Firewall is a set of programs or procedures in a network, which is designed to block unauthorized access from the users of other network. The firewall is located at the entry point of the network, where the administrator lists the services, which are either blocked or allowed. In layman’s language firewall can be understood as a barrier which checks the flow of data and restricts the flow of information which it perceives is unsafe for your network.
How does firewall work?
A firewall is placed at the junction point between two networks normally a private network and public networks like Internet. At this junction the information coming into the private network and going out from this network is filtered. Administrators can customize the default settings and disallow any kind of information deemed unsafe for the private network. So, a firewall makes the administrators know about any unsafe information.
Commonly used techniques to apply firewall:
- Packet Filter Technique – Data over the Internet is transferred via information packets or datagram. Packet filter technique inspects each data packet coming into the network on basis of some protocols which include the destination port and source IP address. This technique is easy to implement but is vulnerable to IP spoofing where the incoming data packet can forge the source IP address. Therefore, use of the firewall is extremely necessary to ensure the safety of data.
- Application Gateway - This technique examines the information from application to application. Data on the network can be regulated based on the restricted information or some server commands. This technique is quite efficient but is not that easy to implement.
- Circuit-level Gateway – Circuit level gateway first gives permission for the connection to be allowed between the public and the private networks and then allow data packets to be transferred. Even after connection has been allowed to establish, flow of every data packet transferred is closely monitored.
- Proxy Server – It regulates all the incoming and the outgoing traffic and also conceals the true identity of the network.