1.Packet Filter Firewalls
2.Application Proxy Firewalls
3.Packet Inspection Firewalls
Packet Filter Firewalls
They are the earliest type of firewall, and nowadays they are not used. They are router-based firewalls. Whenever this firewall receives a request to pass through, it compares the source and destination IP address and port numbers with a per-defined access control rules. If this information matches the packet is passed, else the packet is discarded or terminated.
Application Proxy Firewalls
It was believed that earlier type of firewall was not secure as it allowed the direct connection between the trusted and untrusted systems. This problem was overcomes with the use of Application Proxy Firewalls, which was developed by DARPA.
This kind of firewall check what service or daemon is running on the port a packet is meant for, and if that particular service is running then the packet is allowed to pass else the packet is discarded or terminated. Once this is done the firewall extracts the data and delivers it to the appropriate service.
Packet Inspection Firewalls
Packet Inspection Firewall are just similar to Packet Filter Firewalls. It not only verifies the source and destination IPs and ports, it also verifies the content of the data before passing. There are two ways in which Packet Inspection Firewall inspects the data.
a.State
b.Session
Firewall Configuration
Firewalls can be configured by adding one or more filter under below mentioned conditions
Ports: Each and every server available on a web server is running on a specified port. Ports can also be explained as virtual doors present on a server through which services are made available. Suppose a computer is running a Server (HTTP) it is basically available on port 80. Other services like SMTP runs on port 25, telnet on port 23, FTP on port 21. If the server is made available for public use then these ports are open else they are blocked using firewall.
Domain Names: Blocking of certain domain names or websites can be done using firewalls. Firewalls are generally used in schools, offices and at homes to block websites.
Bypassing Firewalls using Proxies and Sockets.
Proxies: These are the program which stays in between of a computer and a firewall. The data passed from the computer, first have to pass from the proxy. After it is passed through the proxy it reaches the destination. So no direct connection is established between the client and the server. Proxy servers can also be used to bypass firewall to access restricted domain name or websites.
Sockets: They are used to tunneling the connection over the internet for better security. Tunneling provides a better and more secure way for data transfer.
0 comments:
Post a Comment