Types of firewall...

Hi,

I'm currently working on a firewalls project as part of my degree. I'm currently defining the types of firewall out there and have comprised the following list:

1. Static packet filter

1.1 Dynamic packet filter

1. Proxy server

2.1 Circuit level proxy 2.2 Application level proxy

1. Stateful Multilayer inspection

Is this a correct, complete list?? Or am I missing something??

Cheers,

Ben

I'm afraid there will never be a "correct, complete list", there are too much going on, too many firewall architectures that won't fit a single type definition (and maybe not even multiple!). Not that it isn't worth trying, though... but it might be a degree in itself.

As Duane's URL shows, there are some basic designs, but I'm not sure that's what you are asking for. Other than a misunderstood screened subnet (or maybe I misunderstand the illustration) and the missing packet filtering bridge, it seems like a good resource. Packet filtering bridges are firewalls, and even network firewalls, they're just not network _layer_ firewalls in that they do not "exist" on the network layer. But they may filter at the network, and even application layer, statefully of course. Multiple DMZ zones, transparent proxies and IDS systems can easily be a packet filtering bridge.

However, the basic types of network firewalls are two; the packet filter and the proxy.

The packet filter can be stateful, multilayer, deep, dynamic, and whatever; it is still a packet filter. It inspects the packets on the network as they appear, and makes decisions on whether they should be allowed or denied based on a set of rules (which may or may not include looking up state tables, may or may not modify itself based on the context in which the packet appears, etc).

The proxy stands out because it acts as a relay, or middle man. The client only knows it connects with the proxy server, and the server only sees a connection from the proxy server; it has no clue that it isnt the "real client", or real end-point if you prefer that term. A typical application level proxy is a service, or program, which knows the protocol/application so good that it is indistinguishable from a "real client" (see Squid, Sendmail), while the typical circuit level proxy is more like a NAT router in that it only deals with the connections (circuits).

What kind of degree are you doing? What is the title, or purpose of this project? I'm just beeing curious.

In general, there are two kinds of firewalls. Packet Filter and Proxy firewalls in my opinion. Although there are many Marketing terms, in reality, they can be classified as one or the other.

You can see the comprehensive resources regarding the commercial firewalls at

Good Luck!

How does the following sound...

static packet filter - Network Level - Filters on basis static rule-set of IP packet header dynamic packet filter - Network/Transport levels - as above +dynamic rule-set which maintains list of current open unprivileged ports (thus, no need to open all unprivileged ports)

proxy - transport or application level - man-in-the middle

Stateful multilayer inspection - Network, transport and application - provides dynamic packet filter + algorithms to recognise and process application layer data (which are faster than application-proxy approach)

Regards,

Ben

I know!! The misuse of (or lack of standardisation of) terminology is a bit of a nightmare.

That is probably the best resource I've seen (and I've looked at a lot of them), cheers Duane.

One thing I dislike - this is also true of other source - is the use of the OSI model as opposed to the TCP/IP model. In my opinion the TCP/IP is the most relevant model due to its prevalence on the Internet, and hence should be used when discussing firewalls.

Thanks for that, its pretty comprehensive.

I'm studying an MEng in Computer Science/Software Engineering at the University of Birmingham, England -

The module (/project) is titled ``Individual study" and essentially enables students to study anything that interests them outside the general scope of their chosen degree course - I'm studying firewalls, although I have covered a *lot* (probably too much) of networking stuff along the way.

Thanks for your help,

Ben

[snip]

Ah, I see. I checked out your universitys web site before asking and I found no mention of specific computer security research, hence the question :) Good luck!

At present there doesn't seem to be very many universities doing a great deal at undergraduate level in the security domain. The majority of establishments that do, are considered lower academically. At PhD level there are slightly more opportunities....

I expect this will change over the next few years with more courses becoming available. The course I am currently taking only introduced a `computer security' module last year (its now run twice).

Ben

They can't teach something they don't practice :)

Of all the computers we've found infected, the ones in Student Dorms were the worst - one computer we checked had more than 800 DIFFERENT VIRUSES on it, and it was spamming the network with thousands of packets every minute. If they can't secure a dorm, they can't teach a course in security.

Luckily, it's not the students (at least not the undergrads) who teach :)

Where I'm from, that would be the students personal computer, not under any management from the universitys side. However, the last years these networks has been separated from the rest of the campus network and is firewalled so that they might only infect other students computers behind the same firewall... I hope similar strategies are implemented in other universities aswell.

800 different viruses is no record by the way. A kid at a local "LAN-party" (is that a well known term?) had several thousands before he started complaining about his computer running slow. I bet people like him is what drives this performance race of personal computers, all these viruses makes the computer so slow they have to upgrade :)

Yes, we've got the same here, I was thinking more like "responsible for the teaching of subject N". But anyways, I think it's a great way to learn. It's not only lectures and professors but also more like p2p...

[snip]

They would be more like 10-14 year old kids who slaughter online

3D terrorists some 15hrs each day. I think they're more likely to become managers than someone who has to think for a living :)

Going OT....

Not strictly true... At Birmingham second year students may teach first years and MSc's teach second years (I'm not sure if third years teach second years). Although the teaching tends to be in `excercise classes' or programming `lab sessions'.

I would assume these are non-Computer Science students.... (or at least hope...)

lol. Says he who has just purchased a new machine for his sister... Although admittedly her machine was a 500mhz machine and she wanted to play The Sims.

Ben