Firewall Network Traffic

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

A Firewall is a set of programs, located at network Gateway server, which protects the resources of a private network from users from other networks. A Firewall is software program that runs on the computers, which inspects network traffic passing through it, and denies or permits passage based on set of rules. Firewalls are an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world via wide area networks and the Internet.

Firewall Characteristics:

  • The traffic which flows in and out from the network, pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. Various configurations are possible.
  • Only authorized traffic will be allowed to pass, as defined by the local security policies. There are many types of firewalls used, that implement various types of security policies.
  • The firewall itself is immune to penetration. This implies that use of a trusted system with a secure operating system.

Firewalls use four different techniques to control access and enforce the site's security policy.

  • Service control: It determines the types of Internet services that can be accessed, inbound or outbound. The firewall may filter traffic on the basis of IP address, protocol, or port number.
  • Direction control: It determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.
  • User control: It controls access to a service according to which user is attempting to access it.
  • Behavior control: It controls how particular services are used.

Types of Firewalls:

A Firewall acts as a packet filter. It is used as a positive filter, allowing to pass only packets that meet specific criteria, or used as a negative filter, rejecting any packet that meets required criteria. The various types of firewalls are as follows:

  • Packet Filtering Firewall: A packet filtering filter applies a set of rules to each incoming and outgoing IP packet and then forwards or discards the packet. The firewall is configured to filter packets going in both directions. Filtering rules are based on information contained in a network packet such as Source IP address, Destination IP address, Source and destination transport-level address, IP protocol field, and Interface. Some of the advantages of packet filter firewalls are that they are fairly easy to implement and transparent to the end users.
  • Stateful Inspection Firewalls: A firewall which keeps track of the state of network connections such as TCP streams, UDP communication traveling across it, is known as Stateful Inspection Firewalls. A technique known as Stateful Multi-layer Inspection was used to make security more effective while making it easier and less expensive. This is a foundation for new generation firewall products.
  • Application-Level Gateway: This is also known as application proxy, which is a relay of application-level traffic. It consists of a security component that augments a firewall or NAT employed in a computer network. Application-level gateways tend to be more secure than packet filters. One disadvantage of this gateway is the additional processing overhead on each connection.
  • Circuit-Level Gateway: A Circuit-level gateway is a type of firewall, where all the internal computers establish a circuit with the proxy server. Circuit proxies focus on the TCP/IP layers, using the network IP connection as a proxy. Circuit proxies are more secure than packet filters, since the computers on the external network never gain information about internal network IP addresses or ports.

Firewall Location and Configurations:

A Firewall is positioned to provide a protective barrier between an external, potentially untrusted source of traffic and an internal network. The security administrator is the one who decides on the location and the number of firewalls required.

DMZ Networks: DMZ is a demilitarized zone is a physical or logic sub network which contains and exposes an organization's external services to a larger, untrusted network, with the internet. The main purpose of a DMZ is to add an additional layer of security to an organization's Local area Network (LAN).

Virtual Private Networks: A Virtual private network is a communications network tunneled through another network, and is dedicated for a specific network. VPN consists of a set of computers that are interconnected by means if a relatively unsecured network and that make use if encryption and special protocols to provide security.

Distributed Firewalls: A distributed firewall configuration, involves stand-alone firewall devices and host-based firewalls working together under a central administrative control. With distributed firewalls, we can establish both an internal and an external DMZ.

Intrusion Prevention Systems

An Intrusion prevention system is a computer security device which monitors network and system activities for malicious or unwanted behavior which can react in real-time, to block or prevent such activities. Intrusion prevention systems combine the blocking capabilities of a firewall with the deep packet inspection of intrusion detection systems. An Intrusion prevention system is a functional addition to a firewall which adds IDS types of algorithms to the repertoire of the firewall. An IPS blocks traffic as a firewall, but makes use of the types of algorithms developed for IDSs.

Host-Based IPS: A Host-Based IPS is an intrusion-prevention system that protects endpoints behind the network printer. It fight against infections and attacks at the device and server level of a network, providing a layered approach which complements investments in network-based intrusion protection system without relying on signatures which require constant updates. A host-based IPS makes use of both signature and anomaly detection techniques to identify attacks.

Network-Based IPS: A Network-Based intrusion prevention system is in essence an inline NIDS with the authority to discard packets and tear down TCP connections. The Network-Based IPS uses techniques such as signature detection and anomaly detection.

Snort Inline: This is a modified version of Snort, called Snort Inline which enabled Snort to function as an intrusion prevention capability. The three new features of Snort Inline are

  • Drop
  • Reject
  • Sdrop

Snort Inline includes a replace option, which allows the Snort user to modify packets rather than dropping them. This feature is useful for a honeypot implementation.


  • A Text book by Willam Stallings and Lawrie Brown “Computer Security” Principles and Practice.