The firewall protects an internal network from malicious hackers or software on an external network. Firewalls filter potentially harmful incoming or outgoing traffic. Firewalls are used to subdivide internal networks on the Internet. It also protects individual computers. The five services that firewalls provide are packet filtering, application filtering, proxy server, circuit-level, and stateful inspection.
• Packet Filtering: A packet filtering firewall checks each packet crossing the device. It also inspects the packet headers of all network packets going through the firewall.
Source IP Address: It identifies the host that is sending the packet. Attackers can modify this
field in an attempt to conduct IP spoofing. Firewalls are configured to reject packets that arrive at
the external interface, that is either an erroneous host configuration or an attempt at IP spoofing.
Destination IP Address: This is the IP address that the packet is trying to reach.
IP Protocol ID: Each IP header has a protocol ID that follows. For example, Transmission
Control Protocol (TCP) is ID 6, User Datagram Protocol (UDP) is ID 17, and Internet Control
Message Protocol (ICMP) is ID 1.
Fragmentation Flags: Firewalls examine and forward or reject fragmented packets. A
successful fragmentation attack can allow an attacker to send packets that could compromise an
internal host.
IP Options Setting: This field is used for diagnostics. The firewall is configured to drop network
packets that use this field. Attackers can use this field in conjunction with IP spoofing to redirect
network packets to their systems.
• Application Filtering: This device will intercept connections and performs security inspections. The firewall acts as a proxy for connections between the internal and external network. The firewall enforce access control rules specific to the application. It is also use to check incoming e-mails for virus attachments. These firewalls are often called e-mail gateways.
• Proxy Server: A proxy server takes on responsibility for providing services between the internal and external network. Proxy server can be used to hide the addressing scheme of the internal network. It can also be used to filter requests based on the protocol and address requested.
• Circuit-Level: A circuit-level firewall controls TCP and UDP ports, but doesn't watch the data
transferred over them. If a connection is established, the traffic is transferred without any further
checking.
• Stateful Inspection: An inspection firewall works at the Network layer. It assesses the IP header
information. It also monitors the state of each connection. Connections are rejected if they attempt any actions that are not standard for the given protocol. These listed firewall features can be implemented in combination by a given firewall implementation. Placing a lot of firewalls in series is a common practice to increase security at the network perimeter.
