Wr1500, Chapter 11, Introduction to firewalls – ParkerVision WR1500 User Manual

WR1500

4-Port Wireless DSL/Cable Router

®

83

Chapter 11:

Introduction to Firewalls

This chapter gives some background information on fi rewalls and

introduces the WR1500 Wireless Router fi rewall.

11.1 Firewall Overview

Originally, the term Firewall referred to a construction technique designed to prevent the

spread of fi re from one room to another. The networking term “fi rewall” is a system or group of

systems that enforces an access-control policy between two networks. It may also be defi ned

as a mechanism used to protect a trusted network from an untrusted network. Of course,

fi rewalls cannot solve every security problem. A fi rewall is one of the mechanisms used to

establish a network security perimeter in support of a network security policy. It should never be

the only mechanism or method employed. For a fi rewall to guard effectively, you must design

and deploy it appropriately. This requires integrating the fi rewall into a broad information-

security policy. In addition, specifi c policies must be implemented within the fi rewall itself.

11.2 Types of Firewalls

There are three main types of fi rewalls:

1. Packet Filtering Firewalls

2. Application-level Firewalls

3. Stateful Inspection Firewalls

11.2.1 Packet Filtering Firewalls

Packet fi ltering fi rewalls restrict access based on the source/destination computer network

address of a packet and the type of application.

11.2.2 Application-level Firewalls

Application-level fi rewalls restrict access by serving as proxies for external servers. Since they

use programs written for specifi c Internet services, such as HTTP, FTP and telnet, they can

evaluate network packets for valid application-specifi c data. Application-level gateways have a

number of general advantages over the default mode of permitting application traffi c directly to

internal hosts:
i. Information hiding prevents the names of internal systems from being made known via DNS

to outside systems, since the application gateway is the only host whose name must be made

known to outside systems.

ii. Robust authentication and logging pre-authenticates application traffi c before it reaches

internal hosts and causes it to be logged more effectively than if it were logged with standard

host logging. Filtering rules at the packet fi ltering router can be less complex than they would be

if the router needed to fi lter application traffi c and direct it to a number of specifi c systems.

The router need only allow application traffi c destined for the application gateway and reject

the rest.