What is a firewall: An overview
A typical corporate network makes use of a number of networking devices for preventing various attacks and maintaining the security of their network. The firewall is one of the most important defenses in line to achieve this goal. In this article, we will be learning in-depth about firewalls, their types and their architecture.
Learn Network Security Fundamentals
What is a firewall?
A firewall is a network security device placed at the perimeter of the corporate network. The main function of the firewall is to screen all the packets entering, leaving and flowing in the network to prevent unauthorized access between two or more computers. A firewall scans all the packets and accordingly accepts, rejects or drops the packet, depending upon the rules configured on it. Rules are defined based on the security policy of the organization.
Rules
Accept: Allow the traffic
Reject: Block the traffic, replying with an “unreachable error”
Drop: Block/reject the traffic and don't give any reply
For example, a firewall may have rules configured to allow only HTTP packets. If a firewall receives an ICMP packet, it simply drops the packet and does not allow the packet to enter into the network.
Thus, a firewall acts as a barrier between the internal networks and the outside network such as the Internet.
Default policy
It is not possible to explicitly define every possible rule on the firewall. Due to this, every firewall has a default policy. Every default policy consists of either of the following actions - accept, reject or drop.
Example: If no rule is defined for FTP connection to the server on the firewall, the firewall will follow the default policy defined onto it. If the default policy is set to accept, then any remote computer outside of the network can establish an FTP connection to the server. Thus, setting default policy as drop (or reject) is always recommended from a security point of view.
Generations of firewall
Based on the generations of firewalls that evolved and developed over time, there are many firewall types available for use. They include Packet Filtering Firewall, Stateful Inspection Firewall, Application Layer Firewall, Next-Generation Firewalls, Circuit Filter Firewalls, Air Gap, etc. Not all of them are used widely and discussing each one of them is out of scope.
Major ones which are widely used have been described below -
- Packet Filtering Firewall (1st generation): Packet filtering firewalls are also called stateless firewalls since they do not maintain the state of the stream of packets flowing in and out of the network. Packet filtering firewall controls access to the network by monitoring incoming and outgoing packets in the network and filters them based on IP address, ports and protocols. Packet filtering firewall analyses traffic at the transport layer of the OSI model and treats each packet in isolation. Since packet filtering firewalls don't maintain any state and process the packets based on the ruleset, they are fast and responsive.
- Stateful Inspection Firewall (2nd generation): Unlike Packet filtering firewalls, Stateful firewalls can determine the connection state of the packet thus making it more efficient over Stateless Firewall. Stateful Firewall aggregates related packets until the connection state is determined before applying any firewall rule to the traffic. Thus, in stateful firewalls, filtering decisions are not only based on defined rules but also on the packet history collected by the firewall.
- Application Layer Firewall (3rd generation): Application layer firewalls are capable of inspecting and filtering the packets on any OSI layer, up to the application layer. Application layer firewalls are capable of blocking specific content and recognize if certain applications and protocols ( FTP, HTTP) are being misused. Thus, Application layer firewalls filter packets by process instead of port. Application layer firewalls can allow or block the traffic based on predefined rules, thus preventing attacks on processes like FTP, HTTP, SMTP, guarding against SQL injection, XSS, DDoS attacks etc. Application layer firewalls can be used as Network Address Translator(NAT) and are also known as proxy-based firewalls.
- Next-Generation Firewalls (4th generation): Next-Generation Firewall is abbreviated as NGFW and is being used to safeguard against modern security breaches like Advance Malware Attacks and Application-layer level attacks. NGFW provides Deep Packet Inspection, SSL/SSH inspection, Application Inspection and other features to protect the network from modern threats.
Firewall types
Generally, there are two types of firewalls available for use. They are as follows:
- Network-based firewall: These firewalls function at the network level. It takes care of all the packets coming in and going out of the network and filters traffic based on the rules configured on the firewall.
- Host-based firewall: Host-based firewalls are the ones that are installed on a personal computer/PC. Thus, this firewall takes care of filtering all the traffic for a single dedicated system — unlike network-based ones, which take care of the whole network. These are software-based firewalls, which usually come as a part of the operating system.
Firewall tools and software
Now we have a good understanding of firewalls, the following are the common software packages that can help us to configure firewalls effectively. The explanation and configuration of firewall rules in this tool is out of consideration:
- IP Tables: Standard firewall for Linux systems, being replaced by nftables.
- UFW: Uncomplicated Firewall. It is an interface to UFW.
- Fail2ban: Fail2ban is an IPS software which can automatically configure a firewall to block brute force attempts and DDOS attacks.
- Firewall ID: It is a complete firewall solution for CentOS 7 servers.
Learn Network Security Fundamentals
Firewall identification
Some of the popular techniques and tactics used to identify firewalls are:
- Port scanning: Hackers use this technique for checking the ports used by the victims. Nmap is a widely used port-scanning tool available.
- Firewalking: This technique utilizes traceroute to analyze IP packets and map networks.
- Banner grabbing: This technique enables a hacker to identify the type of operating system being run on a target computer. It works through a firewall by using what looks like legitimate connections.
Sources
- https://www.geeksforgeeks.org/introduction-of-firewall-in-computer-network
- https://www.sciencedirect.com/topics/computer-science/packet-filtering-firewall
- https://phoenixts.com/blog/overview-of-firewall-functionality-and-types/
- https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-work
Network Security Fundamentals
Learn the fundamentals of networking and how to secure your networks with seven hands-on courses. What you'll learn:- Models and protocols
- Networking best practices
- Wireless and mobile security
- Network security tools
- And more
In this Series
- What is a firewall: An overview
- What is zero trust architecture (ZTA)? Pillars of zero trust and trends for 2024
- A deep dive into network security protocols: Safeguarding digital infrastructure 2024
- Asset mapping and detection: How to implement the nuts and bolts
- The Pentagon goes all-in on Zero Trust
- How to configure a network firewall: Walkthrough
- 4 network utilities every security pro should know: Video walkthrough
- How to use Nmap and other network scanners
- Security engineers: The top 13 cybersecurity tools you should know
- Converting a PCAP into Zeek logs and investigating the data
- Using Zeek for network analysis and detections
- Suricata: What is it and how can we use it
- Intrusion detection software best practices
- What is intrusion detection?
- How to use Wireshark for protocol analysis: Video walkthrough
- 9 best practices for network security
- Securing voice communications
- Introduction to SIEM (security information and event management)
- VPNs and remote access technologies
- Cellular Networks and Mobile Security
- Secure network protocols
- Network security (101)
- IDS/IPS overview
- Exploiting built-in network protocols for DDoS attacks
- Firewall types and architecture
- Wireless attacks and mitigation
- Wireless network overview
- Open source IDS: Snort or Suricata? [updated 2021]
- PCAP analysis basics with Wireshark [updated 2021]
- NSA report: Indicators of compromise on personal networks
- Securing the home office: Printer security risks (and mitigations)
- Email security
- Data integrity and backups
- Cost of non-compliance: 8 largest data breach fines and penalties
- How to find weak passwords in your organization’s Active Directory
- Monitoring business communication tools like Slack for data infiltration risks
- Firewalls and IDS/IPS
- IPv4 and IPv6 overview
- The OSI model and TCP/IP model
- Endpoint hardening (best practices)
- Wireless Networks and Security
- Networking fundamentals (for network security professionals)
- How your home network can be hacked and how to prevent it
- Network design: Firewall, IDS/IPS
- Work-from-home network traffic spikes: Are your employees vulnerable?
- RTS threshold configuration for improved wireless network performance [updated 2020]
- Web server protection: Web server security monitoring
- Web server security: Active defense
- Web server security: Infrastructure components
- Web server protection: Web application firewalls for web server protection
- Web server security: Command line-fu for web server protection
Get certified and advance your career!
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, ISC2, Cisco, Microsoft and more!
