Firewall+Technology+(JJ)

=Definition: What exactly is a firewall?=



In the internet definition, a firewall is NOT like the image above. "A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices configured to permit, deny, encrypt, decrypt or proxy all (in and out) computer traffic between different security domains based upon a set of rules and other criteria" (Sharma 2009, p. 80).

Abie (2000) describes a firewall as "a computer, router, or other communication device that filters access to the protected network" All firewalls must have these properties: =**History of the term**= The term firewall was originally used to refer to a wall meant to confine a fire or potential fire within a building (Sharma 2009, p. 81). More recent usages of the term refer to various similar structures, such as the metal sheets in various vehicles that separate the engine from the passenger compartments (Sharma 2009, p. 81). Firewall technology as we know it seems to be a cyberspace version of the two definitions mentioned; firewalls protect whatever is within the network from the viruses and malware, as well as unwanted access, in much the same way that physical firewalls contains a fire within a part of a building to protect people.
 * All traffic, whether incoming or outgoing, must pass through the firewall
 * The firewall only allows authorized traffic, which is described by the security policy of the network, to pass through it
 * The firewall is immune to penetration

Firewall Implementation Techniques

 * Packet filters**-these firewalls examine each packet that is trying to enter or leave a network and either accepts it or rejects it based on rules that are defined by the user. This type of firewall is generally effective, and typically it is transparent to users (they are not aware that this type of firewall is working on their network). However, configuring this type of firewall can be difficult. This firewall is also very vulnerable to IP spoofing (Sharma 2009, p. 80).


 * Application gateway**-using this firewall technique, users can apply various security tools to specific applications that they choose. For example, an user can apply security parameters to Telnet servers or FTP servers. This firewall technique can be effective, however it slows down network performance (Sharma 2009, p. 80).


 * Circuit-level gateway**-this technique uses security devices whenever either a TCP or UDP connection is initiated. After the connection has been made, packets are allowed to move from sender to receiver without the need for any more checking (Sharma 2009, p. 80).


 * Proxy server**-this type of firewall technique "intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses" (Sharma 2009, p. 80).

=Evolution of firewalls=

Generation 1-Packet Filters
The first paper dealing with firewalls was published in 1988 by engineers from Digital Equipment Corporation. Bill Cheswick and Steve Bellovin at AT&T further researched packet filtering and developed a working packet filtering model based on their research The way that packet filters work is to inspect the packets that pass into or out of the network. If a packet matches the user-defined rules, the filter will either drop the packet silently or discard the packet and send the source an error message. Packet filtering ignores whether a packet is part of a stream of traffic. Packet filters instead filter each packet individually based on the information contained in it (Sharma 2009, p. 81).

Generation 2: Stateful Filters
Three colleagues at AT&T Bell Laboratories, Dave Presetto, Janardan Sharma, and Kshitji Nigam began developing second generation firewalls, called stateful filters, in 1989 to 1990. In addition to inspecting packets, stateful filters also "regard placement of each individual packet within the packet series" (Sharma 2009, p. 81). These firewalls keep track of all of the various connections that are passing through the firewall, and it can decipher whether each packet is the start of a connection (such as an outgoing packet requesting a website), part of an already existing connection (a provider sending the requested website back to the network) or an unwanted packet (such as a hacker trying to send a virus into the network) (Sharma 2009, p. 81). The image below shows how stateful filters work.



Generation 3-Application Layer Firewalls
Around 1991, third generation firewalls we beginning to be developed by Gene Spafford at Purdue University, Bill Cheswick at AT&T Laboratories. Application layer firewalls, which are also called proxy-based firewalls, were first made available to the public on October 1, 1993. The main advantage of application level firewalls is that they "can understand certain applications and protocols...and it can detect whether an unwanted protocol is being sneaked through on a non-standard port or whether a protocol is being abused in any harmful way" (Sharma 2009, p. 81).

Hardware Firewalls and Software Firewalls
Firewalls can be either hardware firewalls or software firewalls. Ideally, a network security person would like to have both hardware and software firewalls.

Hardware firewalls can be purchased as stand-alone devices, but today they are generally found in broadband routers and are considered to be an important part of setting a system and network (Sharma 2009, p. 83). Hardware firewalls use packet filtering "to examine the header of a packet to determine its source and destination" (Sharma 2009, p. 83). The hardware firewall then compares this information to a set of rules that are either predefined or created by the user, and determines if the packet will be forwarded into the network or dropped (Sharma 200, p. 83) Users like using hardware firewalls because they require very little or no configuration to be effective, and they can protect all machines that are on a network (Sharma 2009, p. 83)

Software firewalls are the most popular type of firewalls among individual home users (Sharma 2009, p. 83). These types of firewalls are installed on computers like any other type of software, and software firewalls allow for customization, which gives users some control over how it functions, as well as its protection features.

Like any type of tool or technology, firewalls have limitations on what they can do. The limitations of firewalls are:
 * By nature, firewalls are a perimeter defense. While they can be effective at preventing unwanted access from outside of the network, they are powerless to stop any abuses or attacks that come from within the network (Abie 2000, p. 4).
 * Firewalls provide no real defense against malicious code like viruses and Trojan horses. Firewalls can, however, scan code of incoming packets for signs that could mean that a sender is trying to send malicious code (Abie 2000, p. 4).
 * Setting up rules for packet-filtering can be a complicated process. With any complicated process, there is the opportunity for errors to occur, which can lead to there being gaps in the network defense (Abie 200, p. 4).