The five different types of firewalls
AT T’s Steve Bellovin is generally credited (although not by himself) with first using the term firewall to describe the process of filtering out unwanted network traffic, sometime around 1987. Since then, the term has grown gradually in familiar usage to the point that no casual conversation about network security can take place without at least mentioning it. A recent Web search on firewall turned up more than 3.8 million references.
Most IT professionals think there are two — or at the most, three — types of firewalls. Actually, there are at least five basic types:
- Packet-filtering firewalls operate at the router and compare each packet received to a set of established criteria (such as allowed IP addresses, packet type, port number, etc.) before being either dropped or forwarded.
- Circuit-level gateways monitor the TCP handshaking going on between the local and remote hosts to determine whether the session being initiated is legitimate — whether the remote system is considered trusted. They don’t inspect the packets themselves, however.
- Stateful inspection firewalls. on the other hand, not only examine each packet, but also keep track of whether or not that packet is part of an established TCP session. This offers more security than either packet filtering or circuit monitoring alone, but exacts a greater toll on network performance.
- Application-level gateways (proxies) combine some of the attributes of packet-filtering firewalls with those of circuit-level gateways. They filter packets not only according to the service for which they are intended (as specified by the destination port), but also by certain other characteristics such as HTTP request string. While application-level gateways provide considerable data security, they can dramatically impact network performance.
- Multilayer inspection firewalls combine packet filtering with circuit monitoring, while still enabling direct connections between the local and remote hosts, which are transparent to the network. They accomplish this by relying on algorithms to recognize which service is being requested, rather than by simply providing a proxy for each protected service. Multilayer firewalls work by retaining the status (state) assigned to a packet by each firewall component through which it passes on the way up the protocol stack. This gives the user maximum control over which packets are allowed to reach their final destination, but again affects network performance, although generally not so dramatically as proxies do.
While inspection firewalls are the most secure, they are also rather complex and the most likely to be misconfigured. Whichever firewall type you choose, keep in mind that a misconfigured firewall can in some ways be worse than no firewall at all, because it lends the dangerous impression of security while providing little or none.
This was last published in June 2002