Explanation
According to wikipedia
“A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices that is configured to permit or deny network transmissions based upon a set of rules and other criteria.”
The simplest explanation for home users is that a firewall is hardware or software used to keep malicious traffic from moving to or from your computer.
If you are a windows user the windows firewall is installed by default, if you are a BSD user the packet filter firewall is installed by default and if you are a Linux user depending on the kernel you are running you can use ipchains or iptables. Each offers their own advantages and disadvantages, in which in some cases it may be best to disable the built in firewall and install/purchase a third-party firewall to get better protection.
Firewall Types
There are two different ways to differentiate firewall, by installation type and by capabilities.
-
Installation Type
The reference to installation type is referring to how the firewall is installed.
-
Hardware Firewall
A Hardware firewall is a network appliance that is used to control the traffic on a network or sub-network. These are generally purchased and used by organizations to centralize the control of the network traffic.
-
Software Firewall
A Software firewall is a price of software that is installed on a client or server system to protect the single system from potentially malicious network traffic. Software firewall are what are installed in most home user systems.
-
-
Capabilities
-
Stateless Firewall
A stateless firewall is a firewall that is only able to monitor chosen ports, protocol and network packet information to make it’s choices. These for the most part are no longer is use, but should be discussed for comparison.
-
Stateful Firewall
A stateful firewall is a firewall that is able to make it’s decision based upon a ports, connected devices, protocols and network packet information. These firewall can be more useful because they can track which systems have been requested to speak with your client on various ports and close those ports to all but the chosen systems. So lets say your webbrowser goes through port 1526 to talk to google.com it will only allow google.com to respond through the port, in comparison a stateless firewall will allow any system ot respond through the newly opened port.
-
Application Firewall
An application firewall is a bit differnt than stateful of stateless firewall because it is not intended to filter all traffic, but to filter higher level traffic for specific protocols such as filtering web traffic by website. Generally application based firewall capabilities are included in proxy server software.
-
Comparison
The below list is not complete, but is intended only to give you a brief understanding of some of the firewall implementations in use.
Firewall Name | Supported OSs | Hardware of Software | Stateless of Stateful | Included in OS | Price |
---|---|---|---|---|---|
ipchains | Linux | Software | Stateless | YES 2.2 kernels |
Free |
iptables | Linux | Software | Stateful | YES 2.4 and 2.6 kernels |
Free |
windows firewall | MS windows xp + | Software | Stateful | YES | Free |
packet filter | FreeBSD, OpenBSD, NetBSD | Software | Stateful | YES | Free |
ipfw | Apple OSX | Software | Stateful | YES | Free |
Norton 360 Firewall | MS Windows | Software | Stateful | No | $79.99 USD + subscription |
McAffee Firewall | MS windows | Software | Stateful | No | $39.95 USD + subscription |
MS ISA Server | MS Windows Server | Software/Application | Stateless | No | $1,499+ USD |
Squid | Linux, BSD, Solaris, windows | Software/Application | Stateless | NO | Free |
Cisco ASA 5585-X | N/A | Hardware | Stateful | N/A | $140,000+ USD |
Hopefully the information covered in thie entry will assist you in choosing the best firewall for your needs an understanding the limitations based upon type.
Feel free to post comments about anything that I may have missed or ask questions about various firewall in the comments.