Introduction

The internet as we know it has developed into an extremely complex network, with many of our key services and infrastructure reliant on the ability to communicate online. An extraordinary amount of sensitive information lives on systems that are connected to the internet and like any valuable resource, there is a great need for it to be kept safe. Security considerations such as a firewall, whether for personal use or at an organizational level, are essential.

As our physical and digital life becomes further entwined, we are increasingly governed by a myriad of unseen rules and permissions. Every time we open one of our electronic devices, we trust that the outside connections it makes are free from danger. The organizations which provide the various services that we interact with have a considerable challenge in maintaining and mitigating threats for its clients. Firewall technology has vastly improved since its inception in the late 1980s, this article aims to critically evaluate and reflect on the various types of firewalls that are used in the industry and their purpose, while considering the principles of organizational structure and network security.


Purpose of a Firewall

The rationale behind installing a firewall is generally to help protect a private system against intrusion, preventing unauthorized users from acquiring proprietary information. It should analyse and filter traffic between networks and external devices, halting any illegal behaviours before they gain unwanted entry to the destination host. When connecting a device directly to the internet or other networks, it allows outsiders free access to the system. A firewall can be considered as a gatekeeper between networks, devices and the outside world. It should keep out threats, monitor connections and issue alerts regarding any suspicious activity.

Cyber security needs various layers of defence and firewalls have an important part to play within well-guarded organizational structures. As security threats continue to advance in capabilities, demand has grown for establishments to develop their security operations centres. There are lots of methods available to implement a capable set of security protocols, however making certain that a layered approach is used will ensure that if a particular defence measure fails, another will help prevent an attack.

Increasingly we are seeing that traditional centralized and hierarchical organizations are transforming into more loosely coupled networks. They are often characterized by cooperation instead of control, with frequent sharing of information and high levels of inter-connectivity. Many organizations are now location and structure independent; they have become transnational networks that operate across various boundaries and barriers. Remote working is becoming common place and will likely remain a huge part of the general workforce. As homes transform into workplaces, users lack the protections that their office network provided. Many people are using their own devices for two factor authentication, sharing applications and data, blurring the line between personal and professional life. Even with our rapidly changing environment, firewalls will remain a vital part of security department toolkits. Many organizations are reconsidering their existing deployments and looking towards integrating cloud based solutions. These options normally offer the same features afforded by hardware and physical security measures, creating a virtual barrier that filters out malicious traffic and protects an organizations internal network.


Types of Firewall Technologies

Firewall technology provides a mechanism to enforce access policies on traffic entering or leaving networks. Generally, an internal network is protected against an external untrusted network, or parts of a network are protected against each other. Security policies are typically a set of rules, each explicitly or implicitly allowing or denying data to travel through the firewall based on the interpretation of the contents. Different types of firewalls operate on various layers of data abstraction: network layer (packet filtering), transport layer (circuit level) and application layer (application level).

- Packet Filtering

One of the core purposes and most widely used features of a firewall is packet filtering. When devices send communications, the information travels in small packets of data over various networks until it reaches its destination. A firewall will monitor the source of the packet, its destination and what type of data it holds. It can be configured to allow, block or take different actions based on an internal rule set. Packet filters implement a complex functionality that is beyond the scope of this report, nonetheless some of the key individual properties include: header inspection, application inspection, stateful filtering, dynamic filtering and buffering strategies. Basic filters will either stop or forward the packet, but more advanced filters offer a wider range of actions such as rejection, reflection, logging and modification.

Firewall

The above shows basic packet filtering, which although is very fast it does have some drawbacks. It can be easily misconfigured, there are often conflicts or missing rules within an organisations security policy. Packet filtering alone is considered quite basic, it cannot truly determine which user is responsible for traffic and lacks any advanced authentication schemes. Because packet filters do not examine upper-layer data, logging functionality is limited, and application specific vulnerabilities cannot be prevented. At first, packet filters did not monitor the state of a connection. Users had the ability to send packets that appeared to be part of an established connection, this flaw enabled remote attackers to gain entry and map local networks as if there were no firewall. The solution was to keep track of a connections state, this is commonly known as a packet inspection, stateful firewalls or adaptive firewalling. Essentially, this method of filtering can look at both the network layer and the transport layer.

- Circuit Level

Circuit level firewalls operate at the transport layer and check the validity of connections against a list of rules before establishing a session and exchanging data. The permissions defining a valid session can include which ports are being accessed, timestamps, the protocol being used and credentials such as account names and passwords. Once a session has been opened, no further packet checks are required. Such gateways can utilize detailed access control mechanisms, they can act as a proxy and have similar advantages as application level systems by obfuscating the internal host from the serving host while using a smaller processing footprint. They can be used within application level configurations or as a standalone system. Disadvantages include a lack of content filtering and a requirement that programs must be modified in order to use circuit level proxies. Although only minor changes are necessary, the distribution of programs, availability of source code and the education of users can make it challenging to implement.

- Application Level

As the name implies, application level firewalls examine packets at the application layer before accepting a connection. It allows for security items such as user credentials and service requests that surface in the application layer to be validated by the firewall, and generally it includes specialised software and proxy services that manage traffic for specific protocols such as FTP and HTTP. This technology offers increased control and comprehensive checks on data. Based on configuration, the proxy can provide other functions like authentication logging, URL filtering, data modification and HTTP object caching. Proxy services are implemented at the edge of the network stack, they are slower than packet filtering techniques as each packet is thoroughly examined. Following detailed inspection of the packet header and data, it will continue down the network stack provided that no threat has been identified.

These types of firewalls are primarily used as an enhancement to a packet filtering firewall, providing services up to the application layer. It can be set up to control the execution of programs, handle data and block malicious code. This could be network based, scanning and monitoring traffic destined for the application layer or a specific service. It could also be host based, monitoring the connections initiated by an application on a local system. When using proxy services access can be controlled and packet data processed and manipulated, while shielding internal IP address and network topology. Although application level firewalls provide increased security, they are slower and more difficult to scale up. They require extensive support and can be vulnerable to bugs within applications and operating systems.

- Distributed

Firewalls are typically located in a centralised fashion; they can become a single point of failure as well as causing performance bottlenecks. With a distributed firewall, the network admin loads a policy to all machines. Each host runs their own local firewall and implements the policy, the machines can be identified using cryptographic certifications. It completely avoids a single central firewall and removes the binding from the physical structure. Various methodologies exist for distributed techniques, including the parallel use of an intrusion detection system. The most significant issue with their implementation is that they rely heavily on users not to override the policy, there must be uniform enforcement of the rules for communications to be transmitted securely.

- Next Generation

Next generation firewalls are often referred to as ‘deep packet inspection’. They are able to block more modern threats such as advanced malware and application level exploits. Methods include packet filtering, direct control of applications and signature based whitelisting of services. This technology can determine if an email contains attachments that are not permitted, block specific web content such as Active X, Java or invalid SSL certifications. It improves standard state inspection by adding intrusion detection systems; an engine that analyses the network, capturing and reporting any potentially malicious incidents. Due to the in depth examination of packets, this type of firewall suffers from using more system resources and being slower than streamlined alternatives.

- Host & Personal

These types of firewalls allow for more granular protection and gives users an additional layer of security. They are software based and reside on the device that they are protecting, monitoring the traffic for a single host. Generally, host firewalls are available as part of a server operating system and can be configured to give protection against all kinds of activity, including connections on the same subnet or internal networks. They can often act as intrusion prevention systems, if an attack happens it will attempt to halt the threat and prevent damage to the targeted host. For personal firewalls, a more user friendly interface is offered and it can be easily set up for different types of locations and networks. It is commonly packaged with antimalware programs and various security utilities that can help limit the spread of malware and regulate the use of unauthorised software.


Summary

Individuals and organisations use various layers of security to protect their systems. Firewalls, virus scanning, intrusion detection systems and various other protective software offers some levels of assurance that their computers and data is safe. The internet is very much a vital part of modern life, yet the internet was formed using an architecture that was not designed with security first in mind. Many of the regularly used protocols are inherently insecure, so a balance must be found between accessibility and security.

Firewalls are widely deployed and a staple of most computer and network defences. When used correctly, they can provide excellent levels of protection against todays digital landscape. Configuring and implementing the right rule set for an organisation or individual is key to remaining safe and sufficiently controlling access to a network. Originally built and set up by experts, firewalls are now a commercial product sold with simplified interfaces that give a false sense of ease and the idea that anybody can manage their networks security. Every organisation that is connected to the internet has a form of firewall, resulting in some level of protection from outside threats. Attackers now regularly focus on home users and insiders, with remote working more prevalent it will be unsurprising to see a shift to more distributed services.

“There are no solutions, there are only trade-offs; you try to get the best trade-off you can, that’s all you can hope for (Sowell, 1987).”