This chapter provides a brief overview of firewallswhat they can and cannot do. It is not meant to comprehensively cover the topic of firewalls or network security in general. These topics are better covered by more general texts. In this chapter, you will explore some of the technologies used in firewalls, investigate which technologies are used by FireWall-1, and establish why FireWall-1 is the right firewall for you. Examples of how a given technology handles a specific service are also provided.
By the end of this chapter, you should be able to:
Understand what a firewall is and is not capable of
Understand what technologies firewalls typically employ
Discuss the pros and cons of different firewall technologies
Understand why FireWall-1 is the right firewall for the job
What Is a Firewall?
A firewall is a device that allows multiple networks to communicate with one another according to a defined security policy. They are used when there is a need for networks of varying levels of trust to communicate with one another. For example, a firewall typically exists between a corporate network and a public network like the Internet. It can also be used inside a private network to limit access to different parts of the network. Wherever there are different levels of trust among the different parts of a network, a firewall can and should be used.
Firewalls are similar to routers in that they connect networks together. Firewall software runs on a host, which is connected to both trusted and untrusted networks. The host operating system is responsible for performing routing functions, which many operating systems are capable of doing. The host operating system should be as secure as possible prior to installing the firewall software. This not only means knowing how the operating system was installed but also making sure that all of the security patches are applied and that unnecessary services and features are disabled or removed. More details about these security issues are provided in Chapter 3.
Firewalls are different from routers in that they are able to provide security mechanisms for permitting and denying traffic, such as authentication, encryption, content security, and address translation. Although many routers provide similar capabilities (such as high-end devices from Cisco), their primary function is to route packets between networks. Security was not part of their initial design but rather an afterthought. A firewall's primary function is to enforce a security policy, and it is designed with this in mind.