Network Firewalls Or Hardware Firewalls | Part 1

Network Firewalls Or Hardware Firewalls | Part 1

Network Firewalls Or Hardware Firewalls

An external (network or hardware) firewall manufactures a controlled connection between two networks. That could be, for example, a private network LAN and Internet WAN, but is also possible to connect different network segments of the same network. The firewall monitors the traffic going through them and decides according to defined rules to determine whether certain network packets are allowed through or not. In this way, the firewall’s private network or the network segment is trying to protect against unauthorized access.

By breaking the rules aside, there is no function of a firewall to detect and prevent attacks. It is only to communicate only certain relationships – based on allowing the sender or destination address, and use services for the detection of attacks are known as IDS modules jurisdiction, which may well put on a firewall. But they do not belong to the firewall module.

A firewall consists of hardware and software components. Hardware firewalls are devices with network interfaces, such as routers or proxy, software components have their operating systems and firewall software, including the packet filter or proxy.

The crucial distinction to the Personal Firewall is that the software is an external firewall is not on the protected system itself works, but runs on a separate device that conveys the traffic between the networks.

Basic Principle, not only justifies the transition from the LAN to the Internet using a firewall. Between two or more organizational networks can use a firewall to accommodate the varying needs of network protection zones into account, for example, are stored in a separation between the office network from the Network of Human Resources, in which personal data.

For the configuration of a firewall, the administrator should have a sound knowledge of networking protocols, routing, network and information security. Even small mistakes can make the protection of a firewall to nothing. Basically, you should prepare before installing a firewall approach to properly assess their own requirements and can compare them to the possibilities and limitations of the Firewall.

It is only when one knows to what scenarios you want to reach a certain level of security, one can worry about the how. In larger organizations, this is usually implemented its own security policy.

Emergence of the firewall

In the early days of Internet attacks were largely unknown within the network. Only in 1988 was programmed by Robert Morris, the first computer worm. The so-called Morris worm spread by taking advantage of some Unix services, such as sendmail, finger, or rexec and the r-protocols.

Although the worm had no direct damage routine, although he paralyzed because of his aggressive proliferation around 6,000 computers – the equivalent at that time about 10% of the global network. The first was in 1985 packet filters built into their routers from Cisco. The first study on the filtering of network traffic was published in 1988 by Jeff Mogul.

Firewall Types: External (network / hardware) firewall

Typically, a network device or hardware firewall is called when there is a dedicated device that separates at least two network segments from each other. We distinguish between:

Bridging Firewall

Here, the network interface as a bridge today (rather, the term coupled switch known). A bridge is meant to connect two physically separate network segments together. It is characterized by the fact that they only data (frames) in each other segment, if the participant is also addressed in the segment. These form the basis for filtering Low-Level addresses (MAC) data frames. In order to do their work requires a bridge for themselves so no higher (IP) addresses (unlike a router, it will be) at this level of no communication partner addressed directly and is therefore practically invisible on the net and on this level is not vulnerable. However, the bridging firewall can be configured accordingly, usually by a higher (Assign IP address) so that they can not only locally, but administered from the network. So that their filtration is not limited to Low-Level addresses remain, the bridging firewall differs from a typical bridge so that they are also internally accesses to higher protocol layers.

Thus, it is able to filter IP addresses and port numbers, sometimes including ‘Stateful’ Packet Inspection. In addition, it can also redirect addresses (IP and port forwarding), when the bridging firewall is part of the communication channel. Can be realized such a firewall, for example with the NetFilter framework.

Routing Firewall

Here are the network interfaces are coupled as a router. This is the most common type, they come in virtually all SoHo devices (for personal use and small businesses), but sometimes also for larger systems are used. Compared to the bridge, a router operates at a higher level of abstraction by between different IP domains (subnets) (gives all ways, which will take a network packet in meshed networks, maintained the traditional router) using the IP address.

A disadvantage is the fact that a patch firewall, therefore the network is visible and can be directly affected (whether they appear as a link between the two subnets – without NAT router – or it is even mentioned as an alleged communication partner – in NAT router mode).

The NAT mode is a possible feature of the router and has worked with the firewall function provides the appropriate filter options are available, first of all do nothing. However, he describes the behavior of the firewall, if it is put on such a device: In NAT mode, from the private sector, mainly through DSL router know this is from their own firewall external address to the respective internal client that has connection to external network (the Internet has produced).

Figuratively, they will function as an automated mailbox, which all outgoing packets that pass through the firewall, provides with its own IP address. Thus it ensures that the target system will send the response packets again to the “mailbox”. Thanks to a special NAT management (PAT) recognizes it, belongs to which internal device from the Internet incoming response packet.

There they will forward the packet, without requiring the sender knows from the Internet, the real (internal) address of its communication partner. In this mode, it hides – just like a proxy firewall – the structure of the internal network, as opposed to having an impact but not in a position to close the connection. This behavior is not possible on a bridging firewall.


About The Author: Santosh

Santosh is an experienced content writer with good search engine optimisation skills. Santosh works with our marketing department in the creation of articles and how-to guides for our company blog and knowledgebase.

Leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.