Technical Reports
FIREWALLS
Application Gateway
The most effective and the simplest type of firewall is called an Application Gateway
(sometimes known as a Proxy Gateway). A proxy gateway contains servers (software
programs) that enable your computers to obtain information from the internet. Simply put,
your computer asks the proxy to obtain some information, and the proxy obtains it for
you, passing it back to your computer once it has obtained the information.
Application Gateways can be installed to provide some types of access (eg: web
browsing, downloading files, e-mail access) but to prevent other types of access (eg:
telnet, MUD, etc).
Packet Filter
A packet filter is a more complex type of firewall that is typically used when there are a
certain computers inside the office network that need to be accessed from outside of the
network.
A packet filter will look at every piece of information that comes into your network from
the internet and determine whether the access request is acceptable or not, based on rules
that you apply to it.
Packet filters are often used when a virtual private network (VPN) is required. A VPN can
be used to allow telecommuters or customers to access your local network (given
appropriate authorisation and password checking) as if they were directly in your office.
Current theory states that packet filters are less secure than application gateways, because
application gateways prevent all access to your network, while packet filters allow some
access. VPNs are prone to spoofing by outsiders and for this reason are often
compromised.
De-Militarized Zone (DMZ)
A combination of the best features of application gateways and packet filters can be
obtained by using a DMZ. A DMZ is a specially cordoned off area of your network that
you allow the internet access to. You load the information that you want people to access
into the DMZ while keeping it free of your confidential data.
Constructed by Del (del@babel.com.au)
