INSTITUTE OF ACCOUNTANCY ARUSHA

INDIVIDUAL ASSIGNMENT

REG, NO. : BIT/0026/2020

MODULE NAME : NETWORK MANAGEMENT AND ADMINISTRATION

MODULE CODE : ITU 08105

SEMESTER : II

PROGRAM : BIT-III

YEAR : 2022/2023

FACILITATOR : Stanslaus(Mr. Nicholous)

INTRODUCTION

Firewalls date way back to the early days of the Internet, when the World Wide Web was
known as the Advanced Research Projects Agency Network (ARPANET). Just like the
Internet, firewalls have constantly evolved. They have transformed into something much
more than just packet-filtering mechanisms or application gateways.

It is hard to envision a world without firewalls. First developed as a method for allowing or
restricting outside access to particular network resources, firewalls are currently capable of
enforcing network security policies, logging Internet activity, and securing an organization’s
exposure to outside threats.

The firewall traces back to an early period in the modern internet era when systems
administrators discovered their network perimeters were being breached by external
attackers. There was destined to be some sort of process that looked at network traffic for
clear signs of incidents.

Main Functions of a Firewall

A firewall performs four primary functions to ensure 360 degrees of network protection:

✓ monitors and accepts the traffic

✓ block or reject risky user attempts
✓ completely blocks certain types of traffic, or traffic from specific geographic locations
✓ maintains a barrier between internal and external network links.

Five types of firewalls include the following:

✓ Packet filtering firewall

✓ Circuit-level gateway

✓ Application-level gateway (aka proxy firewall)

✓ Stateful inspection firewall

✓ Next-generation firewall (NGFW)

Firewall devices and services can offer protection beyond standard firewall function for
example, by providing an intrusion detection or prevention system (IDS/IPS), denial of
service (DoS) attack protection, session monitoring, and other security services to protect
servers and other devices within the private network. While some types of firewalls can work
as multifunctional security devices, they need to be part of a multi-layered architecture that
executes effective enterprise security policies.

How do the different types of firewalls work?

Firewalls are traditionally inserted inline across a network connection and look at all the
traffic passing through that point. As they do so, they are tasked with telling which network
protocol traffic is benign and which packets are part of an attack.

Firewalls monitor traffic against a set of predetermined rules that are designed to sift out
harmful content. While no security product can perfectly predict the intent of all content,
advances in security technology make it possible to apply known patterns in network data
that have signalled previous attacks on other enterprises.

Here are the five types of firewalls that continue to play significant roles in enterprise
environments today.

Packet filtering firewall

Packet filtering firewalls operate inline at junction points where devices such as routers and
switches do their work. However, these firewalls don't route packets; rather they compare
each packet received to a set of established criteria, such as the allowed IP addresses, packet
type, port number and other aspects of the packet protocol headers. Packets that are flagged
as troublesome are, generally speaking, unceremoniously dropped that is, they are not
forwarded and, thus, cease to exist.

Advantages of packet filtering firewall

✓ A single device can filter traffic for the entire network

✓ Extremely fast and efficient in scanning traffic

✓ Inexpensive

✓ Minimal effect on other resources, network performance and end-user experience

Disadvantages of packet filtering firewall

✓ Because traffic filtering is based entirely on IP address or port information, packet

filtering lacks broader context that informs other types of firewalls

✓ Doesn't check the payload and can be easily spoofed

✓ Not an ideal option for every network

✓ Access control lists can be difficult to set up and manage

Packet filtering may not provide the level of security necessary for every use case, but there
are situations in which this low-cost firewall is a solid option. For small or budget-
constrained organizations, packet filtering provides a basic level of security that can provide
protection against known threats. Larger enterprises can also use packet filtering as part of a
layered defences to screen potentially harmful traffic between internal departments.

Circuit-level gateway

Using another relatively quick way to identify malicious content, circuit-level gateways
monitor TCP handshakes and other network protocol session initiation messages across the
network as they are established between the local and remote hosts to determine whether the
session being initiated is legitimate whether the remote system is considered trusted. They
don't inspect the packets themselves, however.

Advantages of circuit-level gateway

✓ Only processes requested transactions; all other traffic is rejected

✓ Easy to set up and manage

✓ Low cost and minimal impact on end-user experience

Disadvantages of circuit-level gateway

✓ If they aren't used in conjunction with other security technology, circuit level gateways
offer no protection against data leakage from devices within the firewall
✓ No application layer monitoring

✓ Requires ongoing updates to keep rules current

While circuit level gateways provide a higher level of security than packet filtering firewalls,
they should be used in conjunction with other systems. For example, circuit level gateways
are typically used alongside application level gateways. This strategy combines attributes of
packet and circuit level gateway firewalls with content filtering.

Compare the advantages and disadvantages of the five different types of firewalls to find the
ones that best suit your business needs.
Application-level gateway
This kind of device technically a proxy and sometimes referred to as a proxy
firewall functions as the only entry point to and exit point from the network. Application
level gateways filter packets not only according to the service for which they are intended as
specified by the destination port but also by other characteristics, such as the HTTP request
string.

While gateways that filter at the application layer provide considerable data security, they
can dramatically affect network performance and can be challenging to manage.

Advantages of Application-level gateway

✓ Examines all communications between outside sources and devices behind the firewall,
checking not just address, port and TCP header information, but the content itself before
it lets any traffic pass through the proxy

✓ Provides fine-grained security controls that can, for example, allow access to a website
but restrict which pages on that site the user can open

✓ Protects user anonymity

Disadvantages of Application level gateway

✓ Can inhibit network performance

✓ Costlier than some other firewall options

✓ Requires a high degree of effort to derive the maximum benefit from the gateway
✓ Doesn't work with all network protocols

Application layer firewalls are best used to protect enterprise resources from web application
threats. They can both block access to harmful sites and prevent sensitive information from
being leaked from within the firewall. They can, however, introduce a delay in
communications.

Stateful inspection firewall

State aware devices not only examine each packet, but also keep track of whether or not that
packet is part of an established TCP or other network session. This offers more security than
either packet filtering or circuit monitoring alone but exacts a greater toll on network
performance.

A further variant of stateful inspection is the multilayer inspection firewall, which considers
the flow of transactions in process across multiple protocol layers of the seven layers Open
Systems Interconnection (OSI) model.

Advantages of stateful inspection firewall

✓ Monitors the entire session for the state of the connection, while also checking IP
addresses and payloads for more thorough security

✓ Offers a high degree of control over what content is let in or out of the network

✓ Does not need to open numerous ports to allow traffic in or out

✓ Delivers substantive logging capabilities

Disadvantages of stateful inspection firewall

✓ Resource intensive and interferes with the speed of network communications

✓ More expensive than other firewall options

✓ Doesn't provide authentication capabilities to validate traffic sources aren't spoofed

Most organizations benefit from the use of a stateful inspection firewall. These devices serve
as a more thorough gateway between computers and other assets within the firewall and
resources beyond the enterprise. They also can be highly effective in defending network
devices against particular attacks, such as DoS.

Next-generation firewall

A typical NGFW combines packet inspection with stateful inspection and also includes some
variety of deep packet inspection (DPI), as well as other network security systems, such as an
IDS/IPS, malware filtering and antivirus.

While packet inspection in traditional firewalls looks exclusively at the protocol header of the
packet, DPI looks at the actual data the packet is carrying. A DPI firewall tracks the progress
of a web browsing session and can notice whether a packet payload, when assembled with
other packets in an HTTP server reply, constitutes a legitimate HTML formatted response.

Advantages NGFW

✓ Combines DPI with malware filtering and other controls to provide an optimal level of
filtering

✓ Tracks all traffic from Layer 2 to the application layer for more accurate insights than
other methods

✓ Can be automatically updated to provide current context

Disadvantages NGFW

✓ In order to derive the biggest benefit, organizations need to integrate NGFWs with other
security systems, which can be a complex process

✓ Costlier than other firewall types

NGFWs are an essential safeguard for organizations in heavily regulated industries, such as
healthcare or finance. These firewalls deliver multifunctional capability, which appeals to
those with a strong grasp on just how virulent the threat environment is. NGFWs work best
when integrated with other security systems, which, in many cases, requires a high degree of
expertise.
QN 2.

Best Practices for Firewall Implementation

Here are some excellent and must follow best practices to make the most of your firewall
program:

✓ Verify firewall is in compliance with business security controls

Another essential tip to ensure effective firewall implementation is to match your firewall
program’s terms and conditions to your business policies.

Firewall enforcement must be aligned with the security protocols of your company.
Otherwise, user access issues can create anarchy throughout workflow procedures.

✓ Ensure minimum access rights

When installing a firewall, configure all the access rules and controls for both outbound and
inbound communication. Only offer access in a granular, as needed form only when it is
necessary for business operations. This helps you achieve least privilege security. It is more
secure to slowly add security necessary as required instead of giving too much access and
trying to claw back access on a piecemeal basis.

✓ Remove or consolidate outdated rules

Deprecated rules must be deleted or removed from a firewall system to keep it up-to-date and
efficacious. Firewall policies change over time, and based on your requirements, your
cybersecurity team must decommission old protocols. But be sure to document this (and any)
change to your firewall rule base for audit purposes, and in case you are forced to roll back
the change later on.

✓ Hire an Expert Cybersecurity Solutions Partner

If you haven’t reviewed your firewall infrastructure or rules recently, we can help. ISA
Cybersecurity has experts in a wide range of technologies, coupled with deep partner
networks with some of the biggest names in cybersecurity. Our IT security team provides
superior advisory and assessment services (which include penetration testing and ethical
hacking) this objective and thorough analysis of your firewall security can give you the
affordable peace of mind that you are protecting your digital assets, your corporate data, and
your business from cyber threat. And if you need assistance with remediation, we offer a full
range of architecture design and implementation services to bring you up to date quickly.
 ✓ Firewall audit and testing

Don’t ignore the significance of regular, documented firewall reviews and examinations. PCI
compliance, industry best practices, and even cyber insurance underwriting demand that
firewall review is conducted on a routine basis. Firewall rule base evaluation and penetration
testing are important as well. Approaches like war dialling, internal configuration review,
assessing DMZs, and inspecting virtual and physical LAN modes are all important aspects of
a thorough firewall program review. This exercise can be time-consuming and complex for
internal IT staff, and may not be as effective or objective when conducted in-house.

QN 3. Compare between hardware and software firewall. If you are to recommend,

which one among the two is the best and why?

Hardware-based firewalls

A hardware-based firewall is an appliance that acts as a secure gateway between devices

inside the network perimeter and those outside it. Because they are self-contained appliances,
hardware-based firewalls don't consume processing power or other resources of the host
devices.

Sometimes called network-based firewalls, these appliances are ideal for medium and large
organizations looking to protect many devices. Hardware-based firewalls require more
knowledge to configure and manage than their host-based counterparts.

Advantages:
✓ Independently run so less prone to cyber-attacks.
✓ Installation is external so resources are free from the server.
✓ Increased bandwidth enables the handling of more data packets per second.
✓ Reduced latency.
✓ VPN connection is also supported for increased security and encryption.
Disadvantages:
✓ Hardware devices can take extra space
✓ A skilled IT person is required
✓ Upgradation challenge as it is not cost-effective because multiple devices need to be
replaced
Software-based firewalls

A software-based firewall, or host firewall, runs on a server or other device. Host firewall
software needs to be installed on each device requiring protection. As such, software-based
firewalls consume some of the host device's CPU and RAM resources.

Software-based firewalls provide individual devices significant protection against viruses and
other malicious content. They can discern different programs running on the host, while
filtering inbound and outbound traffic. This provides a fine-grained level of control, making
it possible to enable communications to/from one program but prevent it to/from another.

Advantages
✓ Helpful in blocking particular sites
✓ Juniors and parental controls can be supervised
✓ Ease in maintenance
✓ Valuable for home users
✓ Assignment of different levels of access and permissions to the user can be done with
ease
Disadvantages
✓ Installation and up-gradation are required on individual computers.
✓ Slow Performance of the system.
✓ Due to its installation, system resources are consumed.
✓ Does not work on smart TVs, gaming consoles, etc.

Hardware firewall is the best because, the hardware firewall is set up differently depending
on your current configuration. The firewall is situated outside your server and is connected
directly to your uplink. If this is a new setup, the firewall is then connected to your server. If
this is a new setup to a production server, a maintenance window would be scheduled to
handle the physical connection. Also, A hardware firewall works as a filter between a
computer network and the Internet. It monitors data packets and determines whether they
should be blocked or transferred during transmission.
✓ Other reasons of hardware firewalls to be the best is the ability to run VPN
connections. This connection is also a fully managed product that enables
security, access, and encryption of your already secure server.
REFERENCES

Cheswick and Bellovin, Firewalls and Internet Security (1994, 1/e, openly available online;
Addison-Wesley). Second edition with Rubin (Feb.2003).

Kaufman, Perlman and Speciner, Network Security: Private Communications in a Public

World (2003, 2/e; Prentice Hall)

Zwicky, Cooper, Chapman Building Internet Firewalls (2000, 2/e; O'Reilly).

Stallings and Brown, Computer Security: Principles and Practice (2014, 3/e; Prentice Hall).

Dieter Gollmann, Computer Security (2011, 3/e; Wiley).