3 – Firewall Types

Publisher Summary This chapter is intended to present a brief overview of firewall types available, as well as the relative advantages and disadvantages of each. The role of a firewall is typically filled by a computer that can reach both the private network and the Internet, thereby allowing it to restrict the flow of data between the two. The protected network, therefore, cannot reach the Internet, and the Internet cannot reach the protected network unless the firewall computer allows it. For someone to reach the Internet from inside the protected network, he or she must login to the firewall and use the Internet from there. With the preceding in mind, a dual-homed system—that is, a system with two network connections, is the simplest form of a firewall. A firewall can be set up with Internet Protocol (IP) forwarding or “gatewaying” turned off, and accounts can be given to everyone on the network, if system users can be trusted. The users can then login to the firewall and run their network services—FTP, Telnet, and mail—from there. Thus, the only computer on the private network that knows anything about the outside world is the firewall with this setup. Therefore, a default route is not needed by the other systems on the protected network. Such a system relies entirely on all users that are being trusted, and that's its greatest weakness. It is, therefore, not recommended.