A firewall is a security device, which is implemented centrally or distributed between networks to establish interconnection policies among them. This way, communications, traffic flows and connections between the networks are authorized based on these policies. The Firewalls are usually implemented in the borders of the networks to control connections between private networks and public networks or others. The administrator assures to block connections which are not authorized, or frauds, using security policies which are configured in the firewall platform.
The Firewall establishes a barrier with the outside world, achieving defense at the edge. It can be based on hardware or software (application) and it is a filter which controls the communications between networks. Commonly, it is implemented so that all the communications from the exterior must go through it, creating a sort of frontier in the network to secure the connections that enter from public network to private networks and vice versa.
There are two main types of firewall which are: Stateless Firewall and Stateful Firewall. A Stateless firewall deals with and analyzes every packet separately. This way, it analyzes the header of each packet and it makes decisions. A firewall of this type does not contain registers of the sessions which pass through it. So, it does not recognize active sessions and it is vulnerable to some attacks like spoofing.
A Stateful firewall maintains a record of the connections and sessions established (for example, the TCP/UDP sessions).The firewall describes the sessions in state tables where it can keep a record of the attributes of the sessions. The exhaustive analysis of the flow is made at the beginning of a communication and for the following packets, it only identifies if they belong to the same traffic flow.
Network Address Translation (NAT)
Historically, the concept of NAT was born as a means of optimizing the use of public IPv4 addresses. Many organizations chose to deploy private IPv4 addressing in their networks, using RFC 1918 addresses. Since the private addresses are not routable and cannot exist in public domains, the border devices can use the NAT functionality to replace private addresses with public addresses before sending the datagram to external networks. The translation consists in replacing the IP address, the port used, or both, depending on the chosen method. Once that the translation is made, it is saved in the sessions' state in the device.
The technique known as Port Address Translation (PAT) allows the use of the port information in which the communication for the translation is established. This behavior allows sharing an IPv4 public address between different IPv4 private addresses, optimizing their use. When a translation is made, the device saves a register with the address and the port that the data flow uses and this way, it can identify the host of origin for the return traffic.
There are three basic types of NAT: Source NAT, Destination NAT and Static NAT. Source NAT makes translations with the source address of the packet. Destination NAT makes the translation of the destination address of the packet. Static NAT allows connections both from the private network and the exterior network, but only the one-to-one scheme can be implemented, where one address is associated to the other in a fixed way. Both Source and Destination NAT can make their translations and associations statically or dynamically. Additionally, Source NAT, Destination NAT and PAT can coexist and be used together, simultaneously.