network traffic passing through it, and permits or denies passage based on a set of pre-defined rules. The basic
task of a firewall is to regulate the flow of traffic between computer networks of different trust levels. A good
example is the Internet, which is a zone with no trust, and internal network (intranet), which is a zone of higher
trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is
often referred to as the Demilitarized Zone (DMZ).
Network Firewall Defined
Tech Details (Very good explanation)
FAQ
router as first line of defense, but more advanced firewalls should also be used.
Stateful Inspection - Enhance packet inspection by checking the state of each packet. They add additional
security, but decrease performance. They provide a balance between packet filters and proxy firewalls.
Proxy or Application Gateway - Slowest in performance, most expensive and most difficult to manage, but
they provide the best security. Proxy firewalls tear down each packet layer-by-layer on one interface & build it
back up on opposite interface. From the perspective of the source, traffic flows to destination; but the traffic is
actually delivered to a virtual destination just inside the proxy firewall (on the input side), where it can be
disassembled & examined. If the policy allows the traffic, it is regenerated, or proxied on behalf of the source,
on the output side of the proxy firewall. Environments that require high security use proxy firewalls set to
“deny if not explicitly allowed”. Any traffic to be allowed to pass through must be explicitly assigned. That
creates more management overhead, but also creates a more secure firewall configuration.
Transparent Proxy Firewall – Also known as Circuit-Level Firewall; does not modify the request or response
beyond what is required for proxy authentication and identification. An example of a transparent proxy firewall
is SOCKS. What is SOCKS?
Types of Firewalls
Proxy vs. Packet Filter? (Opening ad)
Firewalls Reviewed
_______________________________________________________________________________________________
Tech Details (Very good explanation)
FAQ
Types of Firewalls
Packet Filter– Easiest, fastest and cheapest, but these firewalls are also easily fooled. Primarily used on therouter as first line of defense, but more advanced firewalls should also be used.
Stateful Inspection - Enhance packet inspection by checking the state of each packet. They add additional
security, but decrease performance. They provide a balance between packet filters and proxy firewalls.
Proxy or Application Gateway - Slowest in performance, most expensive and most difficult to manage, but
they provide the best security. Proxy firewalls tear down each packet layer-by-layer on one interface & build it
back up on opposite interface. From the perspective of the source, traffic flows to destination; but the traffic is
actually delivered to a virtual destination just inside the proxy firewall (on the input side), where it can be
disassembled & examined. If the policy allows the traffic, it is regenerated, or proxied on behalf of the source,
on the output side of the proxy firewall. Environments that require high security use proxy firewalls set to
“deny if not explicitly allowed”. Any traffic to be allowed to pass through must be explicitly assigned. That
creates more management overhead, but also creates a more secure firewall configuration.
Transparent Proxy Firewall – Also known as Circuit-Level Firewall; does not modify the request or response
beyond what is required for proxy authentication and identification. An example of a transparent proxy firewall
is SOCKS. What is SOCKS?
Types of Firewalls
Proxy vs. Packet Filter? (Opening ad)
Firewalls Reviewed
Check Point
Home PageFirewall-1
Firewall/VPN Solutions
Products & Services
_______________________________________________________________________________________________
Kerio (great for small/medium business)
Home PageWinRoute Firewall
Forums
Review
_______________________________________________________________________________________________
Juniper
Home PageFirewall/VPN Solutions
Review (Opening ad)
_______________________________________________________________________________________________
Cisco
Home PageSecurity Products
Adaptive Security Appliance (Cisco Self Defending Network)
IOS Firewall
* End of life: On January 28, 2008, Cisco announced the end-of-sale and end-of-life dates for all Cisco PIX Security Appliances, software,
accessories, and licenses. The last day for purchasing Cisco PIX Security Appliance platforms and bundles was July 28, 2008. The last day
to purchase accessories and licenses was January 27, 2009. It is important to note that Cisco will continue to support Cisco PIX Security
Appliance customers through July 27, 2013. See Cisco Announcement.
_______________________________________________________________________________________________
WinGate (Proxy Firewall)
Home PageProducts
Proxy Server
Review (SoftSea.com)