Firewalls are one of the most thoroughly misunderstood concepts around in networking and security today. It is your duty to dispel some of the most common misconceptions about firewalls not just for the purpose of passing the Comptia Security+ exam but also for the sake of the information security community!

What is a Firewall?
A firewall is any hardware or software designed to prevent unwanted network traffic. Some firewalls are simplistic in nature; in fact, many people use NAT devices as firewalls as they do effectively prevent direct incoming connections to hosts behind the NAT. Other firewalls are intricate operations, based on whitelists and blacklists, rules, and alerts. What all firewalls have in common, however, is an ability to block incoming traffic that may be deemed harmful.

Types of Firewalls
Because the definition of a firewall (at least as given above) is somewhat generalized, it is hard to define the general actions and methods of firewalls. Instead, we look at the ways different types of firewalls work. Each type of firewall has abilities, advantages, and drawbacks; to do well on the Security+ exam, you should understand these.

Packet Filtering Firewall
A packet filtering firewall polices traffic on the basis of packet headers. IP, UDP, TCP, and even ICMP have enough header information for a packet filtering firewall to make an informed decision as to whether to accept or reject that packet. You can think of a packet filtering firewall as a bouncer at a party. The bouncer may have a list of people that are allowed to come in (a whitelist) or a list of people to specifically exclude (a blacklist). The bouncer may even check a guest's identification to assure that the guest is above 18. Similarly, a packet filtering firewall simply inspects the source and destination of traffic in making a decision on whether to allow the packet to pass through. For example, some traffic may be addressed to a sensitive recipient and would therefore be blocked.

A packet filtering firewall can also filter traffic on the basis of port numbers. For example, many companies now block traffic on port 27374 because it is well-known to be a port used by the Trojan horse 'SubSeven.'

Note that a packet filtering firewall basically operates through a special ACL (access control list) in which both the white and black list of IP addresses and port numbers are listed. In essence, this firewall operates at the Network and Transport layers of the OSI Model. This model is notable for its simplicity, speed, and transparency ' however, traffic is not inspected for malicious content. In addition, IP addresses and DNS addresses can be hidden or 'spoofed,' as discussed in the Attacks lesson.

Circuit-Level Gateway
A circuit-level gateway is a type of firewall that operates on the Session layer of the OSI model. Instead of inspecting packets by header/source or port information, it instead maintains a connection between two hosts that is approved to be safe. This is something akin to a parent who approves the people that their children can speak with on the phone once they trust those people. In this scenario, the parent does not have to listen into the conversation because they know they can trust the two communicating children. Similarly, a circuit-level gateway establishes a secure connection between two hosts that have been authenticated and trust each other.

Application-Level Gateway
As the name suggests, an application-level gateway operates in the Application layer of the OSI model and actively inspects the contents of packets that are passed through to the gateway. It is for this reason that application-level gateways are considered the most secure as they can actively scan for malformed packets or malicious content. Think of an application-level gateway as the eavesdropping parent. An eavesdropping parent has the most complete knowledge of his or her child's activities because he or she can listen into all of the child's conversations. An application-level gateway does have drawbacks, however, including speed and routing problems. Application-level gateways are notorious for the amount of time it can take to inspect packets.

A special kind of application-level gateway is a proxy server, which is a server that serves as the 'middle man' between two hosts that wish to communicate. In the proxy server model, the host wishing to communicate sends a packet to the application-level gateway (proxy server), which then makes the decision whether to forward the packet to the intended recipient or to deny the request to send the packet.

Security Products on our marketplace

ProProfs Free Online CompTIA Security+ Certification Exam School provides free study aids for the Security+ exam such as study guides, practice exams and practice questions. Visit free online Comptia Security+ school at: http://www.proprofs.com/certification/comptia/ http://www.ProProfs.com : Educational FREEway By Professionals & Professors!