A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.
Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.
A Firewall can of three types.
1. Network Layer Firewalls
2. Application Layer firewalls
3. Hybrids
Initially, Firewalls were “Packet Filters” but, the attackers used different methods to access networks. Let’s see what kinds of methods attackers use than illegal packet routing (Side bar 01).
How Firewalls Prevent Attack
1. Idle port blocking opens in-use ports only during transmission and immediately shuts them post-transmission to seal them from exploit
2. Spoof invasion protection examines port and packet information to catch hacker transmissions disguised as harmless transmissions
3. Spoofed program detection prevents hackers from spoofing applications through program MD5 validation.
4. Behavioral root-kit detection blocks root-kit installation and activity based upon behavior rather than signatures or heuristics
5. Boot protection
6. Ranking of Web Sites
7. E-Mail Scanning
8. Protection against Chat Infections
9. Use of “Certification Authority” and “Intermediate Certification Authority” for Connection security
10. Dynamic Encryption
11. Tunnel mode authorization (ex. Windows 7 Firewall)
and more…
Early firewall’s major concern is e-mail filtering but, later, some firewalls permit only email traffic through them, protecting the network against any attacks other than attacks against the email service. Today, almost all browsers are full-featured and includes Internet Link scanner like tools which were basically with Virus Scanners.
Firewalls are configured to protect against unauthenticated interactive logins from the ``outside'' world thus, preventing vandals from logging into machines on the network. More elaborate firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. The firewall can protect you against any type of network-borne attack if you unplug it.
Firewalls are also important since they can provide a single ``choke point'' where security and audit can be imposed. Unlike in a situation where a computer system is being attacked by someone dialing in with a modem, the firewall can act as an effective ``phone tap'' and tracing tool. Firewalls provide an important logging and auditing function; often they provide summaries to the administrator about what kinds and amount of traffic passed through it, how many attempts there were to break into it, etc.
This is an important point: providing this ``choke point'' can serve the same purpose on your network as a guarded gate can for your site's physical premises. That means anytime you have a change in ``zones'' or levels of sensitivity, such a checkpoint is appropriate.
Methods Attackers use to get access to Networks
(Side Bar 01)
Why Proxy?
A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.
A proxy enables to add more security over the network using following methods.
1. Access Policies: admin can apply access policies such as denying access to certain sites.
2. Covering the Network from Outside: Keep machines behind it anonymous
3. Bypass Security: If the destination server filters content based on the origin of the request, the use of a proxy can remove this filter.
4. Scan transmitted content for Mal ware before delivery
5. Scan outbound content
6. Circumvent regional restrictions
Ref:
Zone Alarm:
http://www.zonealarm.com/security/en-us/home.htm
Wikipedia :
http://en.wikipedia.org/wiki/Comparison_of_firewalls
http://en.wikipedia.org/wiki/Proxy_server
http://en.wikipedia.org/wiki/Application_layer_firewall
Avast:
http://www.avast.com/internet-security#tab4
Windows TechNet:
http://technet.microsoft.com/en-us/library/cc755158%28WS.10%29.aspx