Source: copys.biz

Before firewall under development, routers provided network security through the use of access control lists. Firewall themselves did not come on stage late 1980s in response to the demand for greater security that the Internet began to take shape.

Before firewall under development, routers provided network security through the use of access control lists. Firewall themselves did not come on stage late 1980s in response to the demand for greater security that the Internet began to take shape.

The first firewall were fairly simple packet filters which worked by inspecting the IP packets and by comparing certain information contained in the packet with a packet filtering rule set. The Source and Destination IP, and the type of Protocol address would normally be checked against this set of rules. When the TCP or UDP protocol type, and port numbers would also be checked. This meant that application using many protocols are port numbers may be identified and filtered through the port numbers associated with them. If applications use port-number standard and then their identification would not be possible. Packet filters so are really effective in the lower layers of the OSI model up to 4 layers, layer. These firewall packet filter is known as stateless persons, because they are not in a position to determine where a package is in a flow of packets, or what the State of the connection is both.

The next development was the stateful packet inspection where each data packet is examined, and its position in a stream. A stateful packet inspection firewall can determine whether an individual package is part of an existing conversation or course water, or if it is the beginning of a new connection. This type of firewall was given the label of second generation as it is a place of the stateless original packet filter.

Firewall of first and second generation could not ensure detection or filter specific applications, unless they have been adhering to the published lists well-known TCP and UDP ports. In other words, it would be possible to bypass the firewall by creating applications of communications protocol using non-standard ports. If we are to have confidence that we can protect our networks from unauthorized access or harmful content, then we must be able to perform a thorough inspection of the packets. A firewall with this ability is often called an application layer firewall because it can detect content application specific protocol regardless of the TCP or UDP port numbers to use. All applications that were unusual characteristics be filtered to ensure that viruses and other unwanted elements do not infect the network.

A fairly new feature which is sometimes associated with Firewall later is sandboxing, a security feature that has the capability to separate programs and create an environment where untrusted programs can be executed with relative security. These programs are limited to access certain resources on a host, such as disk space or memory.

A proxy server is normally a stand-alone device or software running on a host that acts as a filter of packages for connection requests. It is an intermediate device, sitting between hosts and servers that filter requests by checking the IP addresses, Protocol and contents of application. If the proxy server considers that the connection request is valid, and then it connects to the application server and request the service for the client. A proxy server will often cache of information such as web pages and return this content directly client devices rather than passes the request to the server application such as a Web server. Well that there are now several types of Proxy servers, by far the most common is the proxy caching, which is used with many means of networks of enterprise and service provider networks.

To summarize, proxy servers and firewalls commonly found in networks today and firewalls have evolved since the first stateless packet filter types at the end of the 1980s. With many applications running on the Internet today, it is imperative that we are able to examine and analyze the contents of network packets and not only the header information. Some servers proxy, in particular caching proxies, are able to act as a central point of filtering of the network for many services of application, as well as power cache content and to convey this content directly to client devices without involving the application server.