Firewalls: Guidelines and Procedures
Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. While firewalls are often discussed in the context of Internet connectivity, they may also have applicability in other network environments. For example, many enterprise networks employ firewalls to restrict connectivity to and from the internal networks used to service more sensitive functions, such as accounting or personnel. By employing firewalls to control connectivity to these areas, an organization can prevent unauthorized access to its systems and resources. Inclusion of a proper firewall ...view middle of the document...
The application layer sends and receives data for particular applications, such as Domain Name System [DNS], Hypertext Transfer Protocol [HTTP], and Simple Mail Transfer Protocol (SMTP). The application layer itself has layers of protocols within it. The transport layer provides connection-oriented or connectionless services for transporting application layer services between networks, and can optionally ensure communications reliability. Transmission Control Protocol [TCP] and User Datagram Protocol [UDP] are commonly used transport layer protocols. The IP layer routes packets across networks. Internet Protocol version 4 [IPv4] is the fundamental network layer protocol for TCP/IP. Other commonly used protocols at the network layer are Internet Protocol version 6 [IPv6], ICMP, and Internet Group Management Protocol [IGMP]. The hardware layer handles communications on the physical network components. The best known data link layer protocol is Ethernet (Sourour, Adel, & Tarek, 2009).
Addresses at the data link layer, which are assigned to network interfaces, are referred to as media access control [MAC] addresses. An example of this is an Ethernet address that belongs to an Ethernet card. Firewall policies rarely concern themselves with the data link layer. Addresses at the network layer are referred to as IP addresses. The transport layer identifies specific network applications and communication sessions as opposed to network addresses; a host may have any number of transport layer sessions with other hosts on the same network. The transport layer may also include the notion of ports. A destination port number generally identifies a service listening on the destination host, and a source port usually identifies the port number on the source host that the destination host should reply to. Transport protocols such as TCP and UDP have ports, while other transport protocols do not. The combination of source IP address and port with destination IP address and port helps define the session. The highest layer represents end user applications (Sourour, Adel, & Tarek, 2009).
Firewalls can inspect applications traffic and use it as the basic for policy decisions. Basic firewalls operate on one or a few layers, typically the lower layers, while more advanced firewalls examine all of the layers. Firewalls that examine more layers can perform more granular and thorough examinations. Firewalls that understand the application layer can potentially accommodate advanced applications and protocols and provide services that are user-oriented. For example, a firewall that only handles lower layers cannot usually identify specific users, but a firewall with application layer capabilities can enforce user authentication and log events to specific user (Sourour, Adel, & Tarek, 2009) .
Firewalling is often combined with other technologies, most notably routing. Furthermore, many technologies often associated with firewalls are...