How to Select Network Firewalls
Image Credit: Moxa Inc.
Network firewalls protect computer networks against unauthorized use or attack. They permit or deny access to private network devices and applications, and represent an important part of an organization's overall security policy. Firewalls may be software applications, hardware devices (such as routers), or a combination of both. They include turnkey products that are relatively easy to install as well as complex, multi-layer installations that require the expertise of a certified network administrator.
How Firewalls Work
Firewalls use various techniques to validate domain names and IP addresses. Typically, they also filter packet headers to determine whether or not to allow individual data packets. These packet filters inspect the source address and the destination address, the transport-level protocol (e.g., TCP), and other packet characteristics.
Many network firewalls also use proxies, programs or applications that receive traffic destined for other computers. Unlike a packet filter, a proxy generates the connection to the remote machine and can determine if the connection is legitimate. In this way, proxy servers make network requests on behalf of workstation users.
Application firewalls like the one in the diagram below are also used for network security.
Image Credit: Tech Republic
Types of Network Firewalls
Although packet filter firewalls and proxy firewalls are the most common types, some networks also use distributed or dynamic firewalls.
- Distributed firewalls require network administrators to load a single network policy specification onto all networked machines. These firewalls are more time-consuming to install and configure, but can be combined with an intrusion detection system (IDS) that reacts to anomalous events.
- Dynamic firewalls also modify their rules based on incoming traffic. Although they do more than stop traffic, dynamic firewalls may block legitimate websites after defending against attacks that are disguised to appear as if originating from these valid sites.
Other types of network firewalls require signatures or are designed to permit access to mobile or cellular users.
Product and Performance Specifications
The GlobalSpec SpecSearch database allows industrial buyers to search for network firewalls based on parameters such as the number of ports, data rate, and number of concurrent connections. Often, these ports use an RJ-45, USB or other serial interface. With some network equipment, support for wireless communication and VoIP is available. Firewall product and performance specifications also cover the processor or CPU type, process speed, and the amount of RAM.
Features and Applications
Features of firewalls include logging and reporting, automatic alarms at given thresholds of attack, and a graphical user interface (GUI) for configuring the firewall.
Related Products & Services
Network equipment is used to split, switch, boost, or direct packets of information along a network. This product area includes network hubs, switches, routers, bridges, gateways, multiplexers, transceivers and firewalls. In addition to device type, network equipment is defined by protocol (e.g., Ethernet).
Network hubs provide a central location for attaching wires to workstations. Often, these hardware devices include a network switch that controls how and where data is forwarded.
Networking repeaters regenerate incoming electrical, wireless, or optical signals to preserve signal integrity and extend the distance over which data can travel. They are often used to connect cable segments in IEEE 802.3 networks.
Network routers are protocol-dependent devices that connect subnetworks, or that break down a large network into smaller subnetworks.
Network switches connect network devices to host computers and allow a large number of devices to share a limited number of ports. They increase network capacity and speed by examining and filtering data packets. Switches also regenerate forwarded packets, reducing collision rates and permitting the use of additional nodes.
Network transceivers connect nodes and send and receive signals. In Ethernet networks, they are called medium access units (MAU).
VoIP and IP Telephony
VoIP and IP telephony allows PC users to make phone calls over the Internet or other packet networks via gateways and standard telephones.