Firewalls or also known as firewalls are a fundamental element in the perimeter security of any home or company. The domestic routers that we all have at home have a firewall to allow or deny connections from abroad, with the aim of protecting ourselves against possible attacks that we carry out, The same is also true in companies, this type of technology is used to allow or block access between two or more networks. Today at RedesZone we are going to explain the types of firewalls that exist and what are their strengths and weaknesses.

What is a firewall and what is it for?

A firewall, or also known as a firewall, is a hardware and / or software system that is responsible for monitoring all incoming and outgoing connections on different networks, with the aim of allowing or denying traffic between different networks. A firewall can be installed on a final computer or host, but also on a router that incorporates a firewall, and even a dedicated one to control all connections between different networks.

When we install a firewall on a computer or final host, it will allow us to block or allow data traffic at the IP level, This means that we will be able to allow or block the connections that we want, and only our specific team will be affected, and not the rest of the local network equipment. When we have the firewall on the router, or directly have a dedicated firewall, then we can allow or block network traffic from all devices on the local network, whether domestic or professional.

The objective of a firewall is to allow or block connection attempts, to prevent unauthorized users from sending us different types of packages, We can also visualize and block any traffic made by the applications installed on our equipment, in addition, we could also configure an intrusion detection and prevention system, with the aim of increasing its functionalities.

Today there are firewalls both by software and by hardware, Logically, hardware firewalls include an operating system with all the necessary functionalities to evaluate the network traffic to be allowed or blocked. However, there are different types of firewall depending on how we configure them and what characteristics they have, then we will explain in detail the different types that exist today.

Firewall types

Currently we have different types, both for the Windows operating system and also other software specifically geared towards firewalls. Knowing the difference between the different types is very important to choose the one that interests us.

Stateless Firewall or Stateless Firewall

This type of firewall is the most basic that exists, it is known as « stateless firewall » or « firewall with packet filtering ». This is the type is the oldest and simplest we have, this type of firewall is usually installed within the perimeter of the network, does not route any type of package nor does it know if the different connections that are allowed have been established or not. This type of firewall works based on predefined basic rules, where we must accept or deny the different packages, but never controlling if the connection has been established, if it is related to other ports as it happens with the passive FTP protocol, nor if the connection is invalid.

Advantage

• It doesn't cost a lot of money to do maintenance.
• Easy to configure on small networks, as long as you have a basic network knowledge.
• The processing of the packets is very fast, it simply controls the headers where the destination IP is, and also the TCP or UDP ports among other protocols.
• A single team can take care of filtering all the traffic from a network.

Disadvantages

• If the network is medium or large, it may be difficult to configure and maintain it.
• Does not control established, related or invalid connections.
• If attacks are carried out at the application level, it is not capable of detecting and mitigating it.
• It has no protection against all attacks on existing data networks.

If you want to have good security and prevent intrusions, our recommendation is that you do not use this type, without using the SPI ( Stateful Packet Inspection ).

Stateful Packet Inspection

This type of firewall is more advanced than the previous one, this type is known as « with state », and it is capable of knowing if a connection has been established, it is related and even invalid. This guy is the least we should have to be quite protected against external threats. Thanks to the fact that it is a stateful firewall, it is capable of supervising the active connection, track and even limit the number of simultaneous connections on a certain computer to protect it against DoS attacks. Other very important characteristics are that it is capable of preventing malicious traffic from gaining access to the internal network, since it can monitor connections in real time and even detect unauthorized access attempts.

Advantage

• It protects us much better than one without state or stateless.
• It is capable of monitoring and supervising incoming and outgoing connections.
• You know if a connection has been established, and even how many connections are there.
• It allows to record all traffic efficiently and quickly.

Disadvantages

• It is more complicated to configure than a stateless.
• Does not protect against application level attacks.
• Some protocols do not have status information, such as UDP, so you are not able to verify if these connections have been established.
• Consume more team resources by having to save the status of all connections.

This type of firewall is the one that is usually used when we use dedicated hardware, a Linux server and other devices. It is always recommended to use this instead of the previous one.

Application-Level Gateway Firewall

An application level firewall ( ALG ) is a kind of proxy that provides us with security in applications, the objective of this type of firewall is to filter incoming traffic based on certain rules. Not all the applications we commonly use are supported by ALG, for example, FTP, SIP, various VPN, RSTP protocols, and BitTorrent protocol do support it. The ALG operating form is as follows:

• When a client wants to connect to a remote application, the client really connects to the proxy server, never directly to the final application.
• The proxy server will be in charge of connecting with the application, it will be the one that establishes communication with the main server.
• There will be communication between client and main server, but always going through the proxy.

Below, you can see the advantages and disadvantages:

Advantage

• Registration of all traffic is easy, since everything goes through the proxy.
• Easy to configure in certain cases, since we usually have a graphical user interface.
• Direct connection from outside the local network is not allowed, security improves.

Disadvantages

• It does not support all the applications that exist.
• Performance can be affected by the use of a proxy in between.

We have this ALG type available in most domestic routers, and, of course, also in professionals.

Next-Generation Firewall

The Next-Generation Firewall or also known as NG-Firewall are technologically advanced firewalls. They have Stateful Packet Inspection technologies, in addition, they carry out a deep inspection of all the packages that goes beyond looking at the header of the IP, TCP or UDP packet, among other protocols, is able to see the payload being sent in order to protect us against more sophisticated attacks. These types of firewalls offer inspection at the application level, so we reach layer 7 of the OSI model.

Although it generally offers the same benefits as an SPI firewall, they are more advanced in allowing dynamic and static packet filtering policies to be applied, together with advanced VPN support in order to protect all incoming and outgoing connections on the network. NGFWs are the most widely used in medium and large companies to protect all communications.

Advantage

• They are the safest.
• Very detailed record of everything that happens.
• Supports deep packet inspection, including OSI L7 level for perfect protection.

Disadvantages

• It is very expensive, both hardware and software and maintenance license.
• You need more hardware resources than a traditional one.
• To limit false negatives or positives, a training time is required to adjust it correctly.

This type are the most recommended to use in the business field, since it incorporates the best of the SPI and the ALG, since it supports absolutely everything in addition to adding additional features in order to protect the network.

Conclusions

Having a firewall on our computer is very basic and even the Windows or Linux operating system itself incorporates. In home environments with WiFi routers, we have it integrated into the equipment itself, iptables being the most widely used since the firmware of all routers is based on Linux, so it carries this type of SPI type firewall ( Stateful Packet Inspection ). If we are in a somewhat more advanced environment and want to protect everything at the network level, Having a hardware firewall like Netgate appliances with pfSense or similar platforms is highly recommended, especially since they incorporate additional functionalities like IDS and IPS, in addition to being able to install and configure VPN servers easily and quickly.

Any local team or network must have a minimum of one SPI firewall, of course, medium and large companies always use NGFWs that are much more advanced and allow us a greater capacity to detect attacks and are even capable of mitigating malware, since they are in charge of carrying out a deep inspection of packages at the L7 level, with the aim of protecting all the equipment of the professional local network.