The network inhabited by the gateway is often called a demilitarised zone (DMZ). The DMZ refers to a part of the network that is neither part of the internal network or directly part of the Internet.
4 general techniques that firewalls use to control access and enforce the site’s security policy:-
- Service control – determines the type of Internet services that can be accessed inbound or outbound. The firewall may filter traffic on the basis of IP address and TCP port number: may provide proxy software that receives and interprets each server request before passing it on, or may host the server software
- Direction control – determines the direction in which particular service requests may be initiated and allowed to flow through
- User control – controls access to a service according to which user is attempting to access it. This feature is typically applied to users inside the firewall. It may also be applied to incoming traffic (requires some form of secure authentication).
- Behaviour control – controls how services are used – e.g. may filter emails to eliminate spam.
Types of Firewalls
There are two general types of firewalls: application layer firewalls and packet filtering firewalls.
A Bastion host is one which has been identified as a critical strong point in the network’s security. Only services that are considered essential are installed on the bastion host and it operates a secure version of the operating system, making it a trusted system.
There are three common firewall configurations:
- screened host firewall, single homed bastion;
- screened host firewall, dual-homed bastion;
- screened subnet firewall.