January 3, 2011

Explanation of Firewalls





According to wikipedia
"A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices that is configured to permit or deny network transmissions based upon a set of rules and other criteria."
The simplest explanation for home users is that a firewall is hardware or software used to keep malicious traffic from moving to or from your computer.

If you are a windows user the windows firewall is installed by default, if you are a BSD user the packet filter firewall is installed by default and if you are a Linux user depending on the kernel you are running you can use ipchains or iptables. Each offers their own advantages and disadvantages, in which in some cases it may be best to disable the built in firewall and install/purchase a third-party firewall to get better protection.



Firewall Types

There are two different ways to differentiate firewall, by installation type and by capabilities.

  • Installation Type

    The reference to installation type is referring to how the firewall is installed.

    • Hardware Firewall

      A Hardware firewall is a network appliance that is used to control the traffic on a network or sub-network. These are generally purchased and used by organizations to centralize the control of the network traffic.

    • Software Firewall

      A Software firewall is a price of software that is installed on a client or server system to protect the single system from potentially malicious network traffic. Software firewall are what are installed in most home user systems.

  • Capabilities

    • Stateless Firewall

      A stateless firewall is a firewall that is only able to monitor chosen ports, protocol and network packet information to make it's choices. These for the most part are no longer is use, but should be discussed for comparison.

    • Stateful Firewall

      A stateful firewall is a firewall that is able to make it's decision based upon a ports, connected devices, protocols and network packet information. These firewall can be more useful because they can track which systems have been requested to speak with your client on various ports and close those ports to all but the chosen systems. So lets say your webbrowser goes through port 1526 to talk to google.com it will only allow google.com to respond through the port, in comparison a stateless firewall will allow any system ot respond through the newly opened port.

    • Application Firewall

      An application firewall is a bit differnt than stateful of stateless firewall because it is not intended to filter all traffic, but to filter higher level traffic for specific protocols such as filtering web traffic by website. Generally application based firewall capabilities are included in proxy server software.




The below list is not complete, but is intended only to give you a brief understanding of some of the firewall implementations in use.

Firewall Name Supported OSs Hardware of Software Stateless of Stateful Included in OS Price
ipchains Linux Software Stateless YES
2.2 kernels
iptables Linux Software Stateful YES
2.4 and 2.6 kernels
windows firewall MS windows xp + Software Stateful YES Free
packet filter FreeBSD, OpenBSD, NetBSD Software Stateful YES Free
ipfw Apple OSX Software Stateful YES Free
Norton 360 Firewall MS Windows Software Stateful No $79.99 USD + subscription
McAffee Firewall MS windows Software Stateful No $39.95 USD + subscription
MS ISA Server MS Windows Server Software/Application Stateless No $1,499+ USD
Squid Linux, BSD, Solaris, windows Software/Application Stateless NO Free
Cisco ASA 5585-X N/A Hardware Stateful N/A $140,000+ USD


Hopefully the information covered in thie entry will assist you in choosing the best firewall for your needs an understanding the limitations based upon type.

Feel free to post comments about anything that I may have missed or ask questions about various firewall in the comments.

Click Here!