Virtual Firewalls

A firewall is a network security device placed between networks to logically separate and protect the privacy and integrity of business communications across these networks, and to safeguard against malicious use. Firewalls are positioned between a corporate private network (trusted network) and other public networks, and monitor and enforce Corporate policies on all the communication flowing in and out of the corporate network.

Conventional firewalls performed the basic function of controlling access to communication occurring between an enterprise network and the outside world. However, next generation firewalls have significantly increased security capabilities. One very essential function is of preventing Denial-of-service (DoS) and Distributed DoS attacks. Denial-of-service is when a hacker or malicious user programmatically probes the Intranet to gain access to a private network, and then proceeds to use this information to further repeatedly scan and install disruptive tools. This leads to the network being compromised and steals considerable processing capabilities of the network, resulting in disrupting service and rendering the network unavailable to customers for large lengths of time.

A simple firewall configuration consists of a box with 3 ports one port connecting to the network that requires the firewall, another to the Internet, and the third port to DMZ networks providing useful public utilities such as HTTP and FTP.

Firewalls can be standalone or installed as an integrated gateway solution. Standalone firewalls require significant administration effort and are a less-preferred solution, keeping in mind the increasing network complexity and rising security needs. Enterprises and small businesses increasingly prefer routers and gateways with built-in Firewalls with widely acceptable technologies like Stateful Packet Inspection (SPI). Stateful Packet Inspection provides the highest level of security by extracting the state-related information required for security decisions from all application layers and maintaining this information in dynamic state tables. This information is then used for evaluating further action on packets of the same session.

View Entire Paper | Previous Page | White Papers Search

If you found this page useful, bookmark and share it on: