A firewall device is a software application engineered to restrict access between two networks in order to prevent unauthorized access. There are numerous types of firewall devices. Some function as part of an operating system, while others are dedicated software applications. The most common types include a packet filter, a stateful packet filter, an application gateway or proxy, and an intrusion protection system (IPS) or intrusion detection system (IDS). There are other firewall devices as well, but they are often not as effective.
Packet filters closely examine every packet of information that enters a network and permits or denies it entry based on previously established user rules. These rules may involve such factors as the source Internet protocol (IP) address, whether or not the package is trying to establish a connection, and protocols such as the transmission control protocol (TCP), the user datagram protocol (UDP), and the Internet control message protocol (ICMP).
A stateful packet filter, also known as a dynamic packer filter, is essentially an upgrade from the original packet filter. It can manage rules like its predecessor, but it can also monitor active connections and subsequently use this additional information to better gauge whether an incoming packet is safe or dangerous. This type of firewall device is more convenient because it allows a user within the Intranet to request access to content that normally wouldn’t be allowed through the firewall.
An application gateway, also known as an application-level gateway, is an even more intelligent and sophisticated firewall device. It functions as a middleman or proxy between a computer or server and the remote system that is requesting access. If an inbound request passes authentication, the gateway then retrieves the appropriate information and submits it back to the remote server. This means that there are two simultaneous connections in action at once, which are the one between the server and gateway, and the one between the gateway and remote server.
The last two firewall devices are IPS and IDS. IPS works inline by detecting and blocking incoming attacks, while IDS merely detects attacks and then alerts the administrator. Although IPS is a more effective firewall device, it uses up many more system resources because it works inline. IDS, on the other hand, does not clog up memory, but it also does not provide that much protection. As such, IDS is typically combined with another firewall device, such as a stateful packet filter or application gateway.