Firewalls Network Security Considerations
is a very generic term, in the sense that it may represent a wide variety
of hardware or software components. Given below are a few types of widely
Host based firewalls
Network based firewalls
Hardware based firewalls
Software based firewalls
1.Host based firewalls:
firewalls, popularly known as personal firewalls are devices or programs
intended to protect a single computer. Examples of this type of firewalls
are ZoneAlarm, Norton Personal Firewall, and the Internet Connection
Firewall (ICF) built into Windows XP. The personal firewalls are generally
software based and cost less than $100.
2.Network based firewalls
network based firewall normally protects the entire network of computers
behind the firewall. There are several firewall vendors including
Checkpoint, Cisco, Microsoft, and Symantec. A firewall may be
implemented using software or hardware. The selection of firewall
depends primarily on the functionality, speed, and cost.
Software based firewalls: A firewall that runs on generic operating
systems such as Windows and Linux is known as software firewall.
Examples of software firewall are: Microsoft ISA Server (uses Windows
2000/2003), CheckPoint FW-1 and many personal firewalls such as Zone
Alarm. FW-1 runs on Windows NT/2000, Solaris, Linux, and AIX, as well as
proprietary appliance operating systems.
Hardware based firewalls:Firewalls that run in a proprietary hardware
and software environment are known as hardware based firewalls. Examples
of hardware firewalls include Cisco PIX, SonicWall, NetScreen,
Watchguard, and Symantec’s 5400 series appliances (which run their
Enterprise Firewall software).
of hardware firewalls over software firewall:
Normally, the hardware firewalls are tailored for faster response
times, and hence handle more traffic loads.
A firewall with its own operating system (proprietary) is less prone
for attacks. This in turn reduces the security risk. In addition,
hardware firewalls have enhanced security controls.
Interference: A box, that is separated from other network components
can be managed better, and does not load or slowdown other
applications. The box can be moved, shutdown, or reconfigured with
minimal interference to the network.
of hardware firewalls:
Normally, a dedicated hardware firewall costs more than a software
to install, and upgrade.
up physical space, and involves wiring.
of software firewalls:
of software firewalls:
up system resources
difficult to remove or un-install a firewall completely.
suitable where response times are critical.
Enterprise firewalls are designed for large, geographically
distributed networks. They are capable of handling 1000s of users, have
faster throughput, and have advanced features, such as:
- Ability to manage multiple firewalls centrally Sophisticated
monitoring and reporting mechanisms. For example, Symantec's
enterprise firewall has a web-based Security Gateway Management
Interface (SGMI) that enables administrators to easily deploy and
configure local and remote security gateways from any Web-enabled
system (using Microsoft® Internet Explorer 6.0 or higher or
Netscape® Navigator 7.0 or higher)
- Load Balancing: High Availability/Load Balancing cluster nodes
maintain Firewall and VPN sessions to extend the software's
scalability and eliminate network downtime.
- Support wireless client machines in a networked environment,
- Inspection of data from physical layer up to the application layer
on packets passing through the security gateway, providing
enterprise-class protection for both application- and network-level
- Scalability: Offers scalability to expand with the organizational