Question

Describe the different types of firewalls that are on the market today and how they differ from one another. Please write two paragraphs on the matter and please explain properly.

Answer 1

A firewall is a type of cyber security tool that is used to filter traffic on a network. Its main goal is to block malicious traffic requests and data packets while allowing legitimate traffic through.Firewalls can be used to separate network nodes from external traffic sources, internal traffic sources, or even specific applications. Firewalls can be software, hardware, or cloud-based, with each type of firewall having its own unique pros and cons.

Firewall examine all the data packets passing through them to see if they meet the rules defined by the ACL (Access Control List) made by the administrator of the network. Only, If the Data Packets are allowed as per ACL, they will be Transmitted over the Connection.

There are five types of firewall which are:

1. Packet filtering firewall
2. Circuit-level gateway
3. Stateful inspection firewall
4. Application-level gateway (aka proxy firewall)
5. Next-generation firewall (NGFW)

All are explained below.

Packet Filtering Firewall

• Packet Filtering Firewalls are normally Deployed on the Routers which connect the Internal Network to Internet. Packet Filtering Firewalls can only be Implemented on the Network Layer of OSI Model.
• Packet Filtering Firewalls work on the Basis of Rules defines by Access Control Lists. They check all the Packets and screen them against the rules defined by the Network Administrator as per the ACLs. If in case, any packet does not meet the criteria then that packet is dropped and Logs are updated about this information.
• Administrators can create their ACLs on the basis Address, Protocols and Packet attributes.
• The Biggest Advantage of Packet Filtering Firewalls is Cost and Lower Resource Usage. Best Suited for Smaller Networks.
• Its disadvantage is Packet Filtering Firewalls can work only on the Network Layer and these Firewalls do not support Complex rule based models. Also Vulnerable to Spoofing in some Cases.

Circuit-level gateway

• Circuit level gateways are deployed at the Session layer of the OSI model and they monitor sessions like TCP three way handshake to see whether a requested connection is legitimate or not.
• Major Screening happens before the Connection is Established.
• Information sent to a Computer outside the network through a circuit level gateway appears to have originated from the Gateway. This helps in creating a stealth cover for the private network from outsiders.
• Its advantage is Circuit level gateways are comparatively inexpensive and provide Anonymity to the private network.
• Its limitation is Circuit level Gateways do not filter Individual Packets. After Establishing a Connection, an Attacker may take advantage of this.

Stateful inspection firewall

• State-aware devices, on the other hand, not only examine each packet, but also keep track of whether or not that packet is part of an established TCP or other network session.
• This offers more security than either packet filtering or circuit monitoring alone but exacts a greater toll on network performance.
• A further variant of stateful inspection is the multilayer inspection firewall, which considers the flow of transactions in process across multiple protocol layers of the seven-layer
• Stateful multilayer Inspection Firewall is a combination of all the firewalls .
• They can Filter packets at Network layer using ACLs, check for legitimate sessions on the Session Layers and they also evaluate packets on the Application layer (ALG).
• Stateful Multilayer Inspection Firewall can work on a Transparent mode allowing direct connections between the client and the server which was earlier not possible.
• Stateful Multilayer Inspection firewall can also implement algorithms and complex security models which are protocol specific, making the connections and data transfer more secure.

Application-level gateway

• This kind of device -- technically a proxy and sometimes referred to as a proxy firewall -- combines some of the attributes of packet filtering firewalls with those of circuit-level gateways.
• They filter packets not only according to the service for which they are intended -- as specified by the destination port but also by certain other characteristics,like HTTP request string.
• Application level gateway would work only for the protocols which is configured. For example, if we install a web proxy based Firewall than it will only allow HTTP Protocol Data. They are supposed to understand application specific commands such as HTTP:GET and HTTP:POST as they are deployed on the Application Layer, for a Specific Protocol.
• Application level firewalls can also be configured as Caching Servers which in turn increase the network performance and makes it easier to log traffic.

Next-generation firewall

• A typical NGFW combines packet inspection with stateful inspection and also performs some variety of deep packet inspection, as well as other network security systems, such as intrusion detection/prevention, malware filtering and antivirus.
• Deep packet inspection looks at the actual data the packet is carrying.While packet inspection in traditional firewalls looks exclusively at the protocol header of the packet,
• A deep packet inspection firewall also tracks the progress of a web browsing session and is capable of noticing constitation of  a legitimate HTML formatted response, when a packet payload assembled with other packets in an HTTP server reply.