The firewall protects an internal network from malicious hackers or software on an external network. Firewalls filter potentially harmful incoming or outgoing traffic. Firewalls are used to subdivide internal networks on the Internet. It also protects individual computers. The five services that firewalls provide are packet filtering, application filtering, proxy server, circuit-level, and stateful inspection.
• Packet Filtering: A packet filtering firewall checks each packet crossing the device. It also inspects the packet headers of all network packets going through the firewall.
Source IP Address: It identifies the host that is sending the packet. Attackers can modify this
field in an attempt to conduct IP spoofing. Firewalls are configured to reject packets that arrive at
the external interface, that is either an erroneous host configuration or an attempt at IP spoofing.
Destination IP Address: This is the IP address that the packet is trying to reach.
IP Protocol ID: Each IP header has a protocol ID that follows. For example, Transmission
Control Protocol (TCP) is ID 6, User Datagram Protocol (UDP) is ID 17, and Internet Control
Message Protocol (ICMP) is ID 1.
Fragmentation Flags: Firewalls examine and forward or reject fragmented packets. A
successful fragmentation attack can allow an attacker to send packets that could compromise an
internal host.
IP Options Setting: This field is used for diagnostics. The firewall is configured to drop network
packets that use this field. Attackers can use this field in conjunction with IP spoofing to redirect
network packets to their systems.
• Application Filtering: This device will intercept connections and performs security inspections. The firewall acts as a proxy for connections between the internal and external network. The firewall enforce access control rules specific to the application. It is also use to check incoming e-mails for virus attachments. These firewalls are often called e-mail gateways.
• Proxy Server: A proxy server takes on responsibility for providing services between the internal and external network. Proxy server can be used to hide the addressing scheme of the internal network. It can also be used to filter requests based on the protocol and address requested.
• Circuit-Level: A circuit-level firewall controls TCP and UDP ports, but doesn't watch the data
transferred over them. If a connection is established, the traffic is transferred without any further
checking.
• Stateful Inspection: An inspection firewall works at the Network layer. It assesses the IP header
information. It also monitors the state of each connection. Connections are rejected if they attempt any actions that are not standard for the given protocol. These listed firewall features can be implemented in combination by a given firewall implementation. Placing a lot of firewalls in series is a common practice to increase security at the network perimeter.
- Related Articles
- Related Q&A
- Comptia Security+ Article on Firewall Security Advantages and Firewall Functions
- Internet Security: 8 Proven Tactics to Eliminate Threats from Spam, Viruses, and Hackers
- Start Up Guide to Become an Information Security Consultant
- Online Voting Security Takes a Quantum Leap
- Cisco Networking Certifications - Free Video Tutorials
- How To Secure Your PC, Software And Data
- What Everybody Ought to Know: It's No Longer Enough to Install Off-the-shelf Security Software
- Network Security: Firewalls
A Career in Publishing – Role of Vocational Studies in Developing a Good Career
By: michaelrussell | 09/07/2009Reading on the website is quite different from reading a magazine. Just as we search a website that looks clean and is cool for the eyes, the magazine too should have cool colors, good quality pages, and a good layout that does not spoil the overall look of the magazine. There are many things involved in publishing a newspaper or magazine, novel or a book, and flyers or a brochure.
10 Tips for Capturing e-Learning Audio
By: Stuart Campbell | 07/07/2009The goal of this article is to provide you information on how to get the audio in a format suitable for an e-learning course-authoring tool. The article will focus on capturing and editing audio at the basic level and certainly, the 10 tips listed below should help get you moving in the right direction.
Convert 'paper' resources and face-to-face lessons into Moodle
By: Afsha Walele | 06/07/2009"Moodle Course Conversion: Beginner's Guide" by Ian Wild, will help taking existing classes online quickly. This book shows you the quickest way to start using Moodle and e-learning, by bringing your existing lesson materials into Moodle. You can move your existing course notes, worksheets, and resources into Moodle quickly. It requires no prior knowledge of Moodle; but even experienced Moodlers will find this useful for converting 'paper' resources and face-to-face lessons into Moodle.
how to learn spanish language in easy way
By: suresh | 04/07/2009People of every matures and powers can ensure Spanish quickly if they select the appropriate method for doing indeed. The prospering supremacy of whatever language needs a combination of techniques to assist prospering speaking, listening and composing the terminology aright. This clause pass on track the most capable method acting s for learning any spoken language, especially Spanish.
GED Guide Against Scams & Rip Offs
By: Ronald Newton | 03/07/2009Common sense detection and avoidance of the traps and snares.
HTML Tutorial:
By: Padraig MacGiolla | 30/06/2009If you can type your name on a computer and you know the difference between Save and SaveAs, then by the end of this article you will be able to create a webpage. To most nerds of computer programming, html is not even a programming language. They are right about one thing, its easy and with very little practice you can be developing your own webpage. So forget about the science and lets get straight to it.
How to Create and Distribute a Class PowerPoint Presentation
By: pptarticle | 29/06/2009how to make a fine class PowerPoint presentation, and how to distribute a PowerPoint masterpiece without any loss of effect.
Make a Screencast for Thesis Defense Presentation
By: Adward | 25/06/2009Screencasts are widely used in illustrate technical concepts and operation procedures. Screencasting software is a helpful presentation tool to create screencasts for software and system demonstration in technoloty thesis defense presentation.
Free Ccna Wirless Tutorial
By: M. Aslam | 10/01/2009 | HardwareFree Cisco CCNA Wireless tutorial on Wireless Technology
Windows Vista Ultimate Edition Features
By: M. Aslam | 17/12/2008 | SoftwareWindows Ultimate is unique in that it not only features all the features of the other Windows editions, but also includes downloadable Windows Ultimate Extras.
What’s New in Windows Vista?
By: M. Aslam | 17/12/2008 | SoftwareThere’s more. Behind the scenes, Windows Vista is a vastly improved operating system. It’s more secure. It’s less prone to critical failures and file corruption.
Microsoft Windows Vista Features of Different Versions
By: M. Aslam | 17/12/2008 | SoftwareThe company released a number of different Windows Vista editions, each aimed at a different market segment. Windows Vista Starter, which is only available in emerging markets, is a barebones operating system for the simplest computers.
Introducing Microsoft Operating Systems Includes Windows Vista, Xp, 2000, Nt, 3.1 and Dos
By: M. Aslam | 17/12/2008 | SoftwareBasic Information about Microsoft operating systems includes Microsoft Windows Vista, XP, 2000, Windows NT.
Computer Training
By: M. Aslam | 16/12/2008 | Information TechnologyThe basic purpose of computer training programs is to guide the people that they can use the computer in their daily routine while doing their jobs and performing their tasks
Comptia A+, Network+ Certification Tutorial – Function of Network Hubs
By: M. Aslam | 22/11/2008 | Information TechnologyA hub is a device used to connect all of the computers on a star or ring network. A hub is nothing more than a box with a series of cable connectors in it.