Honeypots, IDSs, and Firewalls 381
are present to allow for further subdividing the systems based on the specific security
objectives of the organization.
Demilitarized Zone (DMZ)
A DMZ is a buffer zone between the public and private networks in an organization. It is
used to act as not only a buffer zone, but also a way to host services that a company wishes
to make publicly available without allowing direct access to their own internal network.
A DMZ is constructed through the use of a firewall. Three or more network interfaces
are assigned specific roles such as internal trusted network, DMZ network, and external
untrusted network (Internet).
Remember that each implementation is a little different in how it functions.
You should know the cast of characters involved in its layout.Types of Firewalls
Not all firewalls are the same, and you must know the various types of firewall and be able
to understand how each works:
Packet Filtering Firewall This is perhaps the simplest form of firewall. It works at the
network level of the OSI model. Typically these firewalls are built directly into a router
as part of its standard feature set. This firewall compares the properties of a packet such as
source and destination address, protocol, and port. If a packet doesn’t match a defined rule,
it is dropped. If the packet matches a rule, it typically is allowed to pass.
Circuit-Level Gateway This is a more complex form of firewall that works at the session
layer of the OSI model. A circuit-level firewall is able to detect whether a requested session
is valid by checking the TCP handshaking between the packets. Circuit-level gateways do
not filter individual packets.
Application-Level Firewall These firewalls analyze the application information to make
decisions about whether to transmit the packets.
A proxy-based firewall asks for authentication to pass the packets because
it works at the application layer. A content caching proxy optimizes
performance by caching frequently accessed information instead of
sending new requests for the same data to the servers.Stateful Multilayer Inspection firewall This firewall combines the aspects of the other
three types. They filter packets at the network layer to determine whether session packets
are legitimate, and they evaluate the contents of packets at the application layer. The
inability of the packet filter firewall to check the header of the packets to allow the passing
of packets is overcome by stateful packet filtering.