Firewalls can be a software or hardware component that is designed to protect network from from one other. They are mainly used for controlling the traffic entering and leaving.They are are kept in areas between low and high trust like private network and public network (Internet) or between two different networks belonging to the same organization.
Firewalls manages the traffic using filters. These filters are basically set of rules which are defined in the order of priority. If the packet matched the criteria of the rule then actions of the rule are been applied and if they are not matched then next no action is taken and next set of rules are been checked. There are 3 most common outcome of the action Allow, deny and log. Out of the which most of the actions are Allow.
Allow action will allow the packet to continue to the destination, deny would discard the packet and log would simply logs the records of the packet.
The fitter rules are initially created with most specific rules and then followed by successive general rule and finally the universal rule which is Denial. Thus if the packet fails to match the earlier rule then last denial rule is always used. Thus only packets that fulfils the custom made rules are allowed to pass the security barrier. Thus most firewalls are denial-by-default security tools.
However, these firewalls are also used in Intrusion detection system and Intrusion prevention system technologies and thus are run as allow-by-default mode and reason been simple is to block malicious traffic. There are four basic types of firewalls:-
Packet filtering Firewall:- These firewalls filters are based on the information placed in the packet header like source address, destination address, port number protocols used etc. These firewalls work at the network layer (Layer 3) and the transport layer (Layer 4) of OSI model. These can also commonly called routers.
Circuit-Level Gateway Firewall:- These firewalls are used to filter the traffic between internal trusted host and external untrusted host. The main purpose of these firewalls is to ensures that packets involved in establishing and maintaining the circuit or session between the two host is in proper manner. Once the connection is been established then no further monitoring of packets are required. These types of firewall at network layer (Layer 3) or session layer (Layer 5) of OSI model.
Application-Level Gateway Firewall:-
These firewalls are use to filter traffic based on user group, group membership, application or services used and also type of resources being transmitted. These are focussed on the aspects of specific application or protocol combination as well the actual content in it. They work at the Application layer (Layer 7) of OSI model and also called Proxy as well.
Stateful Inspection Firewall:- These firewalls maintains a table of all active TCP connection and UDP pseudo connections. Entry posses source and destination address, port numbers and current sequence number. Entries are only created for those connections that satisfies the defined of security policies and packets associated with these connections are been permitted. Sessions that does not matches the policy are been denied. These firewalls are more secure than packet filtering firewalls as they maintain track of sessions and packet associated with it.