Firewall Appliances
Essay by 24 • November 5, 2010 • 816 Words (4 Pages) • 1,069 Views
Hardware Firewalls
Hardware firewalls, or firewall appliances as they are more commonly known, are
dedicated devices whose sole function is to implement a pre-determined access control policy. Of course any piece of hardware is virtually useless without software, and so is the case of a firewall appliance. Although most firewall appliances are plug_and_play, there still is a requirement to interface with them through the software in order to configure them to your security policies. This interface can be a Graphical User Interface (GUI) as in the case of SonicWall's firewall appliances (Fig. 5a)
Figure 5a. Screen shot from SonicWall creating access rules with objects.
or Command Line Interface (CLI) as in the case of the Cisco PIX line of firewall appliances. There are programs available, however, that allow you to program PIX products via the more user-friendly GUI.
A fully featured firewall appliance will include NAT (Network Address Translation), DMZ (De-Militarized Zone), VPN (Virtual Private Network), Intrusion Detection and extensive audit logging with alarm condition detection and reporting. Content Filtering is another popular feature of firewall appliances and can be a highly desirable option to prevent pornography and specific non-work related web sites from being accessed (www.firewall-servers.com/what_are_firewall_servers.html). An example of a full featured firewall appliance is the very popular Cisco PIX line of appliances. Cisco products are very prevalent in military networks and the PIX seems to be the firewall of choice. In one network architecture we looked at, the PIX was placed between a router that connected to the outside world (Internet) and a router that connected the internal network where the users reside. One feature of the firewall that was used was dynamic NAT to map the users' private IP addresses to a small pool of public IP addresses that belonged to the organization. This particular organization uses a predetermined script that implements all the port and address blocking, and provides for VPN access to remote sites. These scripts are updated often to reflect new threats to network security almost in the same fashion as security patches are added to individual machines.
There are several firewall appliances on the market today that focus on specific security areas such as Spam and Spyware and do not provide the full functionality. Barracuda is a company that makes such products. The Barracuda Spam Firewall works hand in hand with e-mail servers to protect clients from spam, viruses, spoofing, phishing, and spyware (in the form of attachments). Barracuda claims this appliance can handle up to 25,000 e-mail users and 15 million e-mails per day. They also have a product called the Web Filter that does content filtering, application blocking, and spyware blocking. This type of device seems to protect organizations from themselves inasmuch as it does from others by controlling where the users can and can't go on
...
...