The definition of a firewall

The definition of a firewall
The three main firewall technologies
o The purpose of the main firewall technologies in the industry
The definition of network address translation (NAT)
o The purposes of using network address translation
Where to find more information about firewalls
Firewall Definition
A system or group of systems designed to preventunauthorized access to a network, a system, or
group of systems.
Purpose is to divide the world into two or more networks which exist at various security levels
– A “DMZ” network
– A secured zone
– An insecure zone, etc.
Firewall Technologies
Packet filtering
– 1st generation technologies
– Examples are routers
Application Proxy
– 2nd generation technologies
– Examples are SOCKS, Metaframe
Stateful Inspection
– 3rd Generation technologies
– Examples are Check Point FireWall-1, Cisco PIX
Packet Filters
Purpose is to filter traffic based on packet content, such as IP address or protocol type
Examines a packet at the network layer
– Application independent
Delivers good performance and scalability.
Least secure type of firewall - they are not application aware
– Cannot understand the context of a given communication (e.g. cannot read the
contents of a packet)
Application Layer Gateways
Examines all application layers, bringing context information into the decision process.
Every client/server communication requires two connections
– First connection is from the client to the firewall
– Second connection is from the firewall to the server
Proxies are application dependant, making scalability and support for new applications a
– Exception is SOCKS, which is a generic proxy which supports any TCP or UDP
Stateful Inspection
Provides the highest level of security possible
Provides full application-layer awareness without breaking the client/server model
Extracts the state-related information required for security decisions from all application
layers and maintains this information in a dynamic state table for evaluating subsequent
connection attempts.
Provides a highly secure solution
Maximum performance, scalability, and extensibility.
Network Address Translation
Known by the acronym NAT
Used to change the source IP, destination IP, or both
NAT is used for many reasons:
– A known shortage of IP addresses
– Ease and flexibility of network administration
– Security needs regarding Internet communications
NAT Modes
1-to-1 NAT
– Used to translate either the source or destination IP address, one for one
– Requires a mapping table to indicate which translation address belongs to which
physical address
– All traffic on one network can “hide” behind an interface of a NAT device
– Often used in conjunction with a private addressing scheme (e.g., an RFC1918
An example of Network Address Translation