subject: Net Firewalls - What Are They And What Do They Do?
[print this page] A firewall is either software or hardware that is installed on a computer system that is meant to block unauthorized users from accessing the system, and at the same time, allowing users who have authorization to communicate with the machine. It can permit entry, deny entry, encrypt or decrypt any data that is either coming into or coming out of the computer. Today most firewalls are used to keep unauthorized internet users from gaining access to a private network that is also connected to the internet, like a company's private intranet. The term intranet means a computer network with restricted access. There are many different types of firewalls available, and each one has its own technique for doing essentially the same job.
One of the more popular types is a net firewall which is an abbreviated term for Network Layer Firewall, which are also sometimes referred to as packet filters. These types of filtering systems operate on a lower level of the TPC/IP protocol stack, and they will not let packet, which is simply a series of bits and bytes of data that travel through a computer network, through until that packet has met the criteria of established security rules. These rules can either be defined by a network administrator, or the protection filter can have a set of default rules to use should a network admin not want to define his own.
There are two categories that fall under the net firewall umbrella, and those are stateful and stateless firewalls. A stateful filter keeps information about an active session and can use that information to help speed up the processing of data packets. If a data packet fails to match a connection already in existence, then it is evaluated according to the rules put in place for new connections. If the data packet does match a connection already in existence, then it is allowed to pass through the firewall without the need for further examination.
The stateless firewall, the other protection filtering system, usually needs less memory than stateful, and use simple packet filters that will take less to look up information on a session, so they are faster too. These kinds of systems may be needed when filtering stateless network protocols that lack the model of a session. They will be able to make a more complex decision based on the stage of communication that has been reached between the hosts.
