What is a firewall? What are the firewall design principle?
1 Answer


  1. Firewall is a security barrier between two networks that screens traffic coming in and out of the gate of one network to accept or reject connections and services according to a set of rules.

  2. A firewall is like a secretary for a network which examines requests for access to the network. It decides whether they pass a reasonableness test. If they pass it they are allowed through and if not they are refused.

  3. If a man wants to meet the chair of the community department, the secretary does a certain level of filtering but if the man wants to meet the President of the country, the secretary will perform a much different level of filtering.

  4. A network firewall is placed between the internal network, which might be considered safe and the external network or the Internet which is known to be unsafe.

  5. The job of the firewall is to determine what to let into and out of the internal network. In this way, a firewall provides access control for the network.

  6. There are essentially three types of firewalls. Each type of firewall filters packets by examining the data up to a particular layer of the network protocol stack.

The firewalls are:

i. A packet filter is a firewall that operates at the network layer.

ii. A stateful packet filter is a firewall that lives at the transport layer.

iii. An application proxy is a firewall that operates at the application layer where it functions as a proxy.

Design Principles:

i. All traffic from inside to outside and vice versa must pass through the firewall. This is achieved by physically blocking all access to the local network except via the firewall. The configurations used for this are screened Host Firewall (Single and Dual) and Screened Subnet Firewall.

ii. Only authorized traffic as defined by the local security policy will be allowed to pass. Various types of firewalls that can be used are Packet-Filters, Stateful Filters and Application Proxy Filters.

iii. The firewall itself is immune to penetration. This implies that use of a trusted system with a secure operating system.

Please log in to add an answer.