‫‪Republic of Yemen‬‬ ‫الجمهورية اليمنية‬

‫‪Ministry of Higher Education‬‬ ‫وزارة التعليم العالي والبحث العلمي‬

‫‪And Scientific Research‬‬ ‫جامعة النخبة الدولية‬

‫‪Alnokhbah University‬‬ ‫كلية الهندسة‬

‫‪College of Engineering‬‬ ‫هندسة تكنلوجيا المعلومات‬

‫‪Department of IT‬‬

‫‪Network Security‬‬
‫‪Firewall‬‬

‫عمل الطالب‪/‬سعد علي علي عيسى‬

‫اشراف الدكتور ‪/‬محمد‬

‫أستاذ المقرر‬

‫‪FEBRUARY 1, 2024‬‬
Firewalls in Network Security
What is Firewall?
A firewall is a cybersecurity device or software application that filters network traffic. A firewall acts
as a traffic cop at your computer’s port. A fundamental purpose of a firewall is to create a barrier
that separates an internal network from incoming external traffic to block malicious traffic
requests and data packets, such as malware and hacking while allowing legitimate traffic to pass
through. A firewall enables only the traffic that has been configured to accept, like IP addresses. It
differentiates between legitimate and malicious traffic and allows or blocks specific data packets
based on predefined security rules.
Why do we need a Firewall?
A Firewall is a necessary component of a company’s overall cybersecurity strategy. Most
computers have an in-built firewall, but it isn’t always the best option for security. What can a
firewall do to keep us safe?

1. It guards computers against unauthorized access.

2. It blocks unwanted content.

3. It provides a secure network when multiple people interact at the same time.

4. It prevents ransomware from spreading.

5. It protects private information, such as online banking credentials.

Types of Firewalls
Here are the various types of firewalls:
1.Packet-filtering firewall
A Packet-filtering firewall filters all incoming and outgoing network packets. It tests them based on
a set of rules that include IP address, IP protocol, port number, and other aspects of the packet. If
the packet passes the test, the firewall allows it to proceed to its destination and rejects those that
do not pass it.
Benefits of a Packet-filtering

• Quick and inexpensive

• Oldest and most fundamental firewall

• Protection against advanced threats is limited

~1~
Firewalls in Network Security
2. Stateful Multi-Layer Inspection (SMLI)
Stateful Multi-Layer Inspection firewall employs packet inspection technology and TCP handshake
verification to provide protection. These firewalls, also known as dynamic packet filtering, examine
each network packet to determine whether it belongs to an existing TCP or another network
session. The SMLI firewall creates a state table to store session information like source and
destination IP address, port number, destination port number, etc.
Benefits of Stateful inspection

• Reduced traffic flow

• High-level protection

• Consumed significant system resources

• Provides extensive logging capabilities

3. Stateless firewall
Stateless firewalls monitor the network traffic and analyze each data packet’s source, destination,
and other details to determine whether a threat is present. These firewalls can recognize packet
state and TCP connection stages, integrate encryption, and other essential updates.
Benefits of Stateless firewall

• Less complex

• Easy to implement

• Fast performance delivery

• Performs effectively in heavy traffic situations

4. Application-level gateway (Proxy firewall)

Application-level gateway, also called Proxy firewall, is used to protect data at the application level.
It protects from potential internet hackers by not disclosing our computer’s identity (IP address).
Proxy firewalls analyze the context and content of data packets and compare them to a set of
previously defined rules using stateful and deep packet inspection. They either permit or reject a
package based on the outcome. Because this firewall checks the payload of received data
packets, it is much slower than a packet-filtering firewall.

~2~
Firewalls in Network Security
Benefits of Application-level gateways

• Safest firewall

• Deep packet inspection

• Significant slowdowns

• Safeguard resource identity and location

5. Circuit-level gateway
Circuit-level gateway validates established Transmission Control Protocol (TCP) connections.
These firewalls typically operate at the OSI model’s session level, verifying Transmission Control
Protocol (TCP) and User Datagram Protocol (UDP) connections and sessions. These firewalls are
implemented as security software or as pre-installed firewalls. Like packet filtering firewalls, these
firewalls do not examine the actual data packet but observe the information about the transaction.
Benefits of Circuit-level gateway

• Simple and inexpensive

• A single form of protection is insufficient

• Setup and management are simple

6. Next-Generation Firewall (NGFW)

The most common type of firewall available today is the Next-Generation Firewall (NGFW), which
provides higher security levels than packet-filtering and stateful inspection firewalls. An NGFW is a
deep-packet inspection firewall with additional features such as application awareness and
control, integrated intrusion prevention, advanced visibility of their network, and cloud-delivered
threat intelligence. This type of firewall is typically defined as a security device that combines the
features and functionalities of multiple firewalls. NGFW monitors the entire data transaction,
including packet headers, contents, and sources.
Benefits of Next-Generation Firewall

• Block malware

• Recognizing Advanced Persistent Threats (APTs)

• Less expensive

~3~
Firewalls in Network Security
• Financially beneficial

7. Cloud firewall
A Cloud firewall, also known as FaaS (firewall-as-service), is a firewall that is designed using a
cloud solution for network protection. Third-party vendors typically manage and operate cloud
firewalls on the internet, and they are configured based on the requirements. Today, most
businesses use cloud firewalls to protect their private networks or overall cloud infrastructure.
Benefits of Cloud firewall

• Unified security policy

• Flexible deployment

• Simplified deployment and maintenance

• Improved scalability

• Automatic updates

What is Open Source Threat Intelligence?

Open source threat intelligence is a proactive approach to cybersecurity that involves gathering,
analyzing, and exchanging information about cyber threats, vulnerabilities, and malicious actors
using publicly available data and resources instead of closed, proprietary systems. These
resources can include websites, public forums, news, blogs, reports, and various other online
repositories where researchers, security experts, and the cybersecurity community collaborate to
share information. This approach distinguishes itself from commercial or classified threat
intelligence, as it is openly available to anyone willing to spend time and effort in collecting and
analyzing the data.
Benefits of Open Source Threat Intelligence
Open source threat intelligence can provide organizations with a variety of benefits, including:
• Cost-Efficiency: Open source threat intelligence is often cost-effective, as it primarily
relies on publicly available data. It can be advantageous for small and medium-sized
businesses with constrained cybersecurity budgets.
• Enhanced Visibility: Open source threat intelligence provides enhanced visibility into
cybercriminals’ tactics, techniques, and procedures. This knowledge empowers
organizations to better defend against attacks.

~4~
Firewalls in Network Security
• Rich and Diverse Data: Open source threat intelligence offers a diverse range of data,
such as attack techniques, Indicators of Compromise (IOCs), malware analysis, and
malicious actor profiles. This varied and valuable information can help organizations
understand the threat landscape better and adapt their security measures
accordingly.
• Real-time Information: The open-source community is constantly evolving, and this
dynamic environment allows for real-time threat information sharing. As new threats
emerge, they can quickly spread among security professionals and organizations,
enabling prompt responses and proactive measures.
• Global Collaboration: Open source threat intelligence fosters global collaboration
among cybersecurity professionals. This collective approach can lead to more
comprehensive threat analysis and a faster response to emerging threats.
Challenges of Open Source Threat Intelligence
Open source threat intelligence is a valuable resource, but it also comes with several challenges.
Here are some of the most common challenges:
• Data Quality and Reliability: Not all open source threat intelligence is of high quality or
reliability. Organizations must thoroughly assess their data sources to ensure the
information they receive is accurate and up-to-date.
• Data Overload: Organizations may easily get overwhelmed by the abundance of
open-source material accessible. Implementing procedures and tools is vital to
ensure efficient data filtration and analysis.
• Legal and Ethical Concerns: Using open source threat intelligence may raise legal and
ethical concerns, as some sources may contain sensitive or private information.
Following legal and ethical guidelines is important when collecting and using open-
source data.
• Lack of Context: Open source intelligence often lacks contextual information on the
potential impact of specific threats or vulnerabilities on an organization’s unique
infrastructure. Understanding how to apply this intelligence to your particular
environment is crucial.
• Skill Requirements: Effectively implementing Open Source Threat Intelligence requires
a strong cybersecurity understanding and threat analysis experience. Organizations
may be required to allocate resources toward training initiatives or recruit individuals
with the requisite expertise.

~5~
Firewalls in Network Security

Top Network Security Tools

What is network security?
Network security safeguards IT networks against unauthorized access, misuse, modification, or
disruption. It involves implementing various technologies and processes, such as encryption,
access controls, authentication protocols, and firewalls, to secure the availability, confidentiality,
and integrity of data and services transmitted over a network. These measures help to prevent
attacks and detect and respond to potential security breaches.
Top network security tools
There are many network security tools available, each with its unique set of features. Some of the
common network security tools are:
1.Snort: It is a free and open-source intrusion detection and prevention system that can detect
and block network attacks. It can monitor network traffic in real-time and detect suspicious activity
based on predefined rules.
Features:
Here are some key features of Snort:

• Real-time traffic analysis and packet logging

• Protocol analysis, content searching, and pattern matching

• Flexible rule-based language for customizing detection and response

• Multi-platform support and integration with other security tools

2. Wireshark: It is a widely used open-source network protocol analyzer that enables users to
record and analyze network traffic in real-time. It is a powerful tool that offers detailed information
on the data transmitted over a network, helping users troubleshoot network issues and identify
security threats.
Features:
Here are some key features of Wireshark:

• Captures and displays packets in real-time

• Supports various network protocols and file formats

• Provides detailed packet analysis and filtering capabilities

~6~
Firewalls in Network Security
3. Nmap: It is a powerful network mapping tool that scans networks and provides information
about open ports, services, and vulnerabilities.
Features:
Here are some key features of Nmap:

• Detect hosts and services on a network

• Perform port scanning, OS detection, and vulnerability scanning

• Supports a variety of scanning techniques and output formats

• Integration with other security tools and platforms

• Cross-platform compatibility

4. Metasploit: It is a framework that allows users to test the security of networks and applications
by exploiting known vulnerabilities.
Features:
Here are some key features of Metasploit:

• Automated vulnerability scanning

• Post-exploitation actions and lateral movement

• Remote control of compromised systems

• Integration with other security tools

• Comprehensive exploit database

5. Nessus: It is a popular network security tool used for vulnerability scanning, detection, and
assessment. It can identify security flaws in networks and provide detailed reports on how to fix
them.
Features:
Here are some key features of Nessus:

• Supports multiple operating systems and platforms

• Perform comprehensive security checks on network devices and systems

~7~
Firewalls in Network Security
• Provide detailed reports on vulnerabilities found and potential security risks

• Supports compliance checks with various security standards and regulations

6. OpenVAS: It is a powerful vulnerability scanner that can detect and report security issues in
networks and systems.
Features:
Here are some key features of OpenVAS:

• Scans networks for security flaws and vulnerabilities

• Analyze and identify potential security concerns

• Detect common network vulnerabilities

• Provides detailed reports on vulnerabilities and suggests remediation advice

• Integrated with other security frameworks and tools

7. Firewall: It monitors and manages incoming and outgoing network traffic based on predefined
security rules. It acts as a barrier between a computer network and the internet, preventing
unauthorized access and protecting the network from cyber-attacks.
Features:
Here are some key features of the Firewall:

• Filters incoming and outgoing traffic based on pre-set rules

• Block traffic from specific IP addresses or applications

• Identify and prevent unauthorized access to the network

• Provide logging and reporting capabilities

8. Proxy server: It is a server that serves as an intermediary between clients and servers,
providing additional security by filtering and blocking unauthorized access.
Features:
Here are some key features of a Proxy server:

• Hides client IP address

~8~
Firewalls in Network Security
• Filter and block access to certain websites

• Provide encryption and enhance privacy

• Monitor and log user activity

9. VPN (Virtual Private Network): It encrypts and secures network traffic between two or more
devices, providing a secure connection over the internet.
Features:
Here are some key features of VPN:

• Encrypts traffic

• Hides IP address and location

• Authenticates users and devices

• Provides secure remote access

• Maintains privacy and confidentiality of user data

Types of Network Security Attacks

There are different types of attacks on Network Security. We will discuss the most common types:
1. Malware: Malware is the fastest type of malicious software that a hacker designs specifically
for his use to disrupt and damage systems and networks of systems and acquire authorized
access to steal data or personal information. Malware is automatically installed via the internet
and quickly infects all computers linked to the network.
2. Virus: A virus is also malicious software but requires user interaction to harm the system. The
virus cannot replicate itself; it requires human involvement by using malicious links, such as email
attachments that contain malicious code. Your files can be corrupted when you click on malicious
links, and your personal information is stolen.
3. Worm: The most common standalone computer malware program is the worm, which
replicates itself without human involvement and spreads via a network from one infected system
to another by exploiting system flaws and transmitting “payloads” that harm host computers.
Worms don’t need a host file to get started; they use the same host as the system they are in, and
the number of worms grows over time. It penetrates the system via an application and consumes
its processing power bandwidth, causing the system to become unresponsive.

~9~
Firewalls in Network Security
4. Man-in-the-middle: A Man-in-the-middle (MITM) attack occurs when an attacker stands
between two devices or between a client and a server, intercepts, monitors, and steals confidential
data, or modifies it and sends it back to the original receiver.
5. Distributed Denial of Service (DDoS): DDoS (Distributed Denial of Service) is a more
sophisticated type of DoS attack. In this attack, the attacker uses numerous systems to bombard
the victim’s server with traffic, causing the server or network to malfunction and the victim to be
unable to access it. It is challenging to detect DDoS threats since they are launched from several
infected systems. Most black hat hackers use this attack to blackmail or retaliate against the
victim.
There are three types of denial-of-service attacks:

• Connection flooding

• Vulnerability attacks

• Bandwidth flooding

6. Phishing: A phishing attack is a social engineering attack. An attacker manipulates the victim’s
thoughts to get personal information like credit and debit cards, online banking details, username
and password, social networking information, and other digital account information. Phishing is
the term used nowadays when a hacker or attacker tries to deceive individuals by threatening,
frightening, or seducing them. Attackers send malicious attachments and links to users via email,
posing as trusted sources such as company owners, managers, or bankers. When users open the
email with interest, they allow access to the attackers.
7. IP Spoofing: IP (Internet Protocol) Spoofing is a form of malicious attack. Spoofing is a DDoS
and Man-in-the-Middle attack technique used by attackers on target devices. The attacker keeps
track of the system’s packet header information, such as IP address and Mac address, and then
replaces the source IP address with a spoofed IP address to impersonate the sender’s true identity.
The receiver will believe it interacts with a trusted source and provides access to the attacker.
Hackers take advantage of spoofed IP packets because they know these are the primary way of
transmitting data between sender and recipient.
8. Botnet: Botnets are a group of computers and networks, including PCs, servers, and mobile
devices, infected with malware and controlled by hackers. A hacker uses malicious software to
connect with multiple computers via a private network to perform attacks. Because it attacks
various systems at once and corrupts them, this attack is also known as the zombie army attack.
Without the owner’s awareness, the attacker gains access to and manages all of the systems on
that network, manipulates bots to transmit spam, steal data, and gain unwanted access.

~ 10 ~
Firewalls in Network Security
9. Trojan horse: A Trojan horse is a malicious application that seems useful due to its harmless
appearance, but it is harmful when installed and downloaded on a computer. This is a malicious
program that can alter computer settings and perform unusual tasks like deleting file allocation
tables and causing the system to hang. It is usually embedded in games and spreads via social
engineering methods like emails. It could give attackers access to personal information such as
financial information, usernames, passwords, etc.
10. Packet Sniffer: Packet sniffers capture or save copies of each transmission packet when
packets flow over a network in a wireless transmission zone. A sniffer is a tool attackers use to
gather sensitive information such as social information, financial data, trade secrets, user IDs,
passwords, etc. Sniffing is a data theft technique that involves capturing, decoding, inspecting, and
interpreting the information contained within a network packet on a TCP/IP connection using a
packet sniffer.

~ 11 ~