Understanding Firewalls: Essential for Network Security

Firewalls lay the foundation for network security. One of the most effective steps an organization can take to ensure network security is to install firewalls. A firewall can effectively enforce general security guidelines, such as disallowing audio streaming, controlling Internet access, or providing a virtual blockade from unknown network traffic. A firewall can be implemented as a software application or a hardware device and is designed to handle a number of crucial security tasks:

• Firewalls restrict network traffic between networks.
• Firewalls provide a chokepoint—a single point of entry or exit.
• Firewalls can record network activity.

Because firewalls play such an important role within a network and are usually placed in the most vulnerable position within the network configuration, it is crucial to ensure that every measure of diligence is expended in the upkeep of these devices.

• Packet Filtering Firewall

Packet Filtering Firewall

The most basic and widely used, it uses rules to restrict network communication that is inbound or outbound from the firewall. For example, organizations can block all inbound network traffic except e-mail traffic that traverses the firewall.

• Dual-Homed Gateway Firewall,
• Screened Host Firewall, and
• Screened Subnet Firewall.

Network Address Translation (NAT)

In security terms, NAT allows an organization to use one subnet to route traffic internally. Then at the firewall or router, those addresses are translated into IP addresses that can participate on the Internet. This allows organizations to hide their hosts from strangers on the Internet. No routing to or from these addresses takes place over the Internet.

Demilitarized Zone (DMZ)

Like its military counterpart, a demilitarized zone (DMZ) is designed as a neutral area to separate threats from protected assets. With regards to network security, a DMZ is usually accomplished by implementing at least two separate firewalls—one facing the Internet and one facing the internal network. Between the firewalls, an organization usually implements its Web, e-mail, or other Internet-accessible servers. The purpose is to allow the outside world limited access to Internet-accessible servers and provide another layer of protection to the internal network in case the Internet-accessible servers are compromised.

System and Personal Firewalls

In addition to the firewalls implemented on the network, companies can provide another layer of security by installing firewalls on the computer systems themselves. For example, for remote workers who connect to the corporate network, a firewall installed on the laptop offers another layer of network security.