Professional Documents
Culture Documents
Department of IT
Network Security
Firewall
FEBRUARY 1, 2024
Firewalls in Network Security
What is Firewall?
A firewall is a cybersecurity device or software application that filters network traffic. A firewall acts
as a traffic cop at your computer’s port. A fundamental purpose of a firewall is to create a barrier
that separates an internal network from incoming external traffic to block malicious traffic
requests and data packets, such as malware and hacking while allowing legitimate traffic to pass
through. A firewall enables only the traffic that has been configured to accept, like IP addresses. It
differentiates between legitimate and malicious traffic and allows or blocks specific data packets
based on predefined security rules.
Why do we need a Firewall?
A Firewall is a necessary component of a company’s overall cybersecurity strategy. Most
computers have an in-built firewall, but it isn’t always the best option for security. What can a
firewall do to keep us safe?
3. It provides a secure network when multiple people interact at the same time.
Types of Firewalls
Here are the various types of firewalls:
1.Packet-filtering firewall
A Packet-filtering firewall filters all incoming and outgoing network packets. It tests them based on
a set of rules that include IP address, IP protocol, port number, and other aspects of the packet. If
the packet passes the test, the firewall allows it to proceed to its destination and rejects those that
do not pass it.
Benefits of a Packet-filtering
~1~
Firewalls in Network Security
2. Stateful Multi-Layer Inspection (SMLI)
Stateful Multi-Layer Inspection firewall employs packet inspection technology and TCP handshake
verification to provide protection. These firewalls, also known as dynamic packet filtering, examine
each network packet to determine whether it belongs to an existing TCP or another network
session. The SMLI firewall creates a state table to store session information like source and
destination IP address, port number, destination port number, etc.
Benefits of Stateful inspection
• High-level protection
3. Stateless firewall
Stateless firewalls monitor the network traffic and analyze each data packet’s source, destination,
and other details to determine whether a threat is present. These firewalls can recognize packet
state and TCP connection stages, integrate encryption, and other essential updates.
Benefits of Stateless firewall
• Less complex
• Easy to implement
~2~
Firewalls in Network Security
Benefits of Application-level gateways
• Safest firewall
• Significant slowdowns
5. Circuit-level gateway
Circuit-level gateway validates established Transmission Control Protocol (TCP) connections.
These firewalls typically operate at the OSI model’s session level, verifying Transmission Control
Protocol (TCP) and User Datagram Protocol (UDP) connections and sessions. These firewalls are
implemented as security software or as pre-installed firewalls. Like packet filtering firewalls, these
firewalls do not examine the actual data packet but observe the information about the transaction.
Benefits of Circuit-level gateway
• Block malware
• Less expensive
~3~
Firewalls in Network Security
• Financially beneficial
7. Cloud firewall
A Cloud firewall, also known as FaaS (firewall-as-service), is a firewall that is designed using a
cloud solution for network protection. Third-party vendors typically manage and operate cloud
firewalls on the internet, and they are configured based on the requirements. Today, most
businesses use cloud firewalls to protect their private networks or overall cloud infrastructure.
Benefits of Cloud firewall
• Flexible deployment
• Improved scalability
• Automatic updates
~4~
Firewalls in Network Security
• Rich and Diverse Data: Open source threat intelligence offers a diverse range of data,
such as attack techniques, Indicators of Compromise (IOCs), malware analysis, and
malicious actor profiles. This varied and valuable information can help organizations
understand the threat landscape better and adapt their security measures
accordingly.
• Real-time Information: The open-source community is constantly evolving, and this
dynamic environment allows for real-time threat information sharing. As new threats
emerge, they can quickly spread among security professionals and organizations,
enabling prompt responses and proactive measures.
• Global Collaboration: Open source threat intelligence fosters global collaboration
among cybersecurity professionals. This collective approach can lead to more
comprehensive threat analysis and a faster response to emerging threats.
Challenges of Open Source Threat Intelligence
Open source threat intelligence is a valuable resource, but it also comes with several challenges.
Here are some of the most common challenges:
• Data Quality and Reliability: Not all open source threat intelligence is of high quality or
reliability. Organizations must thoroughly assess their data sources to ensure the
information they receive is accurate and up-to-date.
• Data Overload: Organizations may easily get overwhelmed by the abundance of
open-source material accessible. Implementing procedures and tools is vital to
ensure efficient data filtration and analysis.
• Legal and Ethical Concerns: Using open source threat intelligence may raise legal and
ethical concerns, as some sources may contain sensitive or private information.
Following legal and ethical guidelines is important when collecting and using open-
source data.
• Lack of Context: Open source intelligence often lacks contextual information on the
potential impact of specific threats or vulnerabilities on an organization’s unique
infrastructure. Understanding how to apply this intelligence to your particular
environment is crucial.
• Skill Requirements: Effectively implementing Open Source Threat Intelligence requires
a strong cybersecurity understanding and threat analysis experience. Organizations
may be required to allocate resources toward training initiatives or recruit individuals
with the requisite expertise.
~5~
Firewalls in Network Security
2. Wireshark: It is a widely used open-source network protocol analyzer that enables users to
record and analyze network traffic in real-time. It is a powerful tool that offers detailed information
on the data transmitted over a network, helping users troubleshoot network issues and identify
security threats.
Features:
Here are some key features of Wireshark:
~6~
Firewalls in Network Security
3. Nmap: It is a powerful network mapping tool that scans networks and provides information
about open ports, services, and vulnerabilities.
Features:
Here are some key features of Nmap:
• Cross-platform compatibility
4. Metasploit: It is a framework that allows users to test the security of networks and applications
by exploiting known vulnerabilities.
Features:
Here are some key features of Metasploit:
5. Nessus: It is a popular network security tool used for vulnerability scanning, detection, and
assessment. It can identify security flaws in networks and provide detailed reports on how to fix
them.
Features:
Here are some key features of Nessus:
~7~
Firewalls in Network Security
• Provide detailed reports on vulnerabilities found and potential security risks
6. OpenVAS: It is a powerful vulnerability scanner that can detect and report security issues in
networks and systems.
Features:
Here are some key features of OpenVAS:
7. Firewall: It monitors and manages incoming and outgoing network traffic based on predefined
security rules. It acts as a barrier between a computer network and the internet, preventing
unauthorized access and protecting the network from cyber-attacks.
Features:
Here are some key features of the Firewall:
8. Proxy server: It is a server that serves as an intermediary between clients and servers,
providing additional security by filtering and blocking unauthorized access.
Features:
Here are some key features of a Proxy server:
~8~
Firewalls in Network Security
• Filter and block access to certain websites
9. VPN (Virtual Private Network): It encrypts and secures network traffic between two or more
devices, providing a secure connection over the internet.
Features:
Here are some key features of VPN:
• Encrypts traffic
~9~
Firewalls in Network Security
4. Man-in-the-middle: A Man-in-the-middle (MITM) attack occurs when an attacker stands
between two devices or between a client and a server, intercepts, monitors, and steals confidential
data, or modifies it and sends it back to the original receiver.
5. Distributed Denial of Service (DDoS): DDoS (Distributed Denial of Service) is a more
sophisticated type of DoS attack. In this attack, the attacker uses numerous systems to bombard
the victim’s server with traffic, causing the server or network to malfunction and the victim to be
unable to access it. It is challenging to detect DDoS threats since they are launched from several
infected systems. Most black hat hackers use this attack to blackmail or retaliate against the
victim.
There are three types of denial-of-service attacks:
• Connection flooding
• Vulnerability attacks
• Bandwidth flooding
6. Phishing: A phishing attack is a social engineering attack. An attacker manipulates the victim’s
thoughts to get personal information like credit and debit cards, online banking details, username
and password, social networking information, and other digital account information. Phishing is
the term used nowadays when a hacker or attacker tries to deceive individuals by threatening,
frightening, or seducing them. Attackers send malicious attachments and links to users via email,
posing as trusted sources such as company owners, managers, or bankers. When users open the
email with interest, they allow access to the attackers.
7. IP Spoofing: IP (Internet Protocol) Spoofing is a form of malicious attack. Spoofing is a DDoS
and Man-in-the-Middle attack technique used by attackers on target devices. The attacker keeps
track of the system’s packet header information, such as IP address and Mac address, and then
replaces the source IP address with a spoofed IP address to impersonate the sender’s true identity.
The receiver will believe it interacts with a trusted source and provides access to the attacker.
Hackers take advantage of spoofed IP packets because they know these are the primary way of
transmitting data between sender and recipient.
8. Botnet: Botnets are a group of computers and networks, including PCs, servers, and mobile
devices, infected with malware and controlled by hackers. A hacker uses malicious software to
connect with multiple computers via a private network to perform attacks. Because it attacks
various systems at once and corrupts them, this attack is also known as the zombie army attack.
Without the owner’s awareness, the attacker gains access to and manages all of the systems on
that network, manipulates bots to transmit spam, steal data, and gain unwanted access.
~ 10 ~
Firewalls in Network Security
9. Trojan horse: A Trojan horse is a malicious application that seems useful due to its harmless
appearance, but it is harmful when installed and downloaded on a computer. This is a malicious
program that can alter computer settings and perform unusual tasks like deleting file allocation
tables and causing the system to hang. It is usually embedded in games and spreads via social
engineering methods like emails. It could give attackers access to personal information such as
financial information, usernames, passwords, etc.
10. Packet Sniffer: Packet sniffers capture or save copies of each transmission packet when
packets flow over a network in a wireless transmission zone. A sniffer is a tool attackers use to
gather sensitive information such as social information, financial data, trade secrets, user IDs,
passwords, etc. Sniffing is a data theft technique that involves capturing, decoding, inspecting, and
interpreting the information contained within a network packet on a TCP/IP connection using a
packet sniffer.
~ 11 ~