predicatable outcomes for data transfer. To learn about it in detail, you can refer from here. The referred article also lists some differences between TCP/IP and other models used in the Internet.
Now, back to our topic, Since the inception of firewalls, attackers and bad actors have found many ways to bypass the methods used by the firewalls, to infect their target and firewalls have adapted to handle these newer types of attacks. This has led to a growth in wide variety of different types of firewalls, We will discuss each of them in detail.
Types of firewall
There are many different types of Firewalls:
- Packet Filtering Firewalls
- Circuit Level Gateways
- Application Level Gateways
- Stateful Multi Level Inspection Firewalls
- Next Generation Firewalls
- Network Address Translation Firewalls
- Cloud Firewalls
- Unified Threat Management Firewalls
Packet Filtering Firewalls
Packet filtering firewalls are the simplest types of firewalls you can find. They work by applying a rule set and then checking if the incoming packet matches and if it doesn't it is discarded. Possible parameters of this rule set are, source IP address, and source and destination port. This type of firewall does not require many resources to instantiate, but is not the strongest of all the other types, since the parameters, themselves, are not that many and a packet may still be a bad actor even though it satisfies the rule set.
Circuit Level Gateways
Circuit Level Gateways work at the session level of the TCP/IP or OSI Interface, i.e., They check if the established connection is not tampered with or compromised by any external factor, or, a third party. This type of firewall, can help in preventing any type of a MITM(Man In The Middle) attacks.
Circuit Level Gateways, like packet filtering firewalls, do not check for the actual data held within the packet and rely on the packet's properties, they are not much efficient. They also do not require much computational strength to setup and hence are quite cheap to install on a system.
Application Level Gateways
Such type of firewalls, are installed on intermediate devices and act as a "proxy" between the client and the server. It forwards the packets from the client to the server, behaving as a client itself, for incoming packets it intercepts them and checks for any security risks before forwarding them.
The main goal of such firewalls is to maintain the privacy of the client, and prevent the client from accidentally infecting their own system. It works on the application layer of the TCP/IP Model, and due to its proxy like nature, it is also called the proxy firewall.
Stateful Multi Level Inspection Firewall
Stateful Multi Level Inspection Firewall or SMLI for short is a type of firewall that checks both the packet state, and the TCP handshake verification. They also maintain a record of established TCP connections. SMLI is vastly superior to both packet filtering firewalls and, circuit level gateways, because they include more checks for a packet when compared to these two.
When a client establishes a successful connection with the server, the firewall creates a new table(a session table, state table or database), over here it maintains a record of the connections made by the client, the source and destination information like the IP address and the ports. It inspects this records to identify any potential threats in the connection. Since the data it stores is ordered, this process is termed as stateful inspection.
SMLI requires tremendous amount of resources to store the state table and much more computing resources to effectively analyze the data it has stored, hence a base setup of an SMLI Firewall is not cost effective. Also due to the amount of data it has to analyze on every connection, the server may start responsing with a higher latency thus reducing the speed of the overall transaction.
Next Generation Firewalls
The term "Next Generation Firewall" NGFW for short, is a generic term that points to the firewall system used by modern firewall provision softwares. NGFWs work by combining the processes of inspection of various other firewalls, and the applying Deep Packet Inspection(DPI) on top of it.
What this essesntially means is that the contents of the incoming packets are thoroughly analyzed, and some form of analysis is applied to the data transfered by the packet to flag it as safe or a potential malware.
NGFW provides an even higher level of security when compared to stateful multi level inspection or SMLI. They are designed to prevent sophisticated attacks, and detect ever evolving malware, and advanced intrusions.
Threat-focused NGFW
Threat focused NGFW is an extension of NGFW. It includes all the features and capabilities of the actual NGFW, while including better threat detection and recovery from an infection or attack. Threat focused NGFWs utilize highly advanced algorithms to effectively recover from and reinforce security after an intrusion as soon as possible. NGFW set the rules and security policies on their own, and after any intrusion, the firewall learns the patterns and reinforces the security accordingly. Thus the system covered by such a firewall is extremely secure. Thes firewalls inspect the connections retrospectively even after the first inspection. This nature allows the connections to be faster compared to somthing like SMLI.
Network Address Translation Firewalls
Network Address Transaltion(or NAT) is another type of proxy firewall. It hides the IP addresses of the clients, and servers, reducing the chances of any direct attack.
A NAT firewall generates a unique IP address for the devices connected to the internet throught it. Any connection to be made to any of these devices is supposed to be made throught this single IP address. Based on further information in the packet the NAT then translates to the actual address of the required device. Thus the only detail actually exposed to the internet is the data the devices are supposed to expose. No external information is given out.
Like Application level Gateways, NAT also works on an intermediate device between the client and the server.
Cloud Firewalls
Cloud firewalls as the name suggests, are firewalls that are running on the cloud. These are also termed as Firewalls as Service. These firewalls are higly modular and configured to meet the requirements.
On big advantage the cloud firewalls have is that, since they do not exist on the consumer's physical hardware they do not have any physical resource boudary enforced on the consumer itself. The only resource they utilize from the perspective is their economy.
Note: Even though the firewalls do not run on the consumer's physical systems, they do tend to utilize system resources as deemed appropriate from the cloud, higher the usage, higher the price to use.
Unified Threat Management Firewall
Unified Threat Management(or UMT) are special kinds of firewalls, in that they combine the functionality of SMLI with those of an antivirus, and different types of intrusion prevention support. This allows for a more secure environment than SMLI alone.
UMTs focus on the security of a system, while allowing it to be flexible, such as allowing for cloud management, local network managent, etc.
Even though UMTs provide a higher security, they are not as advanced as NGFWs since, UMT just packs together multiple functionalities, while NGFW, binds them and maintains a proper synchronous flow of information.
NGFWs are used in more enterprise services, and servers, while UMTs are used for consumer market like a general home user.
Selecting which firewall is the best
When it comes to selecting the best firewall, there is no straight answer. Each type of firewall has its own perks and downsides. Rather than selecting any one of the available types of firewalls, it is always a better idea it combine multiple types, to provide a better, secure and flexible system. When chosing a firewall, always start with laying out the basic schematics of the service. It is better to use packet filtering and circuit level gateways for an external check, but use more advanced types of firewalls within the system. The selection of combination of firewalls boils down to the following factors,
- Scalability of the firewall (the firewall should be capable enough to protect a large network system).
- Availability of resources (If low on resources a cloud based firewall is a good solution).
- Requirements (If some for sensitive data is need to be secured a multi level firewall is always a good solution).
With this article at OpenGenus, you must have the complete idea of Different types of Firewall.