• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Network Security FAQs
• What is a firewall?
• How does firewall protection work?
• Where can I download a free firewall?
• What is a personal firewall?
• Where can I download a free personal firewall?
• What is a mobile firewall?
• How do I configure wireless security?
• What is a DMZ?
• What is an Intrusion Detection System (IDS)?
• What is a packet sniffer?
• How do I monitor Wireless Traffic?
• What is a port scanner?
• What is port forwarding?
• What is a VPN (Virtual Private Network)?
• What is a IPsec?
• What is a ISAKMP?
• What is a IKE?
• What is TLS (Transport Layer Security)?
• What is a TCP sequence prediction attack?
• What is packet fragmentation?
• What are possible defenses against a botnet attack?
• What is a honeypot?
• What is a Denial of Service (DoS) attack?
• What is IP address spoofing?
• What is cyber-warfare?
• What is identity management?
• What is federated identity management?
• What is single sign-on?
• What is role based access control?
• What is AAA?
• What is authentication?
• What is authorization?
• What is accounting?
• What is RADIUS?
• What is SAML?
• What is Kerberos?
• What is LDAP?
• What security issues does LDAP have?
• What is two factor authentication?
• What are biometrics?
• What is a honey monkey?
• What are the rainbow books?
• How do I disable the XP firewall?
• What are the main online security threats?
• How do I disable the Netgear Router firewall?
• What is Cisco VPN error 412?
• What is Peer Guardian?
• What is a RADIUS Server?
• What is Access Control?
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

What is a Firewall?

A firewall is a system that is set up to control traffic flow between two networks. Firewalls are most commonly specially configured Unix systems, but firewalls have also been built out of many other systems, including systems designed specifically for use as firewalls. The most common commercial firewall today is CheckPoint FireWall-1, but competitors such as Cisco's PIX are quickly catching up on CheckPoint.

Many people disagree on the definition of a firewall, and in this discussion I will use the term loosely.

The Packet Filtering Firewall

One type of firewall is the packet filtering firewall. In a packet filtering firewall, the firewall examines five characteristics of a packet:

• Source IP address
• Source port
• Destination IP address
• Destination port
• IP protocol (TCP or UDP)

Based upon rules configured into the firewall, the packet will either be allowed through, rejected, or dropped. If the firewall rejects the packet, it sends a message back to the sender letting him know that the packet was rejected. If the packet was dropped, the firewall simply does not respond to the packet. The sender must wait for the communications to time out. Dropping packets instead of rejecting them greatly increases the time required to scan your network. Packet filtering firewalls operate on Layer 3 of the OSI model, the Network Layer. Routers are a very common form of packet filtering firewall.

An improved form of the packet filtering firewall is a packet filtering firewall with a stateful inspection engine. With this enhancement, the firewall "remembers" conversations between systems. It is then necessary to fully examine only the first packet of a conversation.

The Application-Proxy Firewall

Another type of firewall is the application-proxy firewall. In a proxying firewall, every packet is stopped at the firewall. The packet is then examined and compared to the rules configured into the firewall. If the packet passes the examinations, it is re-created and sent out. Because each packet is destroyed and re-created, there is a potential that an application-proxy firewall can prevent unknown attacks based upon weaknesses in the TCP/IP protocol suite that would not be prevented by a packet filtering firewall. The drawback is that a separate application-proxy must be written for each application type being proxied. You need an HTTP proxy for web traffic, an FTP proxy for file transfers, a Gopher proxy for Gopher traffic, etc... Application-proxy firewalls operate on Layer 7 of the OSI model, the Application Layer.

The Application-Gateway Firewall

Application-gateway firewalls also operate on Layer 7 of the OSI model. Application-gateway firewalls exist for only a few network applications. A typical application-gateway firewall is a system where you must telnet to one system in order telnet again to a system outside of the network.

The SOCKS Firewall

Another type of application-proxy firewall are SOCKS firewalls. Where normal application-proxy firewalls do not require modifications to network clients, SOCKS firewalls requires specially modified network clients. This means you have to modify every system on your internal network which needs to communicate with the external network. On a Windows or OS/2 system, this can be as easy as swapping a few DLL's.

Purchase these excellent books on firewalls at Amazon.com

Free White Papers on Networking

Vulnerability Management for Dummies

Our friends at Qualys are offering free copies of the electronic version of Vulnerability Management for Dummies to Tech-FAQ readers. Vulnerability Management for Dummies: Explains the critical need for vulnerability management Details the essential best-practice steps of a successful vulnerability management program Outlines the various vulnerability management solutions - including the advantages and disadvantages of each Highlights the award-winning QualysGuard vulnerability management solution Provides a ten point checklist for removing vulnerabilities from your key resources

Latest Blog Posts

• Windows 7 Forum

• Boston College: Ability to Use a Command Line is a Sign of Criminal Activity

• Google Hacked?

• Recycle your old phone – Make some money, and save the environment too!

• SourceForge vs. Freshmeat

• Fastest Web Browser: Google Chrome

• New Webmaster Forum

• Ubuntu Security Tools

• Terrorists Go Hi-Tech

• How to Dry a Cell Phone That's Come in Contact with Water