There are various types of firewall, depending on the technology they use: packet filtering firewalls, stateful packet filtering firewalls, application firewalls and dynamic packet filters. Any firewall can be classified under one or several of these categories.
Packet filtering firewalls
This technology belongs to the first generation of firewalls. It works at network and transport layer in the OSI model (layer 3 and 4), analyzing IP addresses and ports. Each packet that enters or leaves the network is inspected and accepted or rejected based on the rules defined by the firewall administrator. Packet filtering is effective and transparent to network users. Decisions based on packet filtering are taken rapidly, and therefore this type of firewall offers optimum performance.
Some of the problems with this type of firewall are the following:
They cannot determine if the packet that it has let through contains some type of malicious code.
They are difficult to setup and configure.
They are vulnerable to IP Spoofing.
Stateful packet filtering firewalls
This technology belongs to the second generation of firewalls and validates that packets correspond to a connection request or to a connection between two devices. It applies security mechanisms when a TCP or UDP connection is established.
Stateful packet filters keep an internal table with the state of the connections through the firewall. This type of firewall decides whether to accept or reject traffic on a connection-by-connection basis. These decisions are taken using both the information used by simple packet filters and the internal connections filter. Their performance is also optimum, even better than that of the simple packet filter, as in order to decide what to do with a packet corresponding to a connection, it only needs to consult the table. Once the connection has ended, its entry is deleted from the state table and data transmission is closed.
However, the connections table requires memory space, and they should therefore be run on systems with adequate memory space.
Application firewalls (application proxies)
This type belongs to the third generation of firewalls. It functions as a server and client, acting as an intermediary between the systems that want to communication. This type of firewall allows decisions to be taken based on the data sent by each application and can implement authentication for certain protocols. These are potentially the most secure, although they are also the most complex and offer the lowest performance. In general, they are specific for each application. Application proxies operate at levels 3, 4, 5, 6 and 7 (network, transport, session, presentation and application levels respectively) of the OSI model.
This type of firewall uses this knowledge about the information transferred to provide more selective blocking and to allow certain types of authorized applications to function correctly. They often have the capacity to modify the information transferred in order to trick applications into thinking that the firewall does not exist. Others also incorporate additional software for more in-depth traffic filtering at application level, such as antivirus software for HTTP or SMTP traffic or intrusion detection systems and can generate audits of the information transmitted.
Dynamic packet filters
This type belongs to the fourth generation of firewalls and allows security rules to be modified. In this case, two or more techniques are used to configure the firewall.