Overview of Firewall Technologies

You are here: Technology Topics » Computer & Gadgets » Computer & Network Security » Firewalls - VPN » Overview of Firewall Technologies

This article is part of  “Firewalls and Firewall Policy in your Network” series. The starting article  is Firewalls and Network Architectures.

Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. While firewalls are often discussed in the context of Internet connectivity, they may also have applicability in other network environments.

For example, many enterprise networks employ firewalls to restrict connectivity to and from the internal networks used to service more sensitive functions, such as personnel or accounting. An organization can prevent unauthorized access to its systems and resources by employing firewalls to control connectivity to these areas. Inclusion of a proper firewall provides an additional layer of security.

Several types of firewall technologies are available. One way of comparing their capabilities is to look at the Transmission Control Protocol/Internet Protocol (TCP/IP) layers that each is able to examine. TCP/IP communications are composed of four layers that work together to transfer data between hosts.

When a user wants to transfer data across networks, the data is passed from the highest layer through intermediate layers to the lowest layer, with each layer adding more information. The lowest layer sends the accumulated data through the physical network, with the data then passed upwards through the layers to its destination. Simply put, the data produced by a layer is encapsulated in a larger container by the layer below it. The four TCP/IP layers, from highest to lowest are:

1. Application Layer. This layer provides the user interface with resources rich in application functions. It supports all network applications and includes many protocols on a data structure consisting of bit streams. It sends and receives data for particular applications, such as Domain Name System (DNS), Hypertext Transfer Protocol (HTTP), and Simple Mail Transfer Protocol (SMTP).
2. Transport Layer. This layer main purpose is to provide connection-oriented or connectionless services for transporting application layer services between networks (host and the server), and can optionally ensure communications reliability. For the Internet network TCP (transport control protocol)  and UDP (user datagram protocol) are  used transport layer protocols.
3. Network Layer (also known as the IP Layer). This layer routes packets (also called datagrams) across networks. Internet Protocol version 4 (IPv4) is the fundamental network layer protocol for TCP/IP. Other commonly used protocols at the network layer are Internet Protocol version 6 (IPv6), Internet Control Message Protocol  (ICMP), and Internet Group Management Protocol (IGMP). IP uses header information from the transport layer protocols that include datagram source and destination port numbers from IP addresses, and other TCP header and IP information, to move datagrams from router to router through the network.
4. Data Link Layer(also known as the Hardware Layer ). This layer handles communications ( move packets from one packet switch like a router to the next over connecting links) on the physical network components. The best known data link layer protocol is Ethernet.
5. The Physical Layer defines the electrical and physical specifications for devices. It is moving data link datagrams bit by bit over the links and between the network elements.

Addresses at the data link layer, which are assigned to network interfaces, are referred to as media access control (MAC) addresses—an example of this is an Ethernet address that belongs to an Ethernet card.

Firewall policies rarely concern themselves with the data link layer. Addresses at the network layer are referred to as IP addresses. The transport layer identifies specific network applications and communication sessions as opposed to network addresses; a host may have any number of transport layer sessions with other hosts on the same network.

The transport layer also includes the notion of ports—a destination port number generally identifies a service listening on the destination host, and a source port usually identifies the port number on the source host that the destination host should reply to.

This combination of source IP address and port with destination IP address and port helps define the session. The highest layer represents end user applications—firewalls can inspect application traffic and use it as the basis for policy decisions.

Basic firewalls operate typically on the lower layers, while more advanced firewalls examine all of the layers:application layer,transport layer,network layer and data link layer. Those that examine more layers can perform more granular and thorough examinations.

Firewalls that understand the application layer can potentially accommodate advanced applications and protocols and provide services that are user-oriented. For example, a firewall that only handles lower layers cannot usually identify specific users, but a firewall with application layer capabilities can enforce user authentication and log events to specific users.



10 Responses to “Overview of Firewall Technologies”

1. Dunbar says:

   I have a slow internet connection and I use only an antivirus.It is enough to be secure ?
2. admin says:

   It is not. Many times a minimal protection is equal with none, because the malware authors know how to trick or block antivirus or firewall solutions separately. So it is better to have an internet security suite instead only one type of protection.

   If your internet connection is slow I recommend using a firewall solution all the time and a antivirus and antispyware with scan on demand(will not affect the speed of internet). Also don’t visit unsecured sites and always be careful and scan your downloads.
3. Alex says:

   I just use Avast on Windows XP with dial up connection. It is working great ( I never had problems with infections ) without slowing my internet connection down too much.
4. Benjo says:

   I have used AVira Anti Virus, Checkpoint Zone Alarm Firewall and Malwarebytes. You can also us Adaware.

   They are all free for personal use and I have had no trouble with viruses,spyware or hackers.
5. Carla says:

   What is a System Crusher ?
6. admin says:

   It is a virus created by hackers with the role to completely disable the system (computer,network). This can be done in a number of ways. The usual approaches are:

   1) to destroy the system programs such as operating system, compilers, loaders, linkers and others. Another
   2) to self-replicate until the system is overwhelmed and crashes.
7. Carla says:

   What are Logic/Time Bombs viruses ?
8. admin says:

   Logic/Time Bombs are timed and commonly used type of virus to penetrate system, embedding themselves in the system’s software, and lying in wait until a trigger goes off.
9. Mark says:

   What are Packet-Filtering Firewalls ?
10. admin says:

    Packet-filtering firewalls validate packets based on protocol, source and/or destination IP addresses, source and/or destination port numbers, time range, Differentiate Services Code Point (DSCP), type of service (ToS), and various other parameters within the IP header.
11. Ken says:

    interesting post
12. P. Silva says:

    a very good article about Overview of Firewall Technologies