What is a Firewall for a Network – why necessary?
Firewall for a network and its type.
In this article, we are going to understand different types of firewall and decide which Firewall will best suit you as per your implementation environment. So let’s start.
A firewall protects our computers from internet hackers. Internet hackers can steal our bank details from our computers and can reduce our bank balance from thousands of dollars to zero within seconds. So the firewall is a must in a computer or in a computer network.
There are three types of firewall that we are going to discuss.
- Packet Filtering Firewall
- Application or Proxy Firewall
- Hybrid Firewall
Before starting with Firewall types you should know what Data Packet is, which is a basic concept in data transfer through the network.
When we want to download a file of size say 200 MB from the internet then we will not receive the entire 200 MB data at once but we will receive small packets say 5 MB every second. Some of the parts of this file MB packet is occupied with information like which computer is sending the data, which computer is receiving the data etc. The remaining portion of this 5 MB packet contains the part of the actual data that we want to download.
So part of the actual data along with some information together forms a data packet for IP packet and this part of actual data is called payload.
Now we can start with firewall types starting with packet filtering firewall.
Packet Filtering Firewall
Suppose I am downloading a file from the internet. When a data packet arrives a packet filtering Firewall, it only checks the sender and the receiver IP address and the port number present in the data packet. The rules written in a list is called the Access Control list are used for data packet verification.
If everything is fine, then the data packet is allowed to pass through the Packet filtering Firewall and then to my computer.
But what is the Port Number?
Actually, these are some digits written after IP address separated with a colon and are used for the successful data packet transfer.
The Packet Filtering Firewall is already present in internet routers so they are the cheapest and the quickest way to implement. The only limitation of the packet filter Firewall is that it does not check the data portion that is the payload of the data packet. So a hacker could send some malicious data packed in this payload section.
Hence, packet filtering Firewall provides no security.
Application or Proxy Firewall
The second one is the Application or Proxy Firewall which we’ll understand it with an example.
Suppose your brother asked you to buy a pen from the market. You go to the shop, by the pen, come home back and give the pen to your brother. Here, you had done the work that your brother wanted you to do without letting the shopkeeper knew who actually wanted that pen.
Same is the case with the application or proxy Firewall. Replace the shopkeeper with the internet and your brother with the personal computer and yourself with proxy Firewall. Like you did not let the shopkeeper knew that your brother was the one who actually wanted that pen similarly proxy firewall do not let the internet know which computer actually wants to visit the requested website i.e. Proxy firewall hides us from an attacker on the internet.
Let us understand this whole process with a practical example from the internet. A user enters the website www.kumarjanglu.online in the web browser. Proxy Firewall receives the request and forwards that request to the internet. The web server on the internet receives the request and responds back to the proxy firewall with the requested information. The proxy Firewall receives the information and forwards it to the original client for his giving pleasure.
In this whole process, web server things that proxy Firewall is the one who wants to visit www.kumarjanglu.online i.e. Proxy firewall does not let the webserver know the origin of the request. So proxy Firewall protects us from the potential attackers on the internet by not disclosing our computer identity for I should say by not disclosing our computers IP address.
The demerit of Application firewall is that it checks the payload of the received data packets and hence is generally much slower than the packet filtering Firewall.
Hybrid firewall combines packet filtering Firewall and application firewall in series to enhance the security. If they are connected in parallel then the security of the connection will be reduced to the parameters defined by packet filtering Firewall i.e. application Firewall will be of no use if the two firewalls are connected in parallel.
For the series and hybrid firewall use packet filtering and application firewall in series. As a result hybrid firewall provides the best security compared to packet filtering and application firewall.
Now which Firewall will be best for us will depend on its implementation environment. For example, packet filtering Firewall will be best for a low-risk environment like a florist shop, application Firewall will be best for medium risk environment like Universities, and the hybrid firewall will be best for a high-risk environment like Hospital whose database contains important reports of the patients. Now you can choose a firewall as per your need.
You may be interested in our CCNA Course articles: