Solution

Stateful Inspection Firewalls :

• These firewalls combine both packet inspection technology and TCP handshake verification to create a level of protection greater than either of the previous two architectures could provide alone.

• However, these firewalls do put more of a strain on computing resources as well. This may slow down the transfer of legitimate packets compared to the other solutions.

Proxy Firewalls :

• Proxy firewalls operate at the application layer to filter incoming traffic between your network and the traffic source hence, the name “application-level gateway.”

• Rather than letting traffic connect directly, the proxy firewall first establishes a connection to the source of the traffic and inspects the incoming data packet.

• This check is similar to the stateful inspection firewall in that it looks at both the packet and at the TCP handshake protocol.

• However, proxy firewalls may also perform deep-layer packet inspections, checking the actual contents of the information packet to verify that it contains no malware.

• Once the check is complete, and the packet is approved to connect to the destination, the proxy sends it off.

• This creates an extra layer of separation between the “client” (the system where the packet originated) and the individual devices on your network—obscuring them to create additional anonymity and protection for your network.

• It’s that they can create significant slowdown because of the extra steps.

Application Level Firewall :

• These firewalls operate at the application level.

• In other words, they filter the traffic only with regards to the application (or service) for which they are intended.

• For example, a firewall for monitoring traffic to all the web applications your network uses.

Next-Generation Firewalls :

• Many of the most recently-released firewall products are being advertised as “next-generation” architectures.

• Some common features of next-generation firewall architectures include deep-packet inspection (checking the actual contents of the data packet), TCP handshake checks, and surface-level packet inspection.

• Next-generation firewalls may include other technologies as well, such as intrusion prevention systems (IPSs) that work to automatically stop attacks against your network.

• The issue is that there is no one definition of a next-generation firewall, so it’s important to verify what specific capabilities such firewalls have before any conclusion.