First page Back Continue Last page Summary Graphics
Types of Firewalls
Stateless or Static Packet-Filtering Firewalls
- Operates at the IP and transport layers
- Decisions based on the header contents of current packet
Stateful or Dynamic Firewalls
- TCP connection state and UDP exchange state
- Application layer inspections
Packet-Filtering Firewall
- Stand-alone Bastion
- Dual-homed Bastion
- Screened Host
- Screened Subnet
Proxy
- Application-level Gateway
- Circuit-level Gateway
Notes:
Each approach has it advantages based on the differing information available at the various TCP/IP Reference Model layers.
Elaborate commercial firewall products incorporate some combination of packet-filtering, protected screened hosts, and application proxying into a multi-tiered security package.
Proxy == application-level gateway: initiates connections to remote services on the client's behalf - act as gateways to remote services.
Some sources distinguish between application-level and circuit-level proxies. In that case:
An application-level proxy knows about the specific application protocol.
A circuit-level proxy simply makes connections on the clients behalf without any knowledge of the applications.