Firewalls Network Security Considerations

Firewall is a very generic term, in the sense that it may represent a wide variety of hardware or software components. Given below are a few types of widely known firewalls:

1. Host based firewalls

2. Network based firewalls

3. Enterprise firewalls

1.Host based firewalls:

Host-based firewalls, popularly known as personal firewalls are devices or programs intended to protect a single computer. Examples of this type of firewalls are ZoneAlarm, Norton Personal Firewall, and the Internet Connection Firewall (ICF) built into Windows XP. The personal firewalls are generally software based and cost less than $100.

2.Network based firewalls

A network based firewall normally protects the entire network of computers behind the firewall. There are several firewall vendors including Checkpoint, Cisco, Microsoft, and Symantec. A firewall may be implemented using software or hardware. The selection of firewall depends primarily on the functionality, speed, and cost.

a. Software based firewalls: A firewall that runs on generic operating systems such as Windows and Linux is known as software firewall. Examples of software firewall are: Microsoft ISA Server (uses Windows 2000/2003), CheckPoint FW-1 and many personal firewalls such as Zone Alarm. FW-1 runs on Windows NT/2000, Solaris, Linux, and AIX, as well as proprietary appliance operating systems.

b. Hardware based firewalls:Firewalls that run in a proprietary hardware and software environment are known as hardware based firewalls. Examples of hardware firewalls include Cisco PIX, SonicWall, NetScreen, Watchguard, and Symantec’s 5400 series appliances (which run their Enterprise Firewall software).

Advantages of hardware firewalls over software firewall:

  • Speed: Normally, the hardware firewalls are tailored for faster response times, and hence handle more traffic loads.

  • Security: A firewall with its own operating system (proprietary) is less prone for attacks. This in turn reduces the security risk. In addition, hardware firewalls have enhanced security controls.

  • No Interference: A box, that is separated from other network components can be managed better, and does not load or slowdown other applications. The box can be moved, shutdown, or reconfigured with minimal interference to the network.

Disadvantage of hardware firewalls:

  • Cost. Normally, a dedicated hardware firewall costs more than a software firewall.

  • Difficult to install, and upgrade.

  • Takes up physical space, and involves wiring.

Advantages of software firewalls:

  • Cheaper

  • Ideal for personal or home use

  • Easy to configure or reconfigure

Disadvantages of software firewalls:

  • Takes up system resources

  • Sometimes difficult to remove or un-install a firewall completely.

  • Not suitable where response times are critical.

Enterprise Firewalls:

Enterprise firewalls are designed for large, geographically distributed networks. They are capable of handling 1000s of users, have faster throughput, and have advanced features, such as:

  • Ability to manage multiple firewalls centrally Sophisticated monitoring and reporting mechanisms. For example, Symantec's enterprise firewall has a web-based Security Gateway Management Interface (SGMI) that enables administrators to easily deploy and configure local and remote security gateways from any Web-enabled system (using Microsoft® Internet Explorer 6.0 or higher or Netscape® Navigator 7.0 or higher)

  • Load Balancing: High Availability/Load Balancing cluster nodes maintain Firewall and VPN sessions to extend the software's scalability and eliminate network downtime.

  • Support wireless client machines in a networked environment,

  • Inspection of data from physical layer up to the application layer on packets passing through the security gateway, providing enterprise-class protection for both application- and network-level attacks

  • Scalability: Offers scalability to expand with the organizational needs.