The types of server firewall software can be broken down into three groups: filtering, gateway and proxy software. A firewall may feature some or all of these functions. The different types of server firewall software have varying needs when it comes to processor speeds and memory use. For this reason, some software is installed on the server directly, and other applications may be installed on a switch or server that serves as the firewall for the network.
Filtering server firewall software functions according to rules created by the administrator that allow or blocks access.The filter looks at whether or not the information was requested as well as at the content of the packets to see which commands or information it contains. It may also be configured to filter data from specific sources.
When used on its own, a packet filter is not fool proof. It is susceptible to attacks in which a proxy may have faked the originating Internet protocol (IP) address of the data. Network transmissions from a fake or spoofed IP could allow entry into the network. It may also allow content that is not specifically disallowed by the administrator.
Gateway types of server firewall software are usually broken down into application and circuit-level classifications. The application gateway is used where specific types of traffic are being monitored. Servers that handle file transfer protocol (FTP) or telephone network applications may use this method. The software can meet security criteria because the data source and type is known.
Circuit-level gateway software functions by confirming the destination or source of the data. It monitors the transmission control protocol (TCP) portion of the initial data packets in a session to see if the transfer is authorized. It will not monitor or filter all the packets, however. It is a relatively straightforward and simple approach, and allows for minimal resource usage.
The proxy server will intercept all communication entering and leaving a network. It works by hiding or translating the IP address of the user. By changing the IP address of the protected machine, it can protect that machine from outside monitoring or attacks. Data packets requested by the device can be allowed while unsolicited packets can be blocked.
Proxies use NAT (network address translation), a protocol in which the devices on the user side of the proxy firewall are all assigned an IP address beginning with 192.168. The server itself may have an externally accessible address if not protected by another server. This anonymity protects the machine from hackers seeking out exploitable IP addresses.
Server firewall software may or may not include anti-virus definition or operation. Some anti-virus security packages may offer firewall protection using filters, but firewall protection is also offered on most operating systems and routers.