What Is a Firewall?
A firewall is the first
line of defense for your network. The basic purpose of a firewall is to keep
uninvited guests from browsing your network. A firewall can be a hardware
device or a software application that is usually positioned at the perimeter of
the network to act as the gatekeeper for all incoming and outgoing traffic.
A firewall allows you to
establish certain rules to identify the traffic that should be allowed in or
out of your private network. Depending on the type of firewall that is
implemented, you can restrict access to only certain IP addresses and domain
names or you can block certain types of traffic by blocking the TCP/IP ports
they use.
How Does a Firewall Work?
There are basically four
mechanisms used by firewalls to restrict traffic. One device or application may
use more than one of these to provide in-depth protection. The four mechanisms
are packet filtering, circuit-level gateway, proxy server, and application
gateway.
Packet Filtering
A packet filter
intercepts all traffic to and from the network and evaluates it against the
rules you provide. Typically the packet filter can assess the source IP
address, source port, destination IP address, and destination port. It is these
criteria that you can filter to allow or disallow traffic from certain IP
addresses or on certain ports.
Circuit-Level Gateway
A circuit-level gateway
blocks all incoming traffic to any host but itself. Internally, the client
machines run software to allow them to establish a connection with the
circuit-level gateway machine. To the outside world, it appears that all
communication from your internal network is originating from the circuit-level
gateway.
Proxy Server
A proxy server is
generally put in place to boost the performance of the network, but it can act
as a sort of firewall as well. Proxy servers hide your internal addresses so
that all communications appear to originate from the proxy server itself. A
proxy server caches pages that have been requested. If User A goes to
Yahoo.com, the proxy server sends the request to Yahoo.com and retrieves the
webpage. If User B then connects to Yahoo.com, the proxy server just sends the
information it already retrieved for User A so it is returned much faster than
having to get it from Yahoo.com again. You can configure a proxy server to
block access to certain websites and filter certain port traffic to protect
your internal network.
Application Gateway
An application gateway is
essentially another sort of proxy server. The internal client first establishes
a connection with the application gateway. The application gateway determines
if the connection should be allowed or not and then establishes a connection with
the destination computer. All communications go through two connections —
client to application gateway and application gateway to the destination. The
application gateway monitors all traffic against its rules before deciding
whether to forward it. As with the other proxy server types, the application
gateway is the only address seen by the outside world, so the internal network
is protected.
Resources:
1-https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-work
2-https://www.comodo.com/resources/home/how-firewalls-work.php
3-https://www.bullguard.com/bullguard-security-center/pc-security/computer-security-resources/how-does-a-firewall-work.aspx
4-https://www.alienvault.com/blogs/security-essentials/explain-how-firewalls-work-to-me
Context - what has this research told you? What impact (if any) has it had on your aims and objectives for your research project?
ReplyDelete