PROTECTORS OF YOUR NETWORK: FIREWALLS

Today I want to share a story with you. A medium-sized company with an internal network that is connected to the Internet. The company wants to protect its internal resources, such as servers and workstations, from unauthorized access and potential threats from the Internet. To achieve this, the company implements a firewall solution at its network perimeter. The firewall is a hardware device or software application that sits between the internal network and the Internet. It acts as a gateway, controlling the traffic flowing in and out of the internal network.

 

Here's how the firewall would be configured and applied:

By implementing a firewall in this scenario, the company can effectively control incoming and outgoing network traffic, prevent unauthorized access, filter out potentially harmful traffic, and enhance the overall security posture of its network.

 

The term "firewall" originated from the physical structure that separates different sections of a building or a vehicle to prevent the spread of fire. In the context of computer networks, a firewall serves a similar purpose by acting as a barrier or protective boundary between different networks or devices. In computer or network system a firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Its main purpose is to establish a barrier between an internal network (such as a corporate network) and external networks (such as the Internet) to prevent unauthorized access and protect the internal network from potential threats. The primary objective of a firewall is to enforce network security policies and protect against unauthorized access or malicious activities from external sources. It serves as the first line of defense in securing a network by examining incoming and outgoing network packets and determining whether they should be allowed or denied based on the established rules. Firewalls help protect against various threats, such as unauthorized access, malware, denial-of-service (DoS) attacks, and data breaches. They play a crucial role in securing networks and are considered an essential component of network security infrastructure.

 

Firewalls operate by examining network packets, which are small units of data transmitted over a network, and applying a set of predefined rules to determine whether to allow or block the packets. These rules can be based on various criteria, such as the source and destination IP addresses, port numbers, protocols, or specific keywords within the packet payload.

Overall, firewalls play a crucial role in network security by providing an essential layer of protection against unauthorized access, network attacks, and data breaches. They help organizations maintain the confidentiality, integrity, and availability of their network resources.

 

 

Types of firewalls

There are several types of firewalls, each with its own characteristics and functionalities. Firewalls can be implemented in different forms. The main types of firewalls includes:

 

These are the major firewalls, but the list isn’t limited within this types only.

                    

• Packet Filtering: The firewall is configured with packet filtering rules. For example, it may allow incoming and outgoing HTTP (port 80) and HTTPS (port 443) traffic, as these are commonly used for web browsing. However, it may block all other incoming traffic by default unless explicitly allowed.

• Access Control: The firewall can be configured to allow specific IP addresses or ranges to access certain resources within the internal network. For instance, it may permit remote access to a specific server only from designated IP addresses.

• Network Address Translation (NAT): The firewall can perform Network Address Translation, which allows multiple devices within the internal network to share a single public IP address. This provides an additional layer of security by hiding internal IP addresses from the external network.

• Intrusion Detection/Prevention: Some advanced firewalls include intrusion detection and prevention capabilities. They can analyze network traffic patterns and detect potential intrusion attempts or malicious activities. The firewall can then take action, such as blocking the offending IP addresses or generating alerts for further investigation.

• Virtual Private Network (VPN): The firewall can support Virtual Private Network connections, allowing secure remote access to the internal network. It encrypts the traffic between remote users and the internal network, ensuring confidentiality and integrity.

1. Network firewalls: These are hardware devices or software programs that are placed at the network perimeter to filter traffic between networks. They often include features such as packet filtering, stateful inspection, and application-level gateways.

1. Host-based firewalls: These are software applications installed on individual computers or servers to control traffic at the operating system or application level. They can provide an additional layer of protection by filtering traffic specific to the host system.

1. Packet Filtering Firewall: This type of firewall examines individual packets of data as they pass through the network. It compares packet attributes, such as source and destination IP addresses, port numbers, and protocols, against a set of predefined rules. Packets that meet the criteria specified in the rules are allowed, while those that violate the rules are blocked. Packet filtering firewalls are typically fast and efficient but lack the ability to inspect packet contents beyond basic header information.

1. Stateful Inspection Firewall: Also known as dynamic packet filtering, stateful inspection firewalls combine traditional packet filtering with the ability to track the state of network connections. These firewalls keep track of the state and context of network sessions, allowing them to make more informed decisions about whether to allow or block packets based on the session history. Stateful inspection firewalls provide better security than simple packet filtering firewalls and can mitigate certain types of attacks, such as TCP/IP-based attacks.

1. Application-Level Gateway (Proxy Firewall): Application-level gateways, or proxy firewalls, operate at the application layer of the network stack. Instead of simply examining packet headers, they actively proxy connections between the internal and external networks. These firewalls act as intermediaries, receiving and inspecting network traffic at the application layer, and then forwarding the traffic on behalf of the client. This allows them to provide deep inspection and granular control over application protocols, but it can introduce additional latency due to the proxying process.

1. Next-Generation Firewall (NGFW): Next-generation firewalls combine the functionalities of traditional firewalls with additional security features, such as intrusion prevention systems (IPS), deep packet inspection (DPI), application awareness, and user-based controls. NGFWs offer enhanced visibility into network traffic, application-level control, and advanced threat detection capabilities. They often incorporate additional security technologies, like antivirus, web filtering, and virtual private network (VPN) support.

1. Unified Threat Management (UTM): Unified Threat Management is a comprehensive security solution that integrates multiple security features into a single device or software. UTM firewalls typically include firewalling capabilities, along with other security functionalities like antivirus, intrusion detection/ prevention, web filtering, spam filtering, and virtual private network (VPN) support. UTM firewalls provide centralized management and a holistic approach to network security.