Proxies and Firewalls

Proxy server

This generally is used to better the performance of the network. It can also act as a firewall. Proxy servers have an advantage because they hide your internal IP addresses and can be configured to block access to certain web sites and filter certain port traffic. A firewall if configured along with the proxy server is more effective.

Application gateway proxy

An application gateway is essentially a type of proxy server. The application gateway is the only address seen outside the network. All communications between any application on any computer within the network and a computer outside the network is directed via the application gateway/proxy. The secure host system is configured with two network interfaces and acts as the intermediary between the two networks. For each application protocol a proxy needs to configured and implemented. Application gateway/proxies keep the internal network separate from the external network providing a form of Network Address Translation. These are slower than Static or Stateful packet filtering since all the packets must pass through the seven layers of OSI model before inspection. Also each protocol requires its own gateway/proxy application. From a security point of view it is better but it is not so practical especially is new applications policies are required and clients need to be configured. In case of large networks it may degrade performance. It is more susceptible to DoS attacks.

Dynamic/Adaptive proxies

This combines both Packet filtering and application gateway proxy. Once a connection has been cleared the application level communication begins. The corresponding packets from that particular connection are passed by the network layer itself. In case of new connections the packets are sent to the application layer for inspection before it is allowed to make a connection with any application. This is done with the help of dynamic state tables.

Circuit-level Gateway

This monitors TCP and UDP sessions. Once a session is established all packets belonging to that session is allowed through. When the session is terminated the port is closed. Circuit level gateway exists at the fourth layer of the network (transport layer).

Personal Firewalls

Personal firewall does not meet the definition of a firewall. Yet it is called so because it controls access between the network and one specified device. In many cases it comes along with the operating system or along with the antivirus software. These are mainly to protect your computer from the un-trusted network and are more like internet firewalls.

So, what's best for me?

Hybrids are a mixture of both packet filter and application layer proxies. Lowest risk traffic is provided the highest throughput and higher risk traffic is put through stateful inspection and the highest risk goes through Application gateway proxy.

Network Address Translation is a method of concealing the IP addresses of the internal machines from an external network. The IP addresses are translated using the NAT table and then the packets are forwarded to the respective destinations.

Given the many options it is best to consult an expert and then formalize your company’s security. Issues like services required, convenience and scalability need to be factored into the design and these are best realized through discussion with an expert. Firewall reviews have given network security software ‘Zone Alarm Pro’ quite a good review to be the best firewall software other firewall software: Norton firewall and McAfee personal Firewall also get ratings that make them the most popular after Zone Alarm Pro.

Related Articles

How Vulnerable is Your Network?
Can You Find Out who is Intruding Your PC?
Top Network Security Products
Hacking and Network Security