The 3 Different Types of Firewalls Explained

Understand the difference between the main types of firewalls. I will cover in this article in a simple and objective way, about: packet filter, stateful packet filter and proxy firewall.

Packet filtering firewall

Everything that flows over the Internet carries a universe of information that makes it possible to trace it, indicating the path the packet must follow, such as an address. Every device that is connected to the Internet has an IP (Internet Protocol) address and a port (socket) number.

An IP address is a unique series of numbers that identifies computers on a network, so an IP address can easily be used to determine the location of a device or origin of an internet message. And the port number refers to the application layer of the OSI model, indicating to which application the information is connected. All this information is written in the packet header. Based on this set of information, the firewall will check the rules that have been established to either admit access or deny it.

There are two rule configurations that we can consider the most extreme on a given firewall which are:

1. Accept everything that is not denied in the rule.
2. Deny everything that is not accepted in the rule.

The advantage of this method is that it is relatively easy to implement in firewalls.

The disadvantage is that you cannot examine the content of the information, since it might have a hidden virus and because of this it would transit to the LAN.

Stateful Inspection Firewall

In this kind of firewall, there is a process of monitoring the connection between two elements, which can be a PC and a server, from the beginning to the end of this connection.

There, as well as previously established rules, we take into consider the origin of the communication process between the two parties involved, in our case the PC and the server.

Once a host initiates the connection process by requesting some information from the server in another segment, the firewall will track the intention of the connection and wait for a response coming from this server. If the monitored information is correct and complies with the established rule, the connection is considered viable and allowed.

Stateful firewall operation

The firewall identifies the protocol of the transited packets and makes a kind of comparison between what is happening and what is expected to happen, predicting legitimate responses.

From the view point of their operation, these devices (stateful firewall) will analyze all the data traffic flowing through them to find states (some patterns) that are classified as acceptable by the rules created and that should continue to be used to maintain communication.

The information is kept by the stateful firewall and will be the comparison arguments for analyzing subsequent traffic to avoid illegitimate packets.

Proxy

What is a proxy? It is hardware or software whose function will be to intermediate a communication process between client elements and a given server element. It performs these actions:

• Requests to the server, instead of the clients.
• Delivering answers to clients instead of the server.

Proxy Firewall Operation

fonte: https://www.youtube.com/watch?v=8qCsrh2bdoM

Similarly, a proxy firewall acts as an intermediary between the local client and a server at a given destination, for example on the Internet. It also monitors traffic over this course, protecting the network from possible threats.

Proxy firewalls are considered much more secure than simple firewalls because they prevent, since they have their own IP address, external access elements being able to have direct contact with the network segment that you want to protect.

Proxy firewalls have one disadvantage: they need to have higher performance and greater capacity, because they create extra connections with every packet that is sent or received, and as a result they can become performance offenders and become a network bottleneck.

Another negative peculiarity is that these types of firewalls do not necessarily have the entire universe of application protocols, so the number of possible applications decreases.

#cybersecurity #firewalls #study #packetfilter #stateful #proxyfirewall #security #informationsecurity #redteam #blueteam #network