Both the proxy and the firewall limit or block connections to and from a network but in a different way. While a firewall filters and blocks communication (ports or unauthorized programs that seek unauthorized access to our network), a proxy redirects it.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewall is first line of defence of a network. It establishes a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. A firewall can be hardware, software, or both.
Types of Firewalls:
Fundamentally, messages are divided into packets that include the destination address and data. Packets are transmitted individually and often by different routes. Once the packet reach their destination, they are recompiled into the original messages.
Packet filtering is a firewall in its most basic form. Primarily, the purpose is to control Access to specific network segments as directed by a preconfigured set of rules, or rule base, which defines the traffic permitted Access. Packet filters usually function at layers 3 (network) and 4 (transport) of the OSI model.
In general, a typical rule base will include the following elements:
- Source address
- Destination Address
- Source port
- Destination Port
Packet filtering firewalls are the least secure type of firewall, because they cannot understand the context of a given communication, making them easier for intruders to attack.
2.Stateful inspection firewall
Stateful Inspection, a technology developed and patented by Check Point, incorporates layer 4 awareness into the standard packet-filter firewall architecture. Stateful Inspection differs from static packet filtering, in that it examines a packet not only in its header, but also the contest of the packet up through the application layer, to determine more about the packet tan just information about its source and destination. The state of the connection is monitored and a state table is created to compile the information. As a result, filtering includes context that has been established by previous packets passed through the firewall.
For Example, Stateful-inspection firewalls provide a security measure against port scanning, by closing all ports until the specific port is requested.
3.Unified threat management (UTM) firewall
A unified threat management (UTM) system is a type of network hardware appliance, virtual appliance or cloud service that protects businesses from security threats in a simplified way by combining and integrating multiple security services and features.
UTM devices are often packaged as network security appliances that can help protect networks against combined security threats, including malware and attacks that simultaneously target separate parts of the network.
UTM cloud services and virtual network appliances are becoming increasingly popular for network security, especially for smaller and medium-sized businesses. They both do away with the need for on-premises network security appliances, yet still provide centralized control and ease of use for building network security defence in depth.
Originally developed to fill the network security gaps left by traditional firewalls, NGFWs usually include application intelligence and intrusion prevention systems, as well as denial-of-service protection. Unified threat management devices offer multiple layers of network security, including next-generation firewalls, intrusion detection/prevention systems, antivirus, virtual private networks (VPN), spam filtering and URL filtering for web content.
4.Next-generation firewall (NGFW)
Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.
According to Gartner, Inc.’s definition, a next-generation firewall must include:
- Standard firewall capabilities like stateful inspection
- Integrated intrusion prevention
- Application awareness and control to see and block risky apps
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
The proxy server is also known as the application gateway as it controls the application level traffic. In spite of examining the raw packets, it filters data on the basis of the header fields, message size and content also. As it is mentioned above that the proxy server is a part of the firewall, packet firewall alone would not be feasible because it cannot differentiate between port numbers. The proxy server behaves as a proxy and takes the decisions for managing the flow of the application specific traffic (Using URLs).
Now, let’s understand how the proxy server works? The proxy server is placed in the middle of the client and the original server. It executes a server process to receive a request from the client to access the server.
When the proxy server opens the request it a checks the entire content. If the request and its content seems to legitimate, the proxy server sends the request to the real server as if it is a client. Also, if the request is not a legitimate request, the proxy server immediately drops it and sends the error message to the external user.
Another advantage of the proxy server is “Caching” – when the server receives a request for a page, it first verifies whether that page response is already stored in the cache. If no such response is stored the proxy server sends the corresponding request to the server. In this way, the proxy server lessens the traffic, load on the real server and enhances the latency.
Differences between Firewall and Proxy
- The Firewall is used to block the traffic which can cause some damage to the system, it acts as a barrier for the incoming and outgoing traffic in the public network. On the other hand, the proxy server is a component of a firewall which enables communication between the client and the server if the client is legitimate user and it acts as client and server at the same time.
- Firewall filters the IP packets. In contrast, the proxy server filters the requests it receives on the basis of its application level content.
- The overhead generated in firewall is more as compared to a proxy server because the proxy server uses caching and handles fewer aspects.
- The firewall uses the network and transport layer data while in proxy server processing the application layer data is also used.
Also refer Firewall vs IPS vs IDS