Firewall Taxonomy

Firewall Taxonomy Firewalls come in various sizes and flavors. The most typical idea of a firewall is a dedicated system or appliance that sits in the network and segments an "internal" network from the "external" Internet
Nội dung trích xuất từ tài liệu:
Firewall TaxonomyFirewall TaxonomyFirewalls come in various sizes and flavors. The most typical idea of a firewall is adedicated system or appliance that sits in the network and segments an internal networkfrom the external Internet. Most home or SOHO networks use an appliance-baseddevice for broadband connectivity that includes a built-in firewall. In general, firewallscan be categorized under one of two general types: • Desktop or personal firewalls • Network firewallsThe primary difference between these two types of firewalls simply boils down to thenumber of hosts that the firewall protects. Within the network firewall type, there areprimary classifications of devices, including the following: • Packet-filtering firewalls (stateful and nonstateful) • Circuit-level gateways • Application-level gatewaysThe preceding list describes general classes of firewalls but, as discussed later, manynetwork firewalls represent hybrids of the preceding classifications. Many firewalls havecharacteristics that place them in more than one classification.Figure 2-1 shows a breakdown of the various firewall types currently available. Thisfigure does not provide complete details of the various capabilities within each firewalltype but rather shows the general taxonomy of the different firewalls available in the twoprimary types: personal/desktop firewalls and network firewalls. Figure 2-1. Firewall Taxonomy [View full size image]Given these various firewall types available, users may have a hard time identifyingexactly what they need. In many cases, costs represent a driving factor in the purchase ofa firewall, but knowing which types of firewalls are available and what capabilities theyprovide helps users make a more informed final decision.Personal FirewallsPersonal firewalls are designed to protect a single host from unauthorized access. Overthe years, this has evolved so that modern personal firewalls now integrate additionalcapabilities such as antivirus software monitoring and in some cases behavior analysisand intrusion detection to protect the device. Some of the more popular commercialpersonal firewalls include BlackICE as well as Cisco Security Agent. In the SOHOmarket Trend Micros PC-cillin, ZoneAlarm, and the Symantec personal firewall aresome of the more popular offerings. Microsofts Internet Connection Firewall is alsoamong the top personal firewalls installed because of the install base of machines runningWindows XP with Service Pack 2.Whereas personal firewalls make immense sense in the SOHO and home user marketbecause they provide the end user protection as well as control of the policy, in theenterprise the issues are more complex. Perhaps the biggest concern for enterprise userswith regard to personal firewalls is the ability to provide a centralized policy controlmechanism for the firewall. The need to centralize policy control is critical to the use ofpersonal firewalls in an enterprise environment to minimize the administrative burden.What is administrative burden? As the number of firewalls deployed in an organizationincreases, the network administrator must be concerned with the proper configuration andmonitoring of each one of these firewalls. Therefore, it is extremely important that as thenumber of firewalls increases, the ability to administer them does not become overlyburdensome. By centralizing policy control and monitoring, many vendors have eased theeffort of properly configuring the firewall policy and of monitoring the events.Network FirewallsNetwork firewalls are designed to protect whole networks from attack. Network firewallscome in two primary forms: a dedicated appliance or a firewall software suite installed ontop of a host operating system. Examples of appliance-based network firewalls includethe Cisco PIX, the Cisco ASA, Junipers NetScreen firewalls, Nokia firewalls, andSymantecs Enterprise Firewall. The more popular software-based firewalls includeCheck Points Firewall-1 NG or NGX Firewalls, Microsoft ISA Server, Linux-basedIPTables, and BSDs pf packet filter. The Sun Solaris operating system has, in the past,been bundled with Suns enterprise firewall, SunScreen. With the release of Solaris 10,Sun has begun bundling the open source IP Filter (IPF) firewall as an alternative toSunScreen.Many network firewalls provide enterprise users the maximum flexibility and protectionin a firewall system. These firewalls have over the past few years incorporated many newfeatures such as in-line intrusion detection and prevention as well as virtual privatenetwork (VPN) termination capabilities both for LAN-to-LAN VPNs as well as remote-access-user VPNs. Another feature that has been introduced into network firewalls is adeep packet-inspection capability. The firewall can identify traffic requirements not justby looking at Layer 3 and Layer 4 information but by delving all the way into theapplication data so that the firewall can make decisions as to how to best handle thetraffic flow. This evolution in firewall design and capabilities has led to the developmentof a new firewall product, the integrated firewall, which is covered in more detail in thenext section.