What is a ? And what isn’t a firewall?

A firewall is a network security perimeter device that inspects traffic entering

and leaving the network. Depending on the security rules assigned specifically
to it, the firewall either permits safe traffic or denies traffic it deems as
dangerous.

A firewall’s main objective is to establish a barrier (or “wall”) that separates an

internal network from incoming external traffic (such as the internet) for the purpose
of blocking malicious network packets like malware and hacking.

When discussing firewalls, it is critical to clear up any confusion regarding what

constitutes a firewall and what does not. For instance, intrusion detection systems,
routers, proxy servers, VPNs and antivirus solutions are not firewalls. Many firewall
architectures are built into other security solutions, and many security solutions are
built into firewalls.

How does firewall technology work?

Firewalls carefully analyze incoming traffic arriving on a computer’s entry point,
called a port, which determines how external devices communicate with each other
and exchange information.

Firewalls operate using specific firewall rules. A firewall rule will typically include a
source address, a protocol, a port number and a destination address.

Here’s an analogy to explain the components of a firewall rule. Instead of protecting

a network, think of a giant castle. The source address represents a person wishing to
enter the castle. The port represents a room in the castle. The protocol represents a
mode of transportation, and the destination address represents the castle.

Only trusted people (source addresses) may enter the castle (destination address) at
all. Or perhaps only people that arrive on foot (protocol). Once inside, only people
within the house are permitted to enter certain rooms (destination ports), depending
on who they are. The king may be allowed in any room (any port), while guests and
servants may only access a certain number of rooms (specific ports).

In this analogy, the firewall would act like an elaborate alarm system.

Network-based firewall service

Fully managed, cloud-based firewall providing continuous inspection and treatment
of internet traffic.
Learn more

Types of firewalls and deployment options

Adding to the confusion of what constitutes a firewall, there are numerous firewall
types to be aware of.

First, firewalls are classified by what they are and where they reside. For example,
firewalls can either be hardware or software, cloud-based or on-premises.

A software firewall resides on an endpoint (like a computer or mobile device) and

regulates traffic directly from that device. Hardware firewalls are physical pieces of
equipment that reside between your gateway and network. Cloud-based firewalls,
also known as Firewall-as-a-service (FaaS), act like any other internet-based SaaS
solutions, performing their work in the cloud.

Next, and this is the most common distinction between types, firewalls are classified
by functionality.

The most common firewall types based on methods of operation are:

 Packet-filtering firewalls
 Proxy firewalls
 NAT firewalls
 Web application firewalls
 Next-gen firewalls (NGFW)
Packet-filtering firewalls

Packet-filtering firewalls, the most basic firewall type, examine packets and prevent
them from moving on if the specific security rule is not met. This firewall's function is
to perform a simple check of all data packets arriving from the network router and
inspecting the specifics like source and destination IP address, port number,
protocol, and other surface-level data.

Packet filtering firewalls don’t open data packets to inspect their contents. Any data
packet that fails the simple inspection is dropped.

These firewalls are not resource-intensive and have a low impact on system
performance. Their main drawback is that they provide only basic protection and are
therefore more vulnerable to being bypassed.
Packet-filtering firewalls can either be stateful and stateless. Stateless firewalls only
analyze each packet individually, whereas stateful firewalls — the more secure
option — take previously inspected packets into consideration.

Proxy firewalls

Proxy firewalls, also known as application-level firewalls, filter network traffic at

the application layer of the OSI network model. As an intermediary between two
systems, proxy firewalls monitor traffic at the application layer (protocols at this layer
include HTTP and FTP). To detect malicious traffic, both stateful and deep packet
inspection are leveraged.

Proxy firewalls typically operate in the cloud or through another proxy device. Instead
of allowing traffic to connect directly, a connection to the traffic’s source is
established and the data packet is inspected.

Speed can be a key weakness of proxy firewalls, as the transfer process creates
extra steps that may slow things down.

NAT firewalls

Network address translation (NAT) firewalls work by assigning a public address to a

group of devices inside a private network. With NAT, individual IP addresses are
hidden. Therefore, attackers scanning for IP addresses on a network are prevented
from discovering specific details.

NAT firewalls and proxy firewalls both act as a go-between connecting groups of
devices with outside traffic.

Web application firewalls

Web application firewalls (WAF) are responsible for filtering, monitoring, and
blocking data packets as they travel in and out of websites or web applications. A
WAF can either reside on the network, at the host or in the cloud and is typically
placed in front of one or many websites or applications. WAFs are available as
server plugins, cloud services, or network appliances.

A WAF is most similar to the proxy firewall, but has a more specific focus on
defending against application layer web-based attackers.

NGFW firewalls

As the threat landscape intensifies, the Next-generation firewall (NGFW) is the most
popular firewall type available today.
Thanks to the major improvements in storage space, memory, and processing
speeds, NGFWs build upon traditional firewalls' features and add other critical
security functions like intrusion prevention, VPN, anti-malware, and even encrypted
traffic inspection. NGFW’s ability to handle deep packet inspection means that the
firewall can unpack the packet's data to prevent any packets with malicious data
from moving forward.

NGFWs can also integrate with Software-defined wide area networks (SDWAN).

Compared to traditional firewalls, these firewalls provide extensive application control

and visibility, distinguish between safe and dangerous applications, and block
malware from entering a network.

While most recent firewall solutions on the market are touted as NGFWs, the
security industry lacks consensus on what classifies a next-gen firewall. Without a
clear definition, companies must do their due diligence to understand what specific
sec

What is a Linux Firewall?

A Linux firewall is a device that inspects Network traffic ( Inbound
/Outbound connections ) and makes a decision to pass or filter out the
traffic. Iptables is a CLI tool for managing firewall rules on a Linux
machine.

Network Security evolved with different types of Linux firewall in the era.
Traditional packet-filtering firewalls deal with Routing and filtering packets
( OSI Layers 3 and 4 ), Where else NGFWs will work with additional
functions as with OSI layers ( L4-L7 of OSI model ).

What is Iptables? How does it work?

Iptables is a CLI ( Command-line interface ) application that allows the
administrator to configure specific rules that will enforce the Linux kernel (
Netfilter framework) to perform an action such as inspect, modify or drop
network packets. Enabling this Iptables in any Linux machine or device will
be acting as a Network Firewall and/or a router.
Different kernel modules and programs are used for different protocols;
IPtables applies to IPv4, ip6tables to IPv6, arp tables to ARP,
and ebtables to Ethernet frames.

Later Netfilter Project developed Nftables for performance and scalability.

This is a packet filtering framework that does the same work of Iptables.

How Does Packet Filtering Work with Iptables?

An iptables policy is built with an ordered set of rules, which describe to
the kernel the actions that should be taken against certain types of
packets.

Tables Overview
Iptables functionality classified into Four tables which are NAT table ,
packet filtering table, Mangle table, and Raw table.

NAT Table:
 Network Address Translation ( NAT ) is processed for incoming
packets and outgoing packets with routing decisions in the table.
  Network Routing is processed with Pre-routing and Post-routing
of packets from origination to destination.

Packet Filtering Table:

Packet filtering is processed with the below chain rules.

Chains:

 Chains are classified into 3 types INPUT CHAIN, OUTPUT CHAIN &
FORWARD CHAIN.
 Input Chain – Incoming connections which are traversed from
Prerouting. Example: External IP trying to establish an SSH
connection on your system.
 Output Chain- Packets that are passed or outgoing connections
from your system. Example: If you’re trying to visit
cybersecuritynews.com, user traffic is verified in chain rule to
allow or deny the connection.
 Forward Chain – Forwarding connections to specific networks or
ports.Example: Port Forwarding.

Mangle table
 The mangle table can be used for special-purpose processing of
packets.
 It includes a Combination of NAT Tables & Chains.

Raw table
 Raw tables are used only for packets processed with special
conditions, such as exempt from connection tracking.
Types of vulnerability

1. Software vulnerabilities-
Software vulnerabilities are when applications have errors or bugs in them. Attackers look at
buggy software as an opportunity to attack the system making use of these flaws.
Example: Buffer overflow, race conditions etc.
2. Firewall Vulnerabilities-
Firewalls are software and hardware systems that protect intra-network from attacks. A
firewall vulnerability is an error, weakness or invalid assumption made during the firewall
design, implementation or configuration that can be exploited to attack the trusted network
that the firewall is supposed to protect.
3. TCP/IP Vulnerabilities-
These vulnerabilities are of the various layers of a network. These protocols may lack
features that are desirable on the insecure network.
Example: ARP attacks, Fragmentation attacks etc
4. Wireless Network Vulnerabilities-
Wireless LANs have similar protocol-based attacks that plague wired LAN. Unsecured
wireless access points can be a danger to organizations as they offer the attacker a route
around the company’s network. Example: SSID issues, WEP issues etc.
5. Operating System Vulnerabilities-
The security of applications running on depends on the security of the operating system.
Slightest negligence by the system administrator can make the operating systems vulnerable.
Example: Windows vulnerabilities, Linux vulnerabilities.
6. Web Server Vulnerabilities-
These vulnerabilities are caused due to design and engineering errors or faulty
implementation. Example: sniffing, spoofing etc.
Phishing attack

Phishing attacks are the practice of sending fraudulent communications that appear to come
from a reputable source. It is usually done through email. The goal is to steal sensitive data
like credit card and login information, or to install malware on the victim’s machine. Phishing
is a common type of cyber attack that everyone should learn about in order to protect
themselves. 

Types of Virus
Discussed below are the different types of computer viruses:

 Boot Sector Virus – It is a type of virus that infects the boot sector of floppy disks or the
Master Boot Record (MBR) of hard disks. The Boot sector comprises all the files which
are required to start the Operating system of the computer. The virus either overwrites
the existing program or copies itself to another part of the disk.
 Direct Action Virus – When a virus attaches itself directly to a .exe or .com file and enters
the device while its execution is called a Direct Action Virus. If it gets installed in the
memory, it keeps itself hidden. It is also known as Non-Resident Virus.
 Resident Virus – A virus which saves itself in the memory of the computer and then
infects other files and programs when its originating program is no longer working. This
virus can easily infect other files because it is hidden in the memory and is hard to be
removed from the system.
  Multipartite Virus – A virus which can attack both, the boot sector and the executable
files of an already infected computer is called a multipartite virus. If a multipartite virus
attacks your system, you are at risk of cyber threat.
 Overwrite Virus – One of the most harmful viruses, the overwrite virus can completely
remove the existing program and replace it with the malicious code by overwriting it.
Gradually it can completely replace the host’s programming code with the harmful code.
 Polymorphic Virus – Spread through spam and infected websites, the polymorphic virus
are file infectors which are complex and are tough to detect. They create a modified or
morphed version of the existing program and infect the system and retain the original
code.
 File Infector Virus – As the name suggests, it first infects a single file and then later
spreads itself to other executable files and programs. The main source of this virus are
games and word processors.
 Spacefiller Virus – It is a rare type of virus which fills in the empty spaces of a file with
viruses. It is known as cavity virus. It will neither affect the size of the file nor can be
detected easily.
 Macro Virus – A virus written in the same macro language as used in the software
program and infects the computer if a word processor file is opened. Mainly the source
of such viruses is via emails.

Attack Vector

In cyber security, an attack vector is a method or pathway used by a hacker to access or penetrate
the target system. Hackers steal information, data and money from people and organizations by
investigating known attack vectors and attempting to exploit vulnerabilities to gain access to the ...

IT act 2000

The Act provides a legal framework for electronic governance by giving recognition to
electronic records and digital signatures. It also defines cyber crimes and prescribes
penalties for them. The Act directed the formation of a Controller of Certifying Authorities to
regulate the issuance of digital signatures
backdoors
In the world of cybersecurity, a backdoor refers to any method by which authorized and
unauthorized users are able to get around normal security measures and gain high
level user access (aka root access) on a computer system, network, or software
application.
trojan
A Trojan horse is a type of malware that downloads onto a computer disguised as a
legitimate program. A Trojan horse is so-called due to its delivery method, which typically
sees an attacker use social engineering to hide malicious code within legitimate software.
T
Types of malwares

1. Trojans
A Trojan (or Trojan Horse) disguises itself as legitimate software with the
purpose of tricking you into executing malicious software on your
computer.

2. Spyware
Spyware invades your computer and attempts to steal your personal
information such as credit card or banking information, web browsing
data, and passwords to various accounts.

3. Adware
Adware is unwanted software that displays advertisements on your
screen. Adware collects personal information from you to serve you with
more personalized ads.

4. Rootkits
Rootkits enable unauthorized users to gain access to your computer
without being detected.

5. Ransomware
Ransomware is designed to encrypt your files and block access to them
until a ransom is paid.

6. Worms
A worm replicates itself by infecting other computers that are on the same
network. They’re designed to consume bandwidth and interrupt networks.
7. Keyloggers
Keyloggers keep track of your keystrokes on your keyboard and record
them on a log. This information is used to gain unauthorized access to
your accounts

Web attacks

 Cross-site scripting (XSS). That involves an attacker uploading a piece of

malicious script code onto your website that can then be used to steal data or
perform other kinds of mischief. Although this strategy is relatively
unsophisticated, it remains quite common and can do significant damage.
 SQL Injection (SQLI). This happens when a hacker submits destructive code
into an input form. If your systems fail to clean this information, it can be
submitted into the database, changing, deleting, or revealing data to the
attacker.
 Path traversal. Also resulting from improper protection of data that has been
inputted, these webserver attacks involve injecting patterns into the
webserver hierarchy that allow bad actors to obtain user credentials,
databases, configuration files, and other information stored on hard drives.
 Local File Inclusion. This relatively uncommon attack technique involves
forcing the web application to execute a file located elsewhere on the system.
 Distributed Denial of Service (DDoS) attacks. Such destructive events happen
when an attacker bombards the server with requests. In many cases, hackers
use a network of compromised computers or bots to mount this offensive.
Such actions paralyze your server and prevent legitimate visitors from gaining
access to your services.  

ypes of brute force attacks

 Simple brute force attack. A simple brute force attack uses automation and
scripts to guess passwords. ...
 Dictionary Attack. ...
 Credential Stuffing. ...
 Reverse Brute Force Attack. ...
 Hybrid Brute Force Attack. ...
 Password Spraying. ...
  Botnets. ...
Types of password cracking tools

1. Brutus

One of the widely used remote online tools used for password-cracking is Brutus. Brutus
claims to be the fastest paced and flexible password cracking tool. It is available free of cost
and can only be operated in Windows. I t was released in October 2000.

HTTP for Basic Authentication, Pop3, Telnet, HTTP (HTML Form/CGI), FTP, SMB, and
other types such as NetBus, IMAP, NNTP, etc. are supported in this. One can also create his
own types of authentication. This tool supports the multi-stage authentication engines and is
also capable of connecting with 60 simultaneous targets. Resume and Load are two of its
good features. Using these features, one can halt the attack process any time and then resume
whenever one would want to resume.

This tool hasn’t been updated for years now. However, it can still be used in the current
times.

2. RainbowCrack

It falls in the hash cracker tool category that utilizes a large-scale time-memory trade off
process for faster password cracking compared to traditional brute force tools. Time &
memory trade-off is a process of computation where all plain text and hash pairs get
calculated by using a chosen hash algorithm. The results are then stored in the rainbow table.
This process can be very time-consuming. But, once the table is ready, it is capable
of cracking passwords much faster than tools using brute force.

One doesn’t necessarily need to make tablets (rainbow) by themselves.  RainbowCrack’s

makers have been successful in generating rainbow tables (LM), md 5 rainbow table, rainbow
table (NTLM), and sha 1 rainbow table.

The tables are free, therefore, anyone can get these tables and utilize them for their cracking
of password processes.

This tool is for Linux and Windows systems also.

3. Wfuzz

Wfuzz is a web application for password cracking that cracks passwords using brute forcing.
It can be used to find hidden resources too like servlets, directories and scripts. This tool is
also capable of identifying different kinds of injections with, XSS Injection, LDAP Injection,
SQL Injection, etc. in applications of Web.

Prominent features of Wfuzz tool:

 Capability of injecting via multiple dictionaries with multiple points. 

 Output with coloured HTML.

  Headers, post and authenticated data brute forcing.

 SOCK and Proxy Support.

 Multiple Proxy Support.

 Multi-Threading.

 Brute Force HTTP Password.

 GET and POST Brute forcing.

 Time delay between two requests.

 Fuzzing of cookies.

4. Cain & Abel

Cain and Abel is a popular password cracking tool. Is can handle varying tasks. The most
noticeable thing is the tool’s availability only in Windows platforms. It can function as a
sniffer on the network, for cracking of encrypted passwords by the dictionary attack,
uncovering cached passwords, decoding scrambled passwords, brute attacks, recording VoIP
conversations, password boxes revelation, cryptanalysis attacks, and analysing protocols of
routing.

Abel & Cain don’t exploit any bugs or vulnerability. It covers only the security weakness of a
protocol to grab the password. This tool was mainly developed for network administrators,
forensics staff, security professionals, and testers of penetration.

5. John the Ripper

John the Ripper is yet another popular free open source tool for password cracking in Linux,
Mac OS X and Unix. A version for Windows is also available. This tool detects weak
passwords. The pro-version of this tool is also available, which offers greater features with
native packages for the test of target operating systems.

6. THC Hydra

THC Hydra can be said to be the fast paced network logon tool for password cracking. In
comparison to other similar tools, it is clearly shown why it is faster. New modules can be
easy to install in the tool. One can easily enhance the features by adding modules. It is
available only for Windows, Free BSD, Linux, Solaris and OS X. The tool supports a large
variety for network protocols. Currently supporting HTTP-FORM-POST, HTTP-PROXY,
HTTP-GET, HTTPS-FORM-POST, HTTP-HEAD, HTTPS-FORM-GET, HTTP-FORM-
GET, Ms(sql), Nntp, My(SQL), Ncp, PCNFS, Oracle’s Listener, Oracle, HTTPS-HEAD, pc-
anywhere, Oracle’s SID, Pop3, Postgres, R.D.P, Rlogin, Rsh, rexec, SAP’s R3, Asterisk, Afp,
Cisco’s AAA, Cisco auth, Cisco enable, Cvs, Firebird, FTP, HTTPS-GET, Telnet, Icq, IRC,
HTTP-Proxy, SSH v1 & v2, Teamspeak (TS2), VMware-Auth, Subversion , XMPP & VNC,
Imap, SIP, LDAP, SMB, SMTP Enum, SMTP, SOCKS5 and SNMP (Here's the perfect guide
that will walk you through the cyber security certification).  

Application inspection tools

 Static Application Security Testing (SAST) ...

 Dynamic Application Security Testing (DAST) ...
 Origin Analysis/Software Composition Analysis (SCA) ...
 Database Security Scanning. ...
 Interactive Application Security Testing (IAST) and Hybrid Tools.
Email virus example

 Email spam. Email spam, also known as unwanted or unsolicited email,

usually spreads malware through links in the message. ...
 Boot sector virus. This virus targets the device's master boot record. ...
 Multipartite virus. ...
 Resident virus. ...
 Virus hoax. ...
 Macro virus. ...
 Spambot.
Buffer overflow

NVT

 OpenVAS. ...
 Nexpose Community. ...
 Nikto. ...
 Tripwire IP360. ...
 Wireshark. ...
 Aircrack. ...
 Nessus Professional.

Web vulnerability tools

Contents  hide 
1 Netsparker
2 Rapid7 insightAppSec
3 Acunetix Web Vulnerability Scanner
4 PortSwigger Burp Suite
5 HCL AppScan
6 Qualys Web Application Scanner
7 Tenable Nessus
8 Mister Scanner
9 Detectify
10 Probely
11 UpGuard

Dos ddos

A denial-of-service (DoS) attack floods a server with traffic, making a website or resource
unavailable. A distributed denial-of-service (DDoS) attack is a DoS attack that uses
multiple computers or machines to flood a targeted resource.

Hping
hping is an open-source packet generator and analyzer for the TCP/IP protocol created by
Salvatore Sanfilippo. It is one of the common tools used for security auditing and testing of
firewalls and networks, and was used to exploit the idle scan scanning technique, and now
implemented in the Nmap

classification of dos attack

logic attacks

protocol attcks

bandwidth attack

dos attack

ping of death

smurf

teardrop

malicious misrouting of protocols

types of cyber crime

hacking

theft

cyber stalking

identity theft

malicious software

DVWA