Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

What Roles Do Firewalls and Proxy Servers Play in Network Security?

By David W Christie

Prior to Firewalls being developed, routers provided network security through the use of Access Control Lists. Firewalls themselves only came on scene in the late 1980s in response to the demand for greater security as the Internet began to take shape.

The first Firewalls were fairly simple packet filters that worked by inspecting the IP packets, and comparing certain information in the packet with a set of packet filtering rules. The Source and Destination IP Address, together with the protocol type would normally be checked against this set of rules. When TCP or UDP were the protocol type, then the port numbers would also be checked. This meant that application protocols using well know port numbers could be identified and filtered by means of the port numbers associated with them.

If applications are using non-standard port number then their identification would not be possible. Packet filters are therefore only really effective at the lower layers of the OSI reference model up to Layer 4, the transport layer. These packet filter firewalls are known as Stateless, because they are not able to determine where a packet sits within a stream of packets, or what the condition of the connection is at the time.

The next development was that of stateful packet inspection where each data packet is examined, as well as its position within a data stream. A stateful packet inspection firewall can determine whether an individual packet is part of an existing conversation or stream, or whether it is the start of a new connection. This type of firewall was given the label of second-generation as it was a step up from the original stateless packet filter.

Both First and Second-generation firewalls could not guarantee to detect or filter particular applications, unless they were adhering to the published lists of well-known TCP and UDP ports. In other words it would be possible to circumvent the firewall by setting up applications protocol communications using non-standard ports. If we are to have confidence that we can protect our networks from unauthorised access or harmful content, then we need to be able to perform deep packet inspection.

A firewall with this capability is often known as an application layer firewall because it can detect specific application protocol content regardless of the TCP or UDP port numbers in use. Any applications that exhibited unusual characteristics would be filtered out to ensure viruses and other unwanted material did not infect the network.

A fairly new feature that is sometimes associated with later firewalls is sandboxing, a security feature that has the ability to separate programs and create an environment where untrusted programs can be run with relative safety. These programs are restricted from accessing certain resources on a host, such as memory or disk space.

A proxy server is normally a standalone device or software running on a host that acts as a packet filter for connection requests. It is an intermediary device sitting between hosts and server that filters the requests by checking IP Addresses, Protocol and⁄or application content. If the proxy server deems the connection request to be valid, then it connects to the application server and requests the service on behalf of the client device.

A proxy server will often cache information such as web pages and return this content directly to the client devices rather than forward the request to the application server such as a Web server. Although there are now many different types of Proxy Servers, by far the most common is the Caching proxy, which is in use with many medium to large business networks as well as Service Provider networks.

To summarize, both proxy servers and firewalls are commonly found in networks today and firewalls have evolved since the first stateless packet filter types at the end of the 80s. With so many applications running on today's Internet, it is imperative that we are able to interrogate and analyse the content of the network packets and not just the header information. Some proxy servers, in particular caching proxies, are able to act as a central filtering point in the network for many application services, as well as be able to cache content and forward this content direct to the client devices without involving the application server itself.

David Christie is MD at NSTUK Ltd, a Technical Training and Consultancy company based in the Northeast of England. David delivers technical training in the area of Data Communications and Telecoms and also provides consultancy and Training Needs Analysis. The company runs an ecommerce website specialising in the sale of Networking hardware and consumer electronics. Website: IP express

More Network Security Articles:
• How to Become a Professional Ethical Hacker
• ARP, MAC, Poisoning, and WiFi Security
• How to Stop Hackers from Invading Your Network
• Public Key Infrastructure
• NMAP (Network Mapper) Port Scanner
• Firewall Internet Security - The Basics of a Firewall
• Firewall Rules
• What's the Difference Between Sniffing, Snooping, and Spoofing?
• How SSL (Secure Sockets Layer) Works
• Detecting Network Sniffers
Menu - More
Network Security

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268