Network Layer Firewall

Security in networking has become the foremost concern of businesses that operate over the Wide Area Network (WAN). Technology devices that offer secure connectivity, communications, and data security are a prerequisite; they are being marketed on a large scale by technology vendors. The network is the crucial element that facilitates data transmission between users, and security is the foremost concern. Technological developments such as Virtual Private Networks (VPNs) Firewalls, Routers, Gateways, and many others aid in this function.

A Network Layer Firewall is a device that is designed to prevent unauthorized access, thereby protecting the computer network. It blocks unauthorized communications into the network and only permits authorized access. Network Firewalls are also used in certain cases for limiting outside access from the users within an internal network. Network Layer Firewalls are available as software, hardware devices, and as a combination of both. They can be configured on the network to manage traffic by appropriate functions such as encryption, decryption, proxy and permissions. This process is executed between various security domains upon which the data traffic traverses, and is based on set of rules/protocols. Network Firewalls are capable of protecting the internal networks of businesses, educational institutions or homes from external intrusions.

Network Layer Firewalls are also known as Packet Filters. Data packets are not permitted to pass through the firewalls if they do not adhere to the set of established rules. The rules may be default or defined by the network administrator. These devices function at a low level of the TCP/IP protocol stack. Network layer firewalls are categorized into Stateful and Stateless firewalls.

In Stateful Firewalls, information about the active sessions is maintained and used to accelerate packet processing. The existing network connections are based on various attributes such as the connection’s validity at current phase, Source Internet Protocol (IP) address, Destination IP address, User Datagram Protocol (UDP) port, Transmission Control Protocol (TCP), etc. Based on the Firewall’s state table, connection matches are made. When the data packet matches with the existing connection, then it is permitted to pass without being subjected to further processing. But if the data packet and the existing connection do not match, then it will be re-evaluated as per the rules for new connections. Stateless Firewalls consume less memory space, thereby quickening the pace for simple filters that need less time to filter than looking up a session. They are also required to filter stateless network protocols where there is no session involved. They are nevertheless incapable of making complex decision depending on the communication stage to which the hosts have arrived.

As a general rule, the decisive factors for Network Layer Firewalls are the source and destination addresses and the ports of IP packets. An example of a tradition Network Layer Firewall is a router, which cannot make complex decisions regarding origin and destination of data packets. Technological improvements have made modern network layer firewalls more advanced with the capacity to constantly maintain internal information on the connections that pass through them. These devices operate by routing traffic directly through them, which necessitates an IP address block that is validly assigned or a private Internet address block. Network Layer Firewalls provide speed and transparency to users.