What is a firewall, Types of firewalls, Packet filtering firewalls – ZyXEL Communications Broadband Security Gateway P-312 User Manual

P312 Broadband Security Gateway

What Is a Firewall?

13-1

Chapter 13

What is a Firewall

This chapter gives some background information on firewalls.

Originally, the term firewall referred to a construction technique designed to prevent the spread of fire from
one room to another. The network term firewall is typically defined as a system or group of systems that
enforces an access-control policy between two networks. It may also be defined as a mechanism used to
protect a trusted network from an untrusted network. Of course, firewalls cannot solve every security
problem. A firewall is

one

of the mechanisms used to establish a network security perimeter in support of a

network security policy. It should never be the

only

mechanism or method employed. For a firewall to

guard effectively, you must design and deploy it appropriately. This requires integrating the firewall into a
broad information-security policy. In addition, specific policies must be implemented within the firewall
itself.

13.1 Types of Firewalls

There are three main types of firewalls:

1. Packet Filtering Firewalls

2. Application-level Firewalls

3. Stateful Inspection firewalls

13.1.1 Packet Filtering Firewalls

Packet Filtering Firewalls restrict access based on the source/destination of the computer network address
and the type of application. The Prestige has packet filtering capabilities.

13.1.2 Application-level Firewalls

Application-level Firewalls restrict access by serving as proxies for external servers. Since they use programs
written for specific Internet services, such as HTTP, FTP, and telnet, they can evaluate network packets for
valid application-specific data. Application-level gateways have a number of general advantages over the
default mode of permitting application traffic directly to internal hosts:

i.

Information hiding prevents the names of internal systems from being made known via DNS to
outside systems, since the application gateway is the only host whose name must be made known to
outside systems.

ii.

Robust authentication and logging pre-authenticates application traffic before it reaches internal
hosts and causes it to be logged more effectively than if it were logged with standard host logging.
Filtering rules at the packet filtering router can be less complex than they would be if the router