What are: Packet filtering, Circuit level, Application Level and Stateful Multilayer inspection Firewalls

1. Packet Filtering Firewalls:

Packet Filtering mechanisms work in the network layer of the OSI model. In packet filtering, each packet passing through a firewall is compared to a set of rules before it is allowed to pass through. Depending on the packet and the rule, the packet can be either dropped, sent through or a message can be forwarded to the originator. The rules which determine which packets to be sent, and which not to be sent can be based on the source and destination IP address, source and destination port number or the protocol used. Packet filtering can also be done at the router level, providing an additional layer of security. For example, if a certain destination IP address is found in a packet, it could be dropped or if the packet confirms to a certain protocol (eg. http), it could be dropped for companies which do not allow internet access to their employees.

2. Circuit level gateway Firewalls:

The circuit level gateway firewalls work at the session layer of the OSI model. They monitor TCP handshaking between the packets to determine if a requested session is legitimate. And the information passed through a circuit level gateway, to the internet, appears to have come from the circuit level gateway. So, there is no way for a remote computer or a host to determine the internal private ip addresses of an organization, for example. This technique is also called Network Address Translation where the private IP addresses originating from the different clients inside the network are all mapped to the public IP address available through the internet service provider and then sent to the outside world (Internet). This way, the packets are tagged with only the Public IP address (Firewall level) and the internal private IP addresses are not exposed to potential intruders.

3. Application level gateway Firewalls:

Application level firewalls decide whether to drop a packet or send them through based on the application information (available in the packet). They do this by setting up various proxies on a single firewall for different applications. Both the client and the server connect to these proxies instead of connecting directly to each other. So, any suspicious data or connections are dropped by these proxies. And since they are application aware, they can handle more complex protocols like H.323, SIP, SQL Net etc.

Application level firewalls ensure protocol conformance. For example, attacks over http that violates the protocol policies like sending Non-ASCII data in the header fields or overly long string along with Non-ASCII characters in the host field would be dropped because they have been tampered with, by the intruders.

Application level firewalls can look in to individual sessions and decide to drop a packet based on information in the application protocol headers or in the application payload. For example, SMTP application proxies can be configured to allow only certain commands like helo, mail from:, rcpt to: etc. to pass through the firewall and block other commands like expn, vrfy etc. which tries to expand a list or verify if that account exists, and are used by attackers and spammers for their vested self interests.

4. Stateful multilayer inspection firewalls:

Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, transport layer and the application layer. And allow the packets to pass though if they pass all of them, individually. Some of them allows direct connection between the client and the server, as they rely on algorithms to recognize and process application layer data instead of relying on application specific proxies.

excITingIP.com

You could stay up to date on the various computer networking technologies by subscribing to this blog with your email address in the sidebar box mentioned as “Get email updates when new articles are published”