A review of current firewall technologies

Abstract

As corporations become more reliant on Internet based resources, the security of the corporation from Internet based attacks becomes more and more important. One of prime technologies that allow the corporation to have increased security between the internal network and the Internet is that of a firewall.

A firewall is a filtering system that grants the firewall administrator the ability to create certain filter rules that determine what kind of traffic is allowed to cross the firewall. This paper examines the many different types of filtering that can be applied to traffic that goes through a firewall and how these have been implemented in practice. The actual filtering is only part of what a firewall must do; the firewall must also be able to report back to the firewall administrator various items of information, such as any blocked traffic.

Seven different firewall products are examined to see how the different design decisions the various vendors have made affect the implementation of certain filtering functionality. This paper also examines the logging functionality of the firewalls, as this is the main reporting mechanism that the firewall administrator will use.

Much of the development of firewalls has been driven by the ‘needs’ of customers as perceived by firewall developers. This has lead to some very advanced features in some areas but significant gaps in some other areas. This paper attempts to examine some of these advanced features and highlight some of the gaps that need more research and development.