A firewall is a method of connecting an internal
network to another network while controlling the access in both
directions securely. A firewall enables users with the proper
privileges to access the internal network. A firewall is not a
particular piece of hardware or software, but a combination of
software and hardware that protects an internal network from
hackers and viruses. A firewall can be one computer with two
network cards or several computers working together to provide
protection. A proxy server is a type of firewall.
There are three major types of firewalls:
Packet filters. This type of firewall
screens messages on the basis of IP addresses and port numbers.
Packet filtering can be used on either inbound or outbound
messages. This is the fastest type of firewall and the easiest to
deploy, but also the easiest to circumvent.
Circuit proxies. This type of firewall
mediates TCP sessions between two parties. Circuit proxies force
both client and server to address their messages to a circuit
proxy, and not directly to the intended recipient. When the circuit
proxy receives a message, it changes the receiver address to the
actual recipient and inserts its own address as the sender. The
actual sender's IP address remains hidden. Circuit proxies offer
security that is faster than proxy servers and more secure than
packet filters.
Proxy servers. This type of firewall (also
called application-level gateway) simulates the actions of real
servers and clients and is capable of verifying user identities and
inspecting and filtering data contents. The Exchange server is
inherently an application-specific proxy that understands mail
protocol and data, and can determine if data is corrupt or
originating from an unacceptable source. If Exchange is correctly
configured, you should not need a proxy server.
A firewall sits between a client and a server. To the client, a
firewall acts like a server, and to the server it acts like a
client. Firewalls can be transparent, so that when a client
connects to the firewall, it seems like a direct connection.
You can install firewall software to simplify setting up a
firewall. Firewall software can provide additional security
services, such as screening Domain Name System (DNS) records to
prevent disclosure. However, if you use firewall software, you must
verify that it supports the applications and protocols you expect
to send or receive across the firewall.
For examples of common firewall deployments using Exchange
front-end and back-end servers, see the Microsoft Exchange 2000
Server Planning and Installation.