The term firewall has been used since the 1990s and describes a device that guards the entrance to a private network. Firewalls were developed to keep out unauthorized traffic. Firewalls have undergone generations of improvements so that today several different types of firewall exist.

These include the packet filter, application proxy, circuit proxy, and stateful inspection. Packet filter firewalls operate at Layer 3 of the OSI model. Packet filters look at the packet header to determine whether to block or pass traffic. Packet filters can be thought of as the first generation of firewalls. They inspect the TCP/IP headers and make a decision based on a set of predefined rules. Packet filters simply drop packets that do not conform to the predefined rule set. These rules can include the following:
. Source IP address
. Destination IP address
. TCP/UDP source port
. TCP/UDP destination port
. TCP flags (SYN, FIN, ACK, and so on)

Packet filters are considered stateless. This means that they store no information about the state of the session, which, in turn, means that packet filters are simple and fast but are vulnerable to attack. Spoofing is an example of a packet filter vulnerability.

One advancement in the firewall was the development of the proxy. By definition, the word proxy means “to stand in place of.” Therefore, a proxy is a hardware or software device that can perform address translation and communicates with the Internet on behalf of the network. The real IP address of the user remains hidden behind the proxy server. The host running the proxy service is known as an application gateway. Application proxies provide a higher level of security.

As you can see, application proxies offer increased security because they don’t allow untrusted systems to have a direct connection to internal computers. Application proxies accept packets from the external network, copy the packets, inspect them for irregularities, change the addresses to the correct internal device, and then put them back on the wire to the destination device. An application proxy operates at Layer 7 of the OSI model. For the application proxy to work correctly, it must understand the protocols and applications with which it is working.