A firewall is a computer program which is intended to block unauthorized access to the computers or networks. A firewall was developed in response to a number of major internet security breaches, when the first internet virus Morris Worm was detected in the late 1980s. Although Morris Worm was not malicious, it originated multiple vulnerabilities in the computers (machines).
A firewall is used to prevent computer hackers from unauthorized access to the computer through the internet, and thieving important information or infecting the computer system with a computer virus.
It examines the flow of information from the intranet or the internet to a computer. All messages (information) leaving or entering the IP networks or intranet are passed through the firewall, which scans each message and blocks those messages not meeting the specified security criteria.
Firewalls can be implemented in two ways –
1. Software Firewall – It is the most common type of firewall, which monitors information coming to the computer via the internet and blocks those that do not meet the security criteria. This firewall can be downloaded over the internet or can be installed from a computer disk that you have purchased.
2. Hardware Firewall – It is a physical network device that sits between the computer and the internet (for e.g. broadband router). It can protect multiple computer systems that are connected to it at the same time.
VoIP (Voice over Internet Protocol) uses an Internet connection, and it does not have the same security as telephone lines. VoIP firewalls are required, since disruption and interference doesn’t need to be physical to cause damage, and these attacks can come from anywhere on the network. They provide the same level of security (protection) for VoIP traffic as normal firewalls do for data and applications traffic. A VoIP firewall defines some security policy to deny or allow certain calls. To provide higher security, the firewall should not add any noticeable latency to voice traffic and must be highly reliable.
VoIP firewall is used to prevent these attempts of hackers by:
• Opening media ports only when valid request is received.
• Closing all open ports or connection when call is completed.
• Changing ports for each call.
• Validating sequence number for VoIP packets.
• Monitoring media packets and VoIP signaling.
• Using randomized TCP (Transmission Control Protocol) sequence numbers to validate TCP session data flow.
• Monitoring attempts to open too many TCP/IP connections.
There are four types of firewall techniques –
• Packet filter – Packet filtering monitors each packet passing through the network and allows or discards those packets that do not meet the user-defined rules. Although it is difficult to configure, but it is mostly transparent and fairly effective for its users. It is vulnerable to IP address spoofing (creation of IP packets with a fake IP address).
• Application Gateway – It is used to apply security mechanisms to a specific application like Telnet and FTP servers.
• Circuit-level Gateway – It is used to apply security mechanisms when a UDP or TCP connection is established.
• Proxy server – Proxy server hides the true network addresses. It intercepts all messages leaving or entering the network.