Firewalls are used in businesses to help prevent attacks, mitigate security issues, and provide a sense of known security for the organization. Firewall characteristics are generally the same from firewall brand or vendor to another in that they provide authorized access only into a network. This review will look into the common security features that are present within firewalls and how they are used in daily functions to help prevent issues that threaten organizations.
Firewalls work by preventing unauthorized access into a network by monitoring and enabling / disabling traffic via security policies and procedures. Grimes states, “Firewalls work by inspecting and filtering packet traffic between two networks. Firewalls are categorized according to the layer of the Open System Interconnection (OSI) model that they inspect. Most firewalls are packet filters, meaning they work at the network layer of the OSI model and make logic decisions based on the packet's IP addresses (source and destination), IP port numbers, and whether the packet is in UDP or TCP format. Circuit-layer firewalls work at the transport layer of the OSI model and inspect host-session information. Circuit-layer firewalls can block packets based on the host name and other IP session information such as flags and sequencing numbers” (Grimes, 2003). Some recent firewalls even include autoban features that help monitor network activity and autoban a point of entry (often IP address or port) that alleviates known attacks or patterns of attacks such as DDOS. Many firewalls now include monitoring and reporting activities to alert Information technology staff that an issue is or has occurred and what steps were taken automatically by the firewall to prevent the issue. In the attempt of autoban, it is a great feature but should be managed by the IT staff to ensure local necessary traffic is not blocked automatically that should not be. In other words, often firewalls with auto-ban and auto-block features can return false positives where each should be reviewed and analyzed by the IT staff.
Some attacks do bypass firewall level security features such as software based worms, Trojans, or other malicious software, as the firewall acts as a high level traffic monitoring hardware / software mechanism and does not analyze actual code or software that is passed. Firewalls generally work off of positive or negative filtering of packets to allow network traffic to pass into the network or be blocked from it. It is important to note that firewalls do contain numerous security features and characteristics, cannot prevent all network related security issues from occurring. For example, upset employees that already have authenticated access to the system may sabotage or harm the network of which the firewall can not manage. Features or portions of the network that bypass the firewall must be analyzed and planned for to ensure maximum network uptime and performance.
Firewalls can be used as a...