“Firewalls” are applications that prevent unauthorized access by outsiders of confidential data. It works more commonly in tandem with a router program that examine each network packet and decides if it will be suitable for the destination system or not. Also, a firewall is often equipped in a proxy server or works with it, making network requests in behalf of the users. The firewall is also common installed in an isolated computer so that incoming request will not directly go to the private network instantly. It protects the resources of the main private network from individuals and other networks.
Firewalls are highly recommended for corporations or homes that have intranet networks that are connected to the internet themselves. There are many firewall screening methods available the simplest screens requests and sees if they come from valid and acceptable IP addresses and they can also allow remote access to a private networks through the use of logon procedures and other identification methods. There are a lot firewalls available today, and most of then have features such as logging and reporting functions, alerts and an attractive user interface (“Firewall”, 2006).
Firewalls come in three variants: Packet filters, Circuit Gateways, and Application Level Gateways. Packet Filters: comes in two kinds. The first one is known as static packet filters, which have a fixed or static configuration that determines if packets can be denied or allowed. They do not maintain any records of the session and they handle packets on a per piece basis. The second kind are called stateful packet filters which are more flexible than static filters because they maintain packet memory and packets may be denied or granted according to the settings (Sengodan et al, n.d. ).
A Circuit Gateway on the other hand commonly resides at the edge of the home network, where it makes a TCP connection or circuit to each of the communications endpoints. The most common of these is called SOCKS (Sengodan et al, n. d. ). Finally, there are Application Level Gateways (commonly known as proxies) that work by having a sort of awareness of the applications. It is rather costly and not that very scalable (because each application would required a proxy at the edge of the network), although they are known to be very secure (Sengodan et al, n.d. ).
Firewalls are seen as very viable solutions for today’s security conditions and are widely available for both home and corporate use. Though firewalls are more popular for home use, some corporations are starting to use them. Next generation firewalls, called “Firewall controlled interface” which features a very open interface that is very functional and flexible interface that can be moved towards the end devices that controls the firewalls to allow legitimate traffic to pass about (Sengodan et al, n.d. ).
DMZ A DMZ (or demilitarized zone) in computer terms is a computer host or small network that is equipped as a sort of “neutral ground” between the company’s private network and the external public network. It essentially prevents access of delicate and restricted data by unscrupulous external users. The term DMZ was derived from the geographic zone that existed between North and South Korea during the Korean Civil War.
Basically, in a typical DMZ configuration that is suited for a small enterprise, a separate and independent computer host receives requests from a private network or from a public network. The DMZ commonly starts the session for these particular requests on the external public network. However, the DMZ host is not capable of and will not start a session back to the private network. Also DMZ hosts can only forward packets that have been previously requested (“DMZ”, 2005). Public network users outside the company network can access the DMZ host.
The DMZ basically has the company’s Web pages preloaded into its systems so that it can be accessed or served to the company’s external environment. The DMZ computer provides access to only the company data and no more. In the case that the DMZ computer is breached or penetrated the DMZ’s host’s security or in the case of corruption of the web pages of the company then company information will still not be corrupted, stolen or exposed by outside sources. Cisco, one of the world’s largest producers of routers produces DMZ systems and other DMZ related products (“DMZ”, 2005).