The Five Types of Firewall Architecture
In its most basic sense, a firewall exists to prevent unwanted access to your computer network. Firewalls isolate your computer from the network with a layer of code that inspects all incoming and outgoing traffic. Whether attacks come in the form of malware hidden in files or websites that intend to do you harm, your firewall is going to work to prevent damage from being done to your computer, network, and data.
In general, there are 5 types of firewall architecture that each have their own levels of inspection depth and resource drain. Choosing the one that fits best with your network really depends on the level of download and upload traffic that your business conducts.
Packet Filtering firewalls are the simplest and oldest. When data is sent across a network, it is sent in “packets,” like little digital envelopes. This type of firewall only looks at the outside of the packet, pulling data about the originating IP address, destination, type of packet (photo, video, application, etc.), and port number. The drawback is that it never “opens” the packet to see what’s inside. Malware programs can easily be disguised as something else and make their way into your network.
Stateful Inspection firewalls are more intensive than packet filtering, in that they constantly monitor the network over which data packets are being sent. To do so, they inspect each packet to ensure that it is part of an established TCP (Transmission Control Protocol) session. These sessions exist when one computer is communicating with another through the internet by compiling packets of data and sending them back and forth. If the firewall detects that the packets are not being sent through a trusted TCP, they drop the file before it reaches its destination.
Circuit Level Gateways monitor TCPs as well, with more focus on the so-called “handshake” connection. A TCP handshake connection entails both the local host and the remote host sending an authorization data packet back and forth, essentially giving permission for them to connect to each other. It either approves or denies the proposed connection based on its analysis of whether or not it is legitimate. The drawback to this is that it doesn’t inspect the actual contents of the packet, which means that a remote host can send malware through a trusted connection without the firewall noticing an issue.
Application Level Gateways, sometimes called Proxy Firewalls, inspect data packets at the application level to filter incoming traffic between the local network and the source of the traffic. An Application Level Gateway actually connects to the source of the traffic and conducts a “deep layer inspection,” in which the packet is opened, inspected, repackaged, and sent to the receiver by the proxy, instead of the original sender. This is an intensive level of firewall security, but it can slow down file sharing processes dramatically.
Next Gen Firewalls are a bit of an enigma, as there is no industry-wide definition of their features. In general, though, they combine the best features of all architecture types. Next Gen firewalls conduct deep packet inspection, monitor TCP handshakes, and inspect the surface level facets of the packet. Many also feature IPSs, or Intrusion Prevention Systems, that monitor network traffic and stop unauthorized people or programs from accessing it.
Understanding the level of firewall protection that your business network needs begins with talking to an expert. Verus has been providing firewall expertise since its inception in 2002. We understand the nuances, drawbacks, and benefits of each type. Contact us today to learn more about firewall services offered by Vers Corp, including our preferred partners and what they can offer your business network safety.