Firewall Techniques


Firewall - A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Firewall techniques
In practice, many firewalls use two or more of these techniques in concert.
Packet Filter - Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.  
Application gateway - Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
Circuit-level gateway - Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.   

Proxy Server - Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

SOHO - Short for small office/home office, a term that refers to the small or home office environment and the business culture that surrounds it.  A SOHO is also called a virtual office.    

UTM - short for Unified Threat Management.  A comprehensive security product that includes protection against multiple threats. A UTM product typically includes a firewall, antivirus software, content filtering and a spam filter in a single integrated package.  

VPN - (pronounced as separate letters) Short for virtual private network.  A VPN is a secure, private tunnel between two or more devices across a public network such as the internet. A VPN device can be anything from a standard PC with VPN software installed on it to a dedicated hardware device called a VPN router.
At the very basic a VPN allows computers at different locations to communicate with each other in a safe and secure environment. This can be two computers at different offices or thousands of computers on different networks around the world.
A VPN is secure because it employs very strong encryption to protect your data as it travels across the internet. Even if a hacker or snooper were to try to eavesdrop on the communication they wouldn't be able to understand it because all the data is so highly encrypted. Another important security aspect of VPN technology is that VPN devices continuously monitor their data traffic in very sophisticated ways that ensure information is never altered while travelling across the public network.

VPN Server - A VPN server is the piece of hardware or software acting as the gateway into an entire network or just a single computer. In most scenarios it is always on and listening for VPN clients to connect to it and authenticate.  

VPN Client - A VPN Client is most often a software program but can also be hardware as well (usually another VPN router). The client initiates a conversation with the server and attempts to authenticate and log on. If authentication is successful then the VPN client and VPN server are able to communicate as if they were on the same network. At this point they are on the same virtual network.

VPN Protocols - There are two major protocols (or languages) that VPN technology employs to communicate.  PPTP or Point to Point Tunneling Protocol, originated with Microsoft, and IPSec - Internet Protocol Security, originating with Linux.  Both protocols are still in use.  PPTP has good encryption and also features authentication for verifying a user ID and password. IPSec is purely an encryption model and is much safer but does not include authentication routines.  A third standard, L2TP - Layer 2 Tunnel Protocolis IPSec with authentication built in.

Source