Comptia Security+ Article on Firewall Security Advantages and Firewall Functions
The firewall protects an internal network from malicious hackers or software on an external network. Firewalls filter potentially harmful incoming or outgoing traffic. Firewalls are used to subdivide internal networks on the Internet. It also protects individual computers. The five services that firewalls provide are packet filtering, application filtering, proxy server, circuit-level, and stateful inspection.
- Packet Filtering: A packet filtering firewall checks each packet crossing the device. It also inspects the packet headers of all network packets going through the firewall.
Source IP Address: It identifies the host that is sending the packet. Attackers can modify this
field in an attempt to conduct IP spoofing. Firewalls are configured to reject packets that arrive at
the external interface, that is either an erroneous host configuration or an attempt at IP spoofing.
Destination IP Address: This is the IP address that the packet is trying to reach.
IP Protocol ID: Each IP header has a protocol ID that follows. For example, Transmission
Control Protocol (TCP) is ID 6, User Datagram Protocol (UDP) is ID 17, and Internet Control
Message Protocol (ICMP) is ID 1.
Fragmentation Flags: Firewalls examine and forward or reject fragmented packets. A
successful fragmentation attack can allow an attacker to send packets that could compromise an
internal host.
IP Options Setting: This field is used for diagnostics. The firewall is configured to drop network
packets that use this field. Attackers can use this field in conjunction with IP spoofing to redirect
network packets to their systems.
- Application Filtering: This device will intercept connections and performs security inspections. The firewall acts as a proxy for connections between the internal and external network. The firewall enforce access control rules specific to the application. It is also use to check incoming e-mails for virus attachments. These firewalls are often called e-mail gateways.
- Proxy Server: A proxy server takes on responsibility for providing services between the internal and external network. Proxy server can be used to hide the addressing scheme of the internal network. It can also be used to filter requests based on the protocol and address requested.
- Circuit-Level: A circuit-level firewall controls TCP and UDP ports, but doesn't watch the data
transferred over them. If a connection is established, the traffic is transferred without any further
checking.
- Stateful Inspection: An inspection firewall works at the Network layer. It assesses the IP header
information. It also monitors the state of each connection. Connections are rejected if they attempt any actions that are not standard for the given protocol. These listed firewall features can be implemented in combination by a given firewall implementation. Placing a lot of firewalls in series is a common practice to increase security at the network perimeter.
Related Tags: security, firewall, security certification, firewall security, firewall functions, firewall advantages, comptia security
Earn Security+ , CCNP and Network+ Certifications for free.
Your Article Search Directory : Find in ArticlesRecent articles in this category:
- 10 Multiple Choice Certification Mcsa Microsoft Exam: 70-291
Implementing, Managing and Maintaining a Server 2003 Network Infrastructure After you study your te - Online Degrees in Animation
The computer animation field has quite a prominent part to play in the entertainment industry. Gami - Ccna, Ccent, Ccnp Tutorial on Routers and Routing
Routers are the critical part of all the networks and can be both security aid and security vulnera - Free Cisco Ccna Tutorial
The basic boot sequence for a Cisco router is: Step 1: The router performs a power-on self-test (P - Why Switch to Windows Vista
In addition to hype there are some tangible reasons to upgrade and or switch over to Windows Vista. - Why Don't I Make Money on Adsense?
It started for me about four years ago, "Adsense that is" I was like a man possessed, I thought thi - The Growing Fashion of Online Casino
The evolution of online has made your life much easier everywhere. When it comes to the entertainme - Free Cisco Ccna, Ccent, Ccnp Certification Tutorial
Routing Routing is a relay system by which packets are forwarded from one device to another. Each - What is Sociology Dissertation?
Sociology dissertation can be based on a range of topics related with the field of social science a - Learning Made Easier for Children With the Use of Computer Training
Computers are here permanently and will pretty much guide the future of society. This fact mandates
Most viewed articles in this category:
- Taking Ctrl - 20 Keyboard Shortcuts
There may be times when it is simply inconvenient to use the click of your mouse for a specific comm - Windows Keyboard Shortcuts
When I observe most colleagues and friends working on their PC's they mostly use the mouse as they a - How Hackers Take Control of Your Computer
Your PC has many "ports" which are vulnerable to attack from a hacker. These ports are use - How To Succeed At A Computer Training School
One of the best decisions you can ever make is to attend a computer training school. As I've written - Mcse or Mcsa?
Four MCSE, MCSA Tracks are available. The MCSA fcould be considered as a "Mini" version of - 10 Great Tips to a Successful Website
How to make a successful website 1. Make and develop your own website. Do NOT copy or get webs - Protect Your Privacy by Erasing Tracks Left on Your Computer
When you browse the web information is continuously collected by the websites you visit and by your - Seven Steps to Prosperity: Starting Your Own Computer Services Business
Self employment has increased over 12.2 million people according to a study on the Small Business Ad - Computer Training School Tutorial: Know Your Instructor
Making the decision to attend a computer tech school can be one of the best decisions of your life.& - Computer Memory - Flash Memory
That means it does not need power to retain the information that is on the chip itself. Also, flash