You are on page 1of 7

Notes - Security basics

Firewall introduction

Day-1
Introduction to network firewall
Firewall is security device (can be software/hardware) system designed to protect
unauthorized access to or from private network. Firewall does it by enforcing access
control policies (ACLs)
All the messages that pass through the firewall are examined and either allowed or
denied, depending on whether they meet the specified traffic classification criteria.

Notes : -

As an analogy, you can think of firewall as security guard at main gate of your society that
ensures only authorized person has access to facility. Based on traffic classification and
inspection criteria, firewalls can be classified as

1. Packet filter firewall


2. Application gateway firewall
3. Stateful inspection firewall
4. --------------------------------------- ??
Exercise
List down at least 5 purpose why we need firewall

Firewall types Packet filter


packet firewalls as name describes does traffic inspection at layer3 and layer4 i.e. IP
address and port numbers, example of such security devices are routers configured with
stateless ACLs

Jot down few more details about packet filter firewalls including limitations

Limitations of packet filter firewalls

Firewall types Application gateway firewall


Also known as application proxy firewall, traffic inspection is done at layer 7, these firewalls are
capable of doing traffic filtering based on specific application data. Proxy firewalls are does have
application later understanding and hence policies can be enforced at layer7 (payload) e.g. content
security policies i.e. URL filtering, content filtering etc..

Jot down few more details about application gateway/proxy firewalls including limitations

Based on traffic flow, deployment mode and traffic processing proxies can be of different types

Forward proxy

A regular caching proxy server is a server which listens on a separate port (e.g. 3128) and the
clients (browsers) are configured to send requests for connectivity to that port.

Reverse proxy

A reverse proxy is totally different in its usage because it is used for the benefit of the web server
rather than its clients

Transparent proxy

Is configured in such a way that it eliminates client side (browser side) configuration. Typically the
proxy server resides on the gateway and intercepts the WWW requests (port 80, 443 etc.) from the
clients
Pen down few limitations for proxy / application gateway

Firewall types stateful inspection firewall


Checkpoint was 1st one to introduce concepts of sate aware firewalls in security industry, hence the
name Stateful inspection.

Stateful Inspection examines a packet header, and also the contents of the packet up through the
application layer, to determine more about the packet than just source and destination. Stateful
firewalls

1. Maintain the context about active session and use the state information for packet processing
2. Implement bi-directional policies
3. Uses best of Proxy and Packet filtering features.
4. Allows filter to handle dynamic protocols such as FTP.

Keep note of more data points about Statefull firewalls :-


Firewall types Next generation firewall
Nextgen firewall identifies applications regardless of port and protocols to further strengthen the
security policies in enterprise network. Traffic inspection and policy enforcement are based on layer7
data rather than only relying on IP address and port number.

Next gen firewall prevents threats in real time embedded across applications,

Keep note of more data points about NextGen firewalls :

Checkpoint firewall architecture


Before diving into Check Point firewalls and creating security policies and other stuff it is essential to
understand the architecture of Check Point and how it exactly works

Checkpoint follows industry standard 3-tier architecture that allows various checkpoint components to
communicate in secure manner. Checkpoint firewall has three components

1. Smart console
2. Security management
3. Security gateway

Smart console
It is a set of GUI applications that allows security administrators to configure and manage the global
security policy for the entire organization.

Security Management Server:

The Security Management Server contains the global security policy for an organization. This policy
is defined using the Smart Dashboardhowever; the policy is actually saved on the Security
Management Server.

It contains the following databases

Security gateway

They are nothing but the firewalls you have always known. Security Gateways are installed/located
where the security rules must be applied

Checkpoint deployment architecture


Check Point firewalls can be deployed in a standalone fashion or a distributed one. Lets look at the
difference between the two:-

Standalone

Distributed deployment

A distributed deployment is more commonly known as a Three-Tiered architecture, wherein each


component is installed on a separate platform and this type of deployment is highly recommended
by Check Point

Smart console on windows machine

Security management windows/Linux/virtual/physical appliance

Security gateway - virtual/physical appliance

test