Firewall

Video Source # 2

What is a firewall ???

Internet opens a door of information and opportunities but it also exposes its users to dangers like hacking, malware, and online fraud. Whenever you visit a website or connect internet, you’re basically connecting to an untrusted computer network. 

Firewall is a cyber security tool to protect users from the dangers by erecting an invisible wall to stop such kind of threats.

Firewall

A firewall is a network security tool that monitors incoming and outgoing network traffic and permits or blocks data packets based on predefined set of security rules. It acts like a barrier between your internal / Private network and External / Public network (Internet). Firewalls can be hardware or software implementations.

A hardware firewall can be a standalone physical device or form part of another device on your network. Physical devices like routers, for example, already have a built-in firewall. Hardware firewalls are expensive to operate and typically found in large organizations.

A software firewall is a program installed on computer or server and monitors traffic through port numbers and applications. Software firewalls is cost-effective than hardware firewalls but comparatively less effective than hardware firewall.

How does a firewall work ?

A firewall maintains a set of rules which are applied to both incoming and outgoing traffic. It matches the traffic against those rules, and if the rules are matched, it initiates the access. Firewalls silently analyze the traffic based on configured rules and filter data packets from unauthorized sources. For example, if source IP address 172.18.1.19 is configured as “deny”, firewall will discard all traffic coming from this source.

Firewall rules can be configured by using

• IP address
• Port number
• Web address
• Protocols
• Key words

Access Control List ACL

In today’s world, majority of your clients or employee access your network using internet. An access control list contains rules that grant or deny access to any user or program. If a data packets that match the access control list rule, will be forwarded otherwise it will be discard.

Firewall architecture.

Network Based Firewall acts on network levels and filter all the traffic across a network. Network firewall is usually installed at network edge.

Host Based Firewall are installed on device level. It consists of an application suite installed on a server or computer. It protects individual host against unauthorized access.

Firewall Types

Firewall can be classified according to their functions

Proxy firewall (Application layer) operates at the application layer (application layer protocols HTTP, SMTP, DHCP, FTP, etc…) to filter incoming traffic between your network and outside network. a proxy firewall is configured to allow only certain types of traffic to pass (for example, HTTP files, or web pages). It is also called web application firewall. Like a security guard, it monitors incoming data. If no problem is detected, the data is allowed to enter.

Stateful inspection / Packet Filtering Firewall monitors each data packet’s source and destination IP addresses and prohibit them from passing through if they don’t match a configured security rule.

Packet filtering firewalls are divided into two categories: stateful and stateless. A stateless firewall inspect each packet individually and consume more memory and time. Stateful mean saves data from previous events. A stateful firewall saves information regarding open connections and uses this information to analyze incoming and outgoing traffic. Stateful firewalls close all open ports unless incoming packets request access to a specific port.

Circuit level firewall verifies TCP and UDP connections between source and destination before data is exchanged. These firewalls do not check the packet itself. So, if a packet contains malware, it would pass right through.

Next generation Firewall are evolved to block modern threats such as advanced malware and application-layer attacks. They have the capabilities of traditional firewalls but also have some additional features.

• Deep packet inspection allows firewall to inspects packet payloads and application accessed by the packets.
• Application awareness: Enables firewall to check which applications are running and which ports are open.
• Encrypted traffic inspection.
• Intrusion prevention systems  to automatically stop attacks against your network.

Virtual firewall are deployed in cloud network to monitor and secure traffic across physical and virtual networks. A virtual firewall is a key component of SDN software defined networks.