A firewall is a hardware and/or software which functions in a networked environment to block unauthorized access while permitting authorized communications. Firewall is a device and/or a sotware that stands between a local network and the Internet, and filters traffic that might be harmful. Firewalls can be either stand-alone systems or included in other devices such as routers or servers.
Hardware firewalls are separate devices which function as dedicated firewalls (They also contain software but normally stored in ROM to prevent tampering). Cisco and Checkpoint are the two leading companies which make hardware firewalls.
Software firewalls can be installed on servers or workstations and they help to prevent unwanted inbound and outbound traffic. Microsoft ISA Server, Zone Alarm, Comodo etc are some leading software based firewalls. Linux Operating System include and Open Source firewall called iptables.
Firewalls can be classified in to four based on whether they filter at the IP packet level, at the TCP session level, at the application level or hybrid.
1. Packet Filtering Firewalls: Packet filtering firewalls are functioning at the IP packet level. Packet filtering firewalls filters packets based on addresses and port number. Packet filtering firewalls can be used as a weapon in network attack defense against Denial of Service (DoS) attacks and IP Spoofing attacks.
2. Circuit Gateways: Circuit gateways firewalls operate at the transport layer, which means that they can reassemble, examine or block all the packets in a TCP or UDP connection. Circuit gateway firewalls can also Virtual Private Network (VPN) over the Internet by doing encryption from firewall to firewall.
3. Application Level Firewalls (Proxies): Application proxies are configured in multi-homed server and they are often used instead of router-based traffic controls, to prevent traffic from passing directly between networks. Application proxy-based firewalls function at the application level. At this level, you can block or control traffic generated by applications. Application-Level Firewalls can enforce correct application behavior, and can help to block malicious. Application-Level Firewalls can log user activity also. Application-level firewalls may also include protection against spam and viruses. Application-Level Firewalls can block Web sites based on its content rather than just IP address. Application Proxies can provide very comprehensive protection against a wide range of threats.
4. Hybrid Firewalls: A hybrid firewall may consist of a pocket filtering combined with an application proxy firewall, or a circuit gateway combined with an application proxy firewall.