Datasheet
462
Looking at Security Devices
as the destination port is 80, the packet is then allowed or denied access to
the network depending on how the firewall is configured.
There are three major types of firewalls that are popular today:
✦ Packet-filtering firewall: A packet-filtering firewall is limited in the sense
that it filters traffic by the fields in the header such as the source and
destination IP address and the source and destination port numbers. It
is very easy for the hacker to bypass this firewall; she can alter the fields
in the header.
✦ Stateful packet inspection firewall: Most firewalls today are stateful
packet inspection firewalls, which filter traffic by the fields in the header
but also can understand the context of the conversation. For example,
a stateful packet inspection firewall knows that before you can send
data to a Web site you must have had a three-way handshake with the
system. The firewall stores the “state” of the conversation in a state
table so it can verify that the packet it is receiving should actually be
occurring at this point in time.
✦ Application-level firewall: An application-level firewall has the benefit
of not only being able to analyze the fields in the header and being
stateful, but it has the added benefit of being able to analyze the
application data that is stored in the packet. For example, an
application-layer firewall can verify that a three-way handshake has
occurred and that the destination port is 80, but it can also verify that
the HTTP command in the packet is a GET and not a POST. These
firewalls can limit what features of an application are allowed to be
performed.
There are many different ways to implement a firewall solution, and most
networks use multiple firewalls to control access to different parts of the
network. Figure 1-4 shows a very popular firewall solution that uses two
firewalls.
Figure 1-4:
Firewalls
are used
to protect
the internal
network
from
unauthorized
traffic.
Private
LAN
DMZ
Internet
Server
HTTP DNS
Firewall2Firewall1
22_647486-bk04ch01.indd 46222_647486-bk04ch01.indd 462 10/15/10 11:27 PM10/15/10 11:27 PM