Packet filtering or network layer (Layer 3) firewalls make decisions based on the source and destination addresses and ports in IP packets. This basic form of firewall protection is really no more than a simple sorting algorithm. Generally they enable you to have some control through the use of access lists. Packet filtering can also often be performed by other network devices such as routers and is generally what you get when you download free firewall software.
Packet filtering works well for small networks but when applied to larger networks can quickly become very complex and difficult to configure. Packet filtering also cannot be used for content-based filtering and cannot, for instance, remove e-mail attachments. This type of firewall has little or no logging capability, making it difficult to determine if it’s been attacked.
The more sophisticated proxy or application layer firewalls deal with network traffic by passing all packets through a separate “proxy” application that examines data at an application level.
A proxy firewall doesn’t allow a direct connection between your network and the Internet. Instead it accepts requests and executes them on behalf of the user. For instance, if you’re behind a proxy firewall and type http://www.blackbox.co.uk, the request goes to the firewall, which gets the page on your behalf and passes it to you. This process is transparent to users
This proxy system enables you to set a firewall to accept or reject packets based on addresses, port information and application information. For instance, you can set the firewall to filter out all incoming packets belonging to EXE files, which are often infected with viruses and worms. Proxy firewalls generally keep very detailed logs, including information on the data portions of packets.
Proxy firewalls are slower and require more hardware than packet filtering; however, their greater versatility enables you to enforce tighter security policies.
When a firewall is described as stateful inspection, it means that it examines packets at the network layer like packet filtering does but, rather than just applying simple filtering rules to this information, it uses it in an intelligent way to block out unauthorized traffic. It analyzes data to make sure connection requests occur in the proper sequence. This firewall tracks each communications session from start to end and enforces set rules based on protocol, port and source and destination addresses. By maintaining all session data, the firewall can quickly verify that new incoming packets meet the criteria for authorised traffic. Packets that aren’t part of an authorised session are rejected.
Stateful inspection firewalls have the advantage of being both smart and fast.
Packet-based, proxy and stateful inspection used to be distinctly different types of firewalls, but today nearly all modern firewall appliances are hybrids which provide packet-based, proxy and stateful inspection firewalling.
Enterprise Security Architecture
To find out more information on this topic and more, visit our section on Network Security