Types of Firewall - How Firewalls Work?
Broadly categorized, there are two types of computer firewalls: firmware (the one that comes with your modem/router) and software. Going into depth, there are four most used types of firewall. These firewall types are based on different levels of network models: mostly TCP/IP and sometimes ISO-OSI. The Internet operates on the TCP/IP model and OSI model is for local networks. Be it your router or software, it is one or combination of the following types of firewall:
Packet Filtering Firewall: Data transmission over networks and Internet occurs in form of data packets. Each data packet contains some data, the source and destination IP address, and the application signature. The application signature helps Packet Filtering Firewall to determine the application that generated the data packet. While the application signature and destination IP helps in determining if the data packet is safe, the source IP can trick the firewall into allowing the packet. People with malicious intentions will show a trusted source as IP address using some technique. This technique of fooling the firewall is called spoofing. The firewall can be made more secure by creating a set of filters. The data packets should be able to pass these filters to cross the firewall.
Stateful Packet Inspection Firewall: These firewalls study the patterns of data packets (source/destination IP address, data bytes' size, and application signature) to determine if the host has previously acknowledged them. If the Stateful Packet Inspection Firewall determines that the current packet is in the same pattern of a previously allowed packet, it is allowed inside and no further checks are done. For the first packet in such communications, the firewall stops the first data packet and waits to see if the computer allows or denies the packet.
Proxy Type Firewall: Proxy Type Firewall is used more in networks. Instead of real IP address of server, the data packets are encountered with a proxy software or device. This device determines which packets to allow and which to deny. In effect, the network is not available to the outer world without the proxy. The Proxy Type Firewall studies the application signature. It is then matched with the authorized applications list. If it matches, the firewall allows the data packets.
Circuit Gateway Firewall: The least used type, Circuit Gateway Firewall does not allow any real protection except that it hides the network or computer behind the firewall. In effect, all communications seem to originate from the firewall. Circuit Gateway Firewall is generally combined with other types for greater protection.
The above four types of firewalls are not comprehensive. Several other firewall types are introduced regularly - as a result of ongoing research on computer security.