A firewall is a network monitor tool that inspects incoming and outgoing traffic and decides packet parsing based on defined set of rules. Its purpose is to like a guard dog between your internal network and traffic from the internet to block unwanted traffic along with viruses.

There are the five types of firewalls around today

Packet filtering firewall

This firewall has been here for a while which has a list of firewall security rules which can transmit/block traffic based on IP protocol, IP address and/or port number. In this firewall management system, all web traffic can be allowed or filtered, including web-based attacks.

We also need to have intrusion prevention, in addition to firewall security, in order to stop malicious codes entering our systems.

Stateful firewall

This is similar to packet filtereing firewall but has a state relay which knows when the connection is active so that we can define firewall management rules such as "only allow packets into network that are part of an already established connection."

Deep packet inspection firewall

An application firewall actually examines the data in the packet, and can therefore look at application layer attacks. This kind of firewall security is similar to intrusion prevention technology, and, therefore, may be able to provide some of the same functionality.

There are three caveats, however: first, for some vendors, the definition of "deep" extends to some particular depth in the packet and does not necessarily examine the entire packet. This can result in missing some kinds of attacks. Second, depending on the hardware, a firewall may not have adequate processing power to handle the deep packet inspection for your network. Be sure to ask questions about how much bandwidth it can handle while performing such inspection. And finally, embedded firewall management technology may not have the flexibility to handle all attacks.

Application-aware firewall

Similar to deep packet inspection, except that the firewall understands certain protocols and can parse them, so that signatures or rules can specifically address certain fields in the protocol. The flexibility of this approach to computer firewall protection is great and permits the signatures or rules to be both specific and comprehensive. There are no specific drawbacks to this approach to firewall security as generally it will yield improvements over a standard "deep packet inspection" approach. However, some actual attacks may be overlooked (false negatives) because the firewall security parsing routines are not robust enough to handle variations in real-world traffic.

Application proxy firewall

An application proxy acts as an intermediary for certain application traffic (such as HTTP, or web, traffic), intercepting all requests and validating them before passing them along. Again, an application proxy firewall is similar to certain kinds of intrusion prevention. The implementation of a full application proxy is, however, quite difficult, and each proxy can only handle one protocol.

For an application proxy firewall to be effective as computer firewall protection, it has to be able to understand the protocol completely and to enforce blocking on violations of the protocol. Because implementations of the protocol being examined often do not follow a protocol correctly, or because implementers add their own extensions to a protocol, this can result in the proxy blocking valid traffic (false positives). Because of these kinds of problems, end users will often not enable these technologies.

As you can see, there are areas of overlap between intrusion prevention and certain types of firewall security. The terminology in this field is still being worked out, so it can be confusing at times.