Firewalls in Network Security
The firewalls refer to the network devices which are mainly used in the enforcement of the security policies in any given organization. Many ways have been used widely to implement firewalls since they were first developed, and this led to various types of firewalls. This results in firewalls filtering network traffic at multiple layers of the seven-layer ISO network model. The most common are the application, data link, and transport layers. There are newer methods that have not been adopted that include distributed and protocol normalization firewalls.
Table of Contents
Today, the world is changing with the introduction and excessive use of emerging technologies as well as the advancement of modern technology every day. The purpose of the internet has been increasing over the past decades, and at the same time, it has ushered in new and improved methods of doing things in organizations. This has significantly impacted many industries, which mostly rely on technology in the production process. These new technologies have much helped in improving the performance of organizations, communication, and other areas, too (Kenworthy, 2014). However, these technologies have their merits as well as demerits; hence, individuals and most of the organizations ought to ensure that they have robust security frameworks to help them deal with any emerging threats that can jeopardize their operations and affect their performance (Cooper & Guzik, 2014). Major attacks and security breaches in organizations have affected them due to the lack of security frameworks. However, there are several methods that the organizations can use to ensure that they have excellent and robust security frameworks. Most organizations today use firewalls to protect the data they have and ensure that their operations are not hindered in any way by unauthorized people like hackers.
Beyond physical security, firewalls are one of the first lines of defense for protecting electronic data, either individual data or organization data. Using a firewall entails creating a specific set of filtering rules, commonly referred to as a policy, for networks and the hosts. Developing a firewall policy is usually a complicated process, and, in most instances, the administrators find themselves making errors (Dodis & Stephens-Davidowitz, 2016). To simplify the task of correctly defining a firewall policy, high-level languages, common to the specified device, have been developed. Once the policy is identified, testing is needed to check whether the policy is implemented correctly by the firewall. While the firewall serves to provide security, the firewall must also allow data to pass through to the inside and outside (Cooper & Guzik, 2014). A firewall cannot stop all attacks, but it gives a level of protection to the sensitive information in the organization system. Virtual Private Networks and peer-to-peer networking are emerging technologies, and they pose new challenges to the existing technology of firewalls (Kenworthy, 2014). This essay aims at discussing the types of network firewalls, the protection that firewalls offer from the workers and other unauthorized persons, such as security problems from operating systems and preventing access to information. It will also discuss the protocols that are used by the firewalls and how they work. The importance of firewalls, as well as the disadvantages, will also be considered in the essay.
Various types of firewalls can be implemented to control the traffic in and out of a private network. The network firewalls are categorized according to how they handle the data through them and the mechanism they utilize to route data. Therefore, a firewall helps an organization to have barriers or the boundaries between the trusted internal network and an untrusted external network like the internet (Kenworthy, 2014). This measure is to ensure that any person cannot access the most sensitive information of an organization. Thus, through firewalls, business organizations and the individuals have been able to have robust methods of protecting their data and confidential information from hackers or any other unauthorized persons. Additionally, business organizations need to ensure that they heavily invest in training and also sensitizing their employees about cybersecurity and its importance (Dodis & Stephens-Davidowitz, 2016). This will help the employees in an organization not to bleach the set policy or leaking the company’s sensitive information to other people. In a similar vein, organizations ought to have professionally trained and competent IT experts. They will be working for the organization to help them achieve the goal of securing their data information. There are various types of firewalls which can be implemented by organizations to ensure that the most confidential data of the organization are under high protection (Cooper & Guzik, 2014). These firewalls have different functions, and it is the organization that will decide which one to implement depending on their specific needs. The following are the types of firewalls:
Packet-based firewalls is one of the types of firewalls and it is widely used by most of the organizations. This is a firewall that is used in organizations to control and monitor the flow of packets in their network. This firewall is used explicitly by an organization to check an organization’s data and information. Packet firewalls work by filtering and matching nodes send over a network with specific predetermined rules and policies. Once the matching is done, the packet can be accepted or denied (Dodis & Stephens-Davidowitz, 2016). The whole process of controlling and monitoring the packets or nodes over the network is done based on the origin and the destination Internet Protocol (IP) addressee, protocols, and ports. Packet filtering is also known as static filtering and is some of the best, reliable, and highly efficient security frameworks or mechanism employed by many organizations in the various sectors (Cooper & Guzik, 2014).
Additionally, when it comes to packet filtering, the fact is that it checks the source and destination protocols like User Data Program (UDP) and Transmission Control Protocol. Through verification of sources and transmission of packets, the security is greatly enhanced since no harmful packet can be allowed to go through the organization’s network at any time, and that means the organization data is safe and cannot be accessed by any unauthorized persons (Kenworthy, 2014). Therefore, the main advantage of using a packet firewall is that an organization builds a reliable and robust network that only allows the transmission of secure data within and outside the organization. This mainly helps in reducing the cases of hacking and data breaches in the organization at all times (Cooper & Guzik, 2014). The diagram below illustrates the packet filtering process.
Packet-based firewalls is one of the most straightforward firewalls that controls data traffic by evaluating received data according to a given set of rules specified. After analyzing the received packets with the set rules, the packet can either be forwarded to the receiving host or dropped (Dodis & Stephens-Davidowitz, 2016). Once a packet is dropped, a message is sent to the packet source giving a description of what happened. The filtering rules depend on the manufacturer of the product. This firewall typically uses the following rules:
The other type of firewalls is Application-Level firewalls, and it is usually used in an organization to help them in monitoring, screening, or scanning and monitoring of network, internet, and local system access to and from an application or service. This firewall primarily deals with securing the processes and accessibility of applications or services in the organization (Kenworthy, 2014). Through this firewall, an organization establishes a robust way of ensuring that all external and internal activities are done through their apps. Additionally, there are two main types of application firewalls (Cooper & Guzik, 2014). The first one is the network-based firewall that deals with scanning and monitoring of network-based traffic for the application layer. The second type is the host application firewall that primarily deals with monitoring of all traffic flowing in and out of an application or service on a local computer or system.
The next type of firewall is Stateful inspection firewalls are often confused about packet- filtering firewall, but there is a huge difference between the two types of firewalls. The stateful inspection firewall is dynamic and monitors the state of active connections to determine which packets to go through the firewall (Dodis & Stephens-Davidowitz, 2016). Therefore, the stateful firewall is different from the packet-based firewall in that it provides a stable and reliable method of monitoring all active connections through a firewall, something that a packet-based firewall doesn’t do (Kenworthy, 2014). Having a stateful inspection firewall in an organization helps it to track all its active connections and to prevent any external attacks that may interfere with the origination’s operations.
This type of firewall stops each link at the firewall. If it is allowed, the connection to the destination is initiated on behalf of the creator of the initial connection. The connection type used in this firewall is known as a proxy, and if it is configured correctly, it can be transparent to the users (Pinter, 2015). This type of firewall works as a proxy server by providing proxies for specific applications. Every connection in this firewall is governed by specific rules and conditions like the one used by a packet-based firewall.
This firewall provides User Diagram Protocol (USD) and Transmission Control Protocol (TCP) security mechanism and works in an Open Systems Interconnection (OSI) model. Therefore, a circuit firewall provides a virtual circuit between a proxy server and the internal client in the organization by preventing direct connections between networks (Dodis & Stephens-Davidowitz, 2016). Consequently, an organization aiming at eliminating any internal data breaches can use circuit level firewalls. This firewall is developed to deal with the drawbacks of the application-gateway firewall by creating a seamless and transparent connection between the communicating parties as per the routines specified in a unique library (Cooper & Guzik, 2014). The connection is typically known as a virtual circuit, as it creates an end-to-end connection between the communicating parties. A tool known as SOCKS is used to implement this type of firewall (Pinter, 2015). Implementing this type of firewall is very tiresome, time-consuming, and costly as it involves changing all the clients to make them aware of the proxy mechanisms.
A multilayer firewall is another type of firewall, and it is considered a sophisticated and robust security framework since it comprises several firewalls of which deal with a specific issue (Morgan, 2017). Multilayer firewall is not very popular among most of the organizations since they are considered expensive and sometimes could be useless in some organizations that only want one type of firewall. This type of firewall deals with a wide array of security issues and helps an organization to have a firewall that deals with all security issues the organization is facing (Cooper & Guzik, 2014). This means that it deals with data traffic, network security, among many other areas to ensure that the company’s data remain confidential. However, it is one of the best firewalls that any organization can use to avoid having several firewalls configured to its system (Cooper & Guzik, 2014). Instead of an organization implementing more than two firewalls to serve different purposes, the organizations should adopt a multilayer firewall since it is capable of dealing with all the security issues. Additionally, the use of multilayer firewalls makes it hard for hackers to breach the organization’s network since penetrating the multilayers is a real uphill task.
A hybrid firewall combines two or more of the above types of firewalls. Many of the firewalls on the market are a combination of packet-based firewall and application-gateway firewall (Kenworthy, 2014).
Through connections of networks, there is a different level of faith that usually exists on the connection’s sides. This term, “Trust,” means that the group does believe equally of the users on its computers and the software being non-malicious (Pinter, 2015). Firewall technology offers vital protection from hackers, as discussed below;
The operating systems do have a past of ensuring configurations. To give an example, Windows 98 and Windows 95 distributed extensively with window file distribution that was default enabled; so many viruses exploited this vulnerability. Another example is Red Hat Linux Versions 7.0, as well as 6.0, who were exposed to the three remote exploits when the default options were used in installing the operating system (Dodis & Stephens-Davidowitz, 2016). It is an expensive and on-going process for every user’s machine to be secured; this has made several organizations consciously craft a verdict not to protect the machines within their firewalls. In case a machine is ever compromised from the inside, the vulnerability of the other machines is possible. This situation is commonly referred to as “a sort of crunchy shell around a soft, chewy center.” A sole machine, which is connected to the internet, can be protected using a private firewall instead of working on securing the operating system (Kenworthy, 2014). These firewalls bar some communication types.
The nationwide firewalls do limits on the internet the actions of their users, for instance, in China. Children’s Internet Protection Act (CHIPA) is the same idea in the US, which mandates the information to be filtered (Kenworthy, 2014). The schools and libraries that are funded by federal are required by this law to block some specific contents of the web.
Since all traffic from a network has to bypass through firewall information, it is, therefore, possible to achieve leaks reduction in the organization’s data (Salah et al., 2016). Prevention of any unauthorized leak of data to the outsiders is the key criterion for the success of digital corporate gateways.
Firewalls are components of the overall policy of security; they usually impose the rules concerning which traffic network is acceptable to leave or enter the network (Cooper & Guzik, 2014). These policies limit which remote machine may be contacted, the use of specific applications, and also a limitation of the bandwidth.
In case a security breach occurs, the audit trials may be used to assist in determining what had happened and what caused the breach (Salah et al., 2016). The audit trails have been widely used in the monitoring of employees in many organizations.
A significant security issue that faces a private network from the internet is the spam mail sent from hackers to enable them to gain access to it. A spam mail is used by the hackers to a legitimate email address to lure them into opening them. Hackers use spam mails to launch malware to a network (Dodis & Stephens-Davidowitz, 2016). Such malware is embedded in such emails and becomes activated when the mail is open. Hackers then use that malware as the window to gain access to the network. A firewall is therefore used to block such emails from gaining access to a private network.
Firewalls use various protocols. The firewall protocols refer to the rules that govern the transfer of data from the source to the destination host—firewall work between the internet and a private network. Therefore, the firewalls are governed by the TCP/IP protocols (Salah et al., 2016). These protocols are used to determine how data is coded and how the firewall is configured. These protocols are typically used to establish rules that govern the regulations set by the network administrator (Cooper & Guzik, 2014). These rules are written and stored in the gateway router. These rules specify which ports are to be accessible and which IP addresses. The following are the protocols that are implemented to govern the functionality of firewalls:
The TCP protocol is a core protocol of the IP suite. This protocol provides reliable error-checking of hosts communicating over an IP network. It controls the major applications that work on the internet, such as email and file transfer. However, applications that do not need data stream service uses User Datagram Protocol (UDP) (Kenworthy, 2014). UDP provides a connectionless service to the communicating parties. TCP usually need one port to support full-duplex traffic.
Internet Assignment Numbers Authority (IANA) is another protocol that maintains official assignment of port numbers (Thomas, 2010). These protocols are designed to determine what port is open to the public or not.
The firewalls have several essentials and, thus, the need for the organizations to implement them in their management systems. The first importance is that when installing and configuring firewalls in computers and the local networks, it helps significantly in preventing unwanted access to confidential information, which is mostly done by hackers (Kenworthy, 2014). The second one is that firewalls help in identifying and blocking any unwanted content. Thirdly is that firewalls help so much in handling or dealing with worms, viruses as well as the malware that affect computers and organization systems. The fourth importance is that firewalls dramatically helps the organization to have secure networks to keep their information confidential (Cooper & Guzik, 2014). This ensures that only those authorized to access the network do it, and no hacker can be able to get information from the systems of the organization. Last but not least, the firewalls have played a very significant role in organizations and individuals by assisting in keeping their private and sensitive information safe and secure from unauthorized people.
Even though the firewalls have several advantages, it also has some disadvantages. To start with, the firewalls hardly prevent internal attacks on the organization’s systems and computers. The company’s workers can attack the organization’s systems (Salah et al., 2016). Secondly, it is costly for small organizations to afford to have firewalls in their systems. This becomes a challenge for most of the small companies, even if they are much willing to implement the firewalls since it is so expensive for them to afford (Dodis & Stephens-Davidowitz, 2016). The third demerit is that the operational process is a bit complex, and this is a problem for organizations since most of them lack IT experts. This means that the firewalls will not be performing well since there is no expert to conduct the operational process effectively.
Nearly all the organizations connected to the Internet have done the installation of the firewall. Therefore, most of the organizations do have a height of some guard against the threats that emanate from outside. The attackers do still explore the vulnerabilities that apply to the machines within a firewall only. Servers are as well targeted, mostly the net servers. The attackers are, however, are aiming at domestic users, primarily those who are connected full-time connected to the internet’s that are less probable to be sheltered. These attackers take advantage of low-security awareness of home users and get through VPN connection to the inside of the organization. Since machines within the firewall are mostly prone to both attackers who breach the firewall as well as the hostile insiders, the usage of distributed firewall architecture is likely to increase. Simple forms of the distributed firewalls with private firewalls are being installed on the machines of individuals. Several organizations, however, will need individual firewalls to act in response towards the configurations directives from the middle policy server. Such kind of architecture will work as the subsequent stage in an arms race, as the central server and procedure, it makes use of becomes a particular target for the attackers.
Firewalls and restrictions commonly imposed by them have widely affected how the application-level protocols have evolved. The attacks that are developed have been affected by restrictions imposed by the firewalls. An example of this change is the rise in email-based attacks. More exciting progress includes the extension of the HTTP and port 80 for the new services. The use of HTTP could accomplish remote procedure calls and file-sharing. The overloading of HTTP has resulted in new security concerns. This has forced more organizations to start the use of a net proxy to manage remote services that are used by the sheltered machines. Co-evolution between the firewall designers and the developers of the protocol is likely to be seen in the future. This will happen until the designers of protocols that deems security during the initial development of the protocol.
Cooper, G., Green, M. W., & Guzik, J. R. (2014). U.S. Patent No. 8,800,024. Washington, DC:
U.S. Patent and Trademark Office.
Dodis, Y., Mironov, I., & Stephens-Davidowitz, N. (2016, August). Message transmission with
reverse firewalls—secure communication on corrupted machines. In Annual International Cryptology Conference (pp. 341-372). Springer, Berlin, Heidelberg.
Kenworthy, S. (2014). U.S. Patent No. 8,892,600. Washington, DC: U.S. Patent and Trademark Office.
Pinter, M. (2015). U.S. Patent No. 9,160,783. Washington, DC: U.S. Patent and Trademark Office.
Salah, K., Sattar, K., Sqalli, M., & Al‐Shaer, E. (2016). A potential low‐rate DoS attack against
network firewalls. Security and Communication Networks, 4(2), 136-146.