Configuration of firewall

OM CHAUHAN
T0122ARTI440
 Configuration of firewall

Aim: To study the configuration of firewall

Introduction
A firewall is a network security device that monitors incoming and outgoing network traffic and
decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls
have been a first line of defence in network security for over 25 years. They establish a barrier
between secured and controlled internal networks that can be trusted and untrusted outside networks,
such as the Internet. A firewall can be hardware, software, or both.

Firewall history
Firewalls have existed since the late 1980’s and started out as packet filters, which were networks set
up to examine packets, or bytes, transferred between computers. Though packet filtering firewalls are
still in use today, firewalls have come a long way as technology has developed throughout the
decades.

 Gen 1 Virus: Generation 1, Late 1980’s, virus attacks on stand-alone PC’s affected all
businesses and drove anti-virus products,

 Gen 2 Networks: Generation 2, Mid 1990’s, attacks from the internet affected all business
and drove creation of the firewall.

 Gen 3 Applications: Generation 3, Early 2000’s, exploiting vulnerabilities in applications

which affected most businesses and drove Intrusion Prevention Systems Products (IPS).

 Gen 4 Payload: Generation 4, Approx. 2010, rise of targeted, unknown, evasive,

polymorphic attacks which affected most businesses and drove anti-bot and sandboxing
products.

 Gen 5 Mega: Generation 5, Approx. 2017, large scale, multi-vector, mega attacks using
advance attack tools and is driving advance threat prevention solutions.

Types Of Firewalls

Types of firewalls are:

1. Proxy Firewall
2. Stateful inspection firewall
3. Unified threat management (UTM) firewall
4. Next generation firewall (NGFW)
5. Threat focused NGFW

Om Chauhan 1
 Configuration of firewall

Proxy Firewall

An early type of firewall device, a proxy firewall serves as the gateway from one network to another
for a specific application. Proxy servers can provide additional functionality such as content caching
and security by preventing direct connections from outside the network. However, this also may
impact throughput capabilities and the applications they can support

Stateful Inspection Firewall

Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based
on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed.
Filtering decisions are made based on both administrator-defined rules as well as context, which refers
to using information from in previous connections and packets belonging to the same connection.

Unified Threat Management (UTM)Firewall

A UTM device typically combines, in a loosely coupled way, the functions of a stateful inspection
firewall with intrusion prevention and antivirus. It may also include additional services and often
cloud management. UTMs focus on simplicity and ease of use.

Next Generation Firewall (NGFW)

Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are
deploying next-generation firewalls to block modern threats such as advanced malware and
application-layer attacks. A next generation firewall will include:

 Standard firewall capabilities like stateful inspection

 Integrated intrusion prevention
 Application awareness and control to see and block risky apps
 Upgrade paths to include future information feeds
 Techniques to address evolving security threats

Threat Focused NGFW

These firewalls include all the capabilities of a traditional NGFW and provide advanced threat
detection and remediation. With a threat focused NGFW you can:

 Know which assets are most at risk with complete context awareness
 Quickly react to attacks with intelligent security automation that sets policies and hardens
your defences dynamically
 Better detect evasive or suspicious activity with network and endpoint event correlation
 Greatly decrease the time from detection to clean up with retrospective security that
continuously monitors for suspicious activity and behaviour even after initial inspection.

Om Chauhan 2
 Configuration of firewall

 Ease administration and reduce complexity with unified policies that protect across the entire
attack continuum

What Do Firewalls do

A Firewall is a necessary part of any security architecture and takes the guesswork out of host level
protections and entrusts them to your network security device. Firewalls, and especially Next
Generation Firewalls, focus on blocking malware and application-layer attacks, along with an
integrated intrusion prevention system (IPS), these Next Generation Firewalls can react quickly and
seamlessly to detect and react to outside attacks across the whole network. They can set policies to
better defend your network and carry out quick assessments to detect invasive or suspicious activity,
like malware, and shut it down

Why do we need Firewalls

Firewalls, especially Next Generation Firewalls, focus on blocking malware and application-layer
attacks. Along with an integrated intrusion prevention system (IPS), these Next Generation Firewalls
are able to react quickly and seamlessly to detect and combat attacks across the whole network.
Firewalls can act on previously set policies to better protect your network and can carry out quick
assessments to detect invasive or suspicious activity, such as malware, and shut it down. By
leveraging a firewall for your security infrastructure, you’re setting up your network with specific
policies to allow or block incoming and outgoing traffic.

What is Firewall configuration?

A firewall plays a vital role in network security and needs to be properly configured to keep
organizations protected from data leakage and cyberattacks. This is possible by configuring domain
names and Internet Protocol (IP) addresses to keep the firewall secure. Firewall policy configuration
is based on network type, such as public or private, and can be set up with security rules that block or
allow access to prevent potential attacks from hackers or malware. Proper firewall configuration is
essential, as default features may not provide maximum protection against a cyberattack.

Importance of firewall configuration

Improper firewall configuration can result in attackers gaining unauthorized access to protected
internal networks and resources. As a result, cyber criminals are constantly on the lookout for
networks that have outdated software or servers and are not protected. Gartner highlighted the size
and magnitude of this issue, predicting that 99% of firewall breaches would be caused by
misconfigurations in 2020. The default settings on most firewalls and protocols like the File Transfer

Om Chauhan 3
 Configuration of firewall

Protocol (FTP) do not provide the necessary level of protection to keep networks secure from
cyberattacks. Organizations must ensure basic firewall configuration meets the unique needs of their
networks.

How to configure a Firewall

1) Secure the firewall

a) Update with the latest firewall
b) Never putting firewalls into production without appropriate configurations in place
c) Deleting, disabling, or remaining default accounts and changing default passwords
d) Use unique, secure passwords
e) Never using shared user accounts. If a firewall will be managed by multiple administrators,
additional admin accounts must have limited privileges based on individual responsibilities
f) Disabling the Simple Network Management Protocol (SNMP), which collects and organizes
information about devices on Ip networks, or configuring it for secure usage
g) Restricting outgoing and incoming network traffic for specific applications or the
Transmission Control Protocol (TCP)
2) Establish firewall zones and an Ip address structure

It is important to identify network assets and resources that must be protected. This includes creating a
structure that groups corporate assets into zones based on similar functions and the level of risk. It is
important to identify network assets and resources that must be protected. This includes creating a
structure that groups corporate assets into zones based on similar functions and the level of risk.
However, having more zones also demands more time to manage them. With a network zone structure
established, it is also important to establish a corresponding IP address structure that assigns zones to
firewall interfaces and sub interfaces.
3) Configure Access Control Lists (ACLs)
Access control lists (ACLs) enable organizations to determine which traffic is allowed to flow in and
out of each zone. ACLs act as firewall rules, which organizations can apply to each firewall interface
and sub interface. ACLs must be made specific to the exact source and destination port numbers and
IP addresses. Each ACL should have a “deny all” rule created at the end of it, which enables
organizations to filter out unapproved traffic. Each interface and sub interface also needs an inbound
and outbound ACL to ensure only approved traffic can reach each zone. It is also advisable to disable
firewall administration interfaces from public access to protect the configuration and disable
unencrypted firewall management protocols.
4) Configure other firewall services and logging
Some firewalls can be configured to support other services, such as a Dynamic Host Configuration
Protocol (DHCP) server, intrusion prevention system (IPS), and Network Time Protocol (NTP)
server. It is important to also disable the extra services that will not be used. Further, firewalls must be
configured to report to a logging service to comply with and fulfil Payment Card Industry Data

Om Chauhan 4
 Configuration of firewall

Security Standard (PCI DSS) requirements. Make sure to use the firewall properly and follow the
steps carefully.
5) Test the Firewall Configuration
With the configurations made, it is critical to test them to ensure the correct traffic is being blocked
and that the firewall performs as intended. The configuration can be tested through techniques like
penetration testing and vulnerability scanning. Remember to back up the configuration in a secure
location in case of any failures during the testing process.
6) Manage Firewall Continually
Firewall management and monitoring are critical to ensuring that the firewall continues to function as
intended. This includes monitoring logs, performing vulnerability scans, and regularly reviewing
rules. It is also important to document processes and manage the configuration continually and
diligently to ensure ongoing protection of the network.

-OM CHAUHAN
-T0122ARTI440

Om Chauhan 5