Firewalls restrict access between networks to prevent unauthorized access. Types include packet filters, stateful packet filters, application gateways, and intrusion protection/detection systems. IPS blocks attacks while IDS alerts administrators.
A firewall device is a software application designed to restrict access between two networks in order to prevent unauthorized access. There are numerous types of firewall devices. Some work as part of an operating system, while others are dedicated software applications. The most common types include a packet filter, a stateful packet filter, an application gateway or proxy, and an intrusion protection system (IPS) or intrusion detection system (IDS). There are other firewall devices as well, but they are often not as effective.
Packet filters carefully examine each packet of information entering a network and allow or deny entry based on pre-established user rules. These rules can involve factors such as the originating Internet Protocol (IP) address, whether or not the packet is attempting to establish a connection, and protocols such as Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and the Internet Control Message Protocol (ICMP).
A stateful packet filter, also known as a dynamic packer filter, is essentially an upgrade of the original packet filter. It can handle rules like its predecessor, but it can also monitor active connections and later use this additional information to better assess whether an incoming packet is safe or dangerous. This type of firewall device is more convenient because it allows a user within the intranet to request access to content that would not normally be allowed through the firewall.
An application gateway, also known as an application layer gateway, is an even more intelligent and sophisticated firewall appliance. It works as an intermediary or proxy between a computer or server and the remote system requesting access. If an incoming request passes authentication, the gateway retrieves the appropriate information and sends it to the remote server. This means that there are two simultaneous connections in action at the same time, which are the one between the server and the gateway and the one between the gateway and the remote server.
The last two firewall devices are IPS and IDS. IPS works online by detecting and blocking incoming attacks, while IDS simply detects attacks and then alerts the administrator. While IPS is a more effective firewall appliance, it uses significantly more system resources because it works online. IDS, on the other hand, doesn’t hog memory, but it also doesn’t provide much protection. Therefore, IDS is typically combined with another firewall device, such as a stateful packet filter or application gateway.
Protect your devices with Threat Protection by NordVPN