Personal firewalls are designed to protect a single host from unauthorised access. They can take the form of software or hardware.
Network firewalls protect the whole network from unauthorised access. They can be a dedicated appliance (hardware) which is installed on the system or a software application or an integration of the two.
Software firewall applications are installed on top of the operating system and can be configured for more than one purpose including spam filter and DNS server. Examples of personal software firewalls include ZoneAlarm and Comodo; network capable software firewalls include Linus IPTables and Checkpoint NG.
Hardware firewalls are dedicated appliances that physically sits between two networks ; for example, the internet and the organisation's network. An example of a dedicated appliance could be the CISCO PIX or a Netgear router (for SO/HO).
(Noonan & Dubrawsky , 2006)
Packet filtering firewalls analyse network traffic at the transport protocol layer. Every packet is examined to see if it matches one of a set of rules defining what data flows are allowed. The rules identify whether communication is allowed based upon the information contained within the internet and transport layer headers and the direction in which the packet is headed.
Packet filters typically enable you to permit or deny the data flow based on the following controls:
* the physical network interface that the packet arrives on
* the source of the packet (IP address)
* destination (IP address)
* the type of transport layer (TCP, UDP, ICMP)
* the transport layer source port
* the transport layer destination port
Circuit level firewalls operate at the session layer of the OSI model examining each connection to ensure that it follows a legitimate 'handshake' for the transport layer protocol being used (usually TCP). Data packets are not forwarded until the handshake is complete otherwise they are dropped. The firewall maintains a table of valid connections letting network packets containing data pass through when network packet information matches an entry in the virtual circuit table. The virtual circuit between the two transport layers is closed once the conection is ended and the table entry is removed.
Application level firewalls or proxy firewalls work at the application layer of the OSI mode by forcing both sides of communication through the proxy. The process is run as though it is happening on an end system. For each protocol a specific service must be run. For example, FTP for file transfers, SMTP for email. Proxy firewalls look more deeply into the packets before determining the applied rules.
NAT firewalls originally existed as a separate type but are now usually incorporated into most firewalls. The NAT firewall provides protection by only allowing connections originating within the network and can present connections to the Internet from many IP addresses but makes them look as though they come from one single address.