Perimeter security
Firewalls introduction

One of the most widely deployed and publicized security measures in use on the Internet is a "firewall". Firewalls have been given the reputation of a general panacea for many, if not all, of the Internet security issues. They are not. Firewalls are just another tool in the quest for system security. The level of security that a firewall provides can vary as much as the level of security on a particular machine. There are the traditional trade-offs between security, ease of use, cost, complexity, etc.

A firewall is a device, which is used to manage and secure network traffic between networks with different level of trustworthiness and security using predefined rules for communication between networks, which it separates. Formerly, these rules consisted only of source and destination identification (source and destination address of a network/device) and source and network port. Nowadays, modern firewalls operate with session state information and with knowledge of monitored protocols.

Before we can install a firewall, the organization, which is to be protected, is adviced to define a set of rules to ensure the protection of its assets, computer systems, personal information and other sensitive data. This set of rules is denoted as the security policy.. Such document ensures, that in the whole company’s network will abide by the same and unified rules, which will the device administrators follow.

A firewall can do two things. It can either block communication or permit it. I tis important to realize, that to prevent the illegal network activities to spread, it is always advantageous to monitor the incomming traffic as well as the outgoing traffic leaving the specific network.

Firewalls can be cathegorized as follows:

Packet filters are the spiplest and oldest form of traffic security. They work with source and destination address and port information only, i.e. at the third (network) and fourth (transport) layer of ISO/OSI model. Because their advantage is the processing speed, this security principle is used till now.

Application gateways or Proxy servers are used to monitor sessions initiated by client applications. The gateway acts as a mediator between the client and the destination server, thus the original session is divided into two: client–gateway and gateway–server. This enables to filter requests targeting specific destination devices. The inspection is done at the seventh (application) layer of the ISO/OSI model.

Statefull packet filters, compared to the classical (stateless) packet filters, store information about already allowed sessions, which use for further evaluation of further packets, whcih are related to the already allowed packet (resp. session). This is not only faster, but also makes the configuration efficient, as i tis sufficient tot set up only one direction and the returning reply packets will be automatically allowed.

Statefull packet filters with protocol inspection are modern stateful filters, which, beside the session information and ability to dynamically open ports for control and data sessions of known complex protocols, enable to monitor (inspect) the sessions up to the application layer data of known protocols. Therefore, it enables to reveal attempts to establish a hypertext protocol session (HTTP), while it is not a valid WWW server request, but it is a tunneling of a completely different protocol (a different application trying to communication on the same port).