When it comes to question “how proxy firewall works” there are situations, when the activation of security suites represent a temporary workaround for connection problems.
Most firewalls, proxies (or other methods to share the Internet connection) can limit the access to PC ports. Operating according to your configuration can block packets you receive from an unknown source.
There are different techniques and implementation of this process, which will be explained and discussed briefly here.
How proxy firewall works: Firewall techniques (filtering method)
One distinguishes between:
- Packet filters
- Application level firewalls
- Stateful Inspection
For use on a PC directly connected to the Internet there’s also the desktop firewalls.
Packet filter (also port filter) are the simplest version of a firewall, even if in its core it is nothing but a firewall.
Here, the header of each protocol (IP header, ICMP header, TCP header, UDP header) is verified and processed according to the configured filter rules.
- good performance, due to the relatively low functionality
- simple configuration
- sophisticated attacks won’t be blocked most likely (eg Fragmentation Attack, in which the TCP header is divided between the first and the second packet)
- Exploitation of vulnerabilities (buffer overflow WinNuke)
- limited opportunities for logging
- no content filtering (eg Active-X, cookies, FTP PUT)
- hard to handle large number of filter rules (source of error!)
Application level firewalls (ALF) / proxy server
The Application Level Firewall is switched into the data stream between the client and server, and flow in the direction of the client server. For any TCP service, therefore, a separate program (the so-called proxy) is essential.
- proxy works depending on the direction of the data stream
- malfunction of the proxy is largely a security breach
- IP address remains invisible
- good / diverse logging options
- due to machining on OSI Layer 7 – lower performance
- not all firewalls and applications are proxy-friendly
Introduced by Checkpoint filter technology, Stateful Inspection is capable of checking the current status and context information to remember or take them into account when filtering.
Given this, though the firewall operates mainly at Layer 3, or 4 – eg averted the fragmentation attack or manipulated in progress / response are thoroughly detected. Thus, Stateful Inspection Firewalls represent a mishmash between a pure filtering and application level firewalls that combine the best of both worlds.
SPI (Staful Packet Inspection) firewalls are now the group / Technology firewalls that are most widely used and have kept even feed on (cheap) DSL routers.
Structure of a (safe) firewall system
When you are low on your budget, it can suffice, to protect your machine with a single firewall. In this case, the Intranet is still protected, even if the outer firewall should have been compromised. In addition, computers / servers can be placed in this DMZ without the need to provide equal access to the entire internal network.
It is also recommended, that you implement an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).
Personal firewalls / Desktop Firewalls
Personal firewalls (also known as desktop firewalls), as the name implies, are used on the PC. A related issue is the use of proxy servers, such as Wingate. If you have further questions about this topic, then please post them in our forum.