|
Design
A person should think of many issues before
they start designing a firewall. The
most important issue is to decide how you want your firewall to work. In a company most importantly you can decide
if you want the employees to only have access to critical sites that allow you
to do business or if you just want to prevent sites, which contain unauthorized
words that your company does not want to be associated with. A checklist can be created that denies access
to sites with unauthorized words. It is
also important to figure out how much money you are willing to spend on a
firewall. The cost can range from $100,
000 for a high end firewall to free for firewall that are low end. It is also important to make sure that your
firewall will be compatible with the existing programs you are running.
Technical
A traffic routing service is placed between
the network service providers and your internal network called a firewall. There are two types of firewalls. One of these is placed in the network level
and the other at the application level.
New technology has made it hard to distinguish between these two because
they are very closely intertwined.
The Network Layer makes it decision for
filtering based on the source, destination addresses and ports in an individual
IP packet.
 Source: This is the
user and the computer. You are
accessing the internet as a source and may be blocked from going to
specific sites.
 Destination addresses and port: Any service machine makes its services available to the internet
using numbered ports. A company
might block a specific port such as port 21, a FTP server, on all machines
except one inside the company.
A simple router is used to make it so that
the computer cannot reach specific destinations. The modern network firewall has become extremely sophisticated to
decipher if the information passing through them is allowed.
The Application level firewalls generally
are hosts running proxy servers.
 Proxy Servers: They
permit no traffic directly between networks. They provide elaborate logging of the traffic passing
through them. The information must
go through one side and out the other where it has been thoroughly
examined. A proxy server is used
to prevent the direct contact of the network and the internet.
In either of these firewall types if an incoming
message is flagged it is not allowed through the firewall. This allows you to have control over what
access your computer has to the internet and what is allowed to your
computer. The future of firewalls will
most likely end up somewhere between the application level and the network
layer.
|
