A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block traffic based on security rules. Firewalls establish a barrier between internal trusted networks and external untrusted networks like the Internet. There are different types of firewalls including network firewalls, which protect all devices and traffic passing a network demarcation point, and host-based firewalls, which protect individual devices. Firewalls work by inspecting traffic for threats like viruses, malware, and denial of service attacks according to rules defined by the network administrator. While firewalls provide important protections, they also have limitations such as not preventing access to malicious websites or detecting already installed threats.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block traffic based on security rules. Firewalls establish a barrier between internal trusted networks and external untrusted networks like the Internet. There are different types of firewalls including network firewalls, which protect all devices and traffic passing a network demarcation point, and host-based firewalls, which protect individual devices. Firewalls work by inspecting traffic for threats like viruses, malware, and denial of service attacks according to rules defined by the network administrator. While firewalls provide important protections, they also have limitations such as not preventing access to malicious websites or detecting already installed threats.
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block traffic based on security rules. Firewalls establish a barrier between internal trusted networks and external untrusted networks like the Internet. There are different types of firewalls including network firewalls, which protect all devices and traffic passing a network demarcation point, and host-based firewalls, which protect individual devices. Firewalls work by inspecting traffic for threats like viruses, malware, and denial of service attacks according to rules defined by the network administrator. While firewalls provide important protections, they also have limitations such as not preventing access to malicious websites or detecting already installed threats.
Assistant Professor Index • Introduction to firewall • Working of firewall • Types of firewall • Components of firewall • Limitations of firewall • Firewall vs antivirus Firewall • A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. • Firewalls have been a first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. • A firewall can be hardware, software, software-as-a service (SaaS), public cloud, or private cloud (virtual). What Does a Firewall Do? • Originally, firewalls were divided into two camps: proxy and stateful. Over time, stateful inspection became more sophisticated and the performance of proxy firewalls became too slow., Today, nearly all firewalls are stateful and divide into two general types: network firewalls and host-based firewalls. • A host-based or computer firewall protect just one computer, or "host," and are typically deployed on home or personal devices, often coming packaged with the operating system. Occasionally, though, these firewalls can also be used in corporate settings to provide an added layer of protection. Considering the fact that host-based firewalls must be installed and maintained individually on each device, the potential for scalability is limited. • Firewall networks, on the other hand, protect all devices and traffic passing a demarcation point, enabling broad scalability. As the name implies, a network firewall functions at the network level, OSI Layers 3 and 4, scanning traffic between external sources and your local area network (LAN), or traffic moving between different segments inside the network. They are placed at the perimeter of the network or network segment as a first line of defense and monitor traffic by performing deep packet inspection and packet filtering. If the content of the packets do not meet previously selected criteria based on rules that the network administrator or security team has created, the firewall rejects and blocks that traffic. Working of Firewall • Backdoors : Backdoors are a form of malware that allow hackers to access an application or system remotely. Firewalls can detect and stop data that contains backdoors. • Denial of Service: Denial-of-service (DoS) attacks overwhelm a system with fake requests. You can use a network firewall with an access control list (ACL) to control which kinds of traffic are allowed to reach your applications. You can also use a web application firewall (WAF) to detect DoS-style traffic and stop it from impacting your web app. • Macros: Macros can be used by hackers to destroy data on your computer. A firewall can detect files with malicious macros and stop them from entering your system. • Remote Logins: Firewalls can prevent people from remotely logging in to your computer, which can be used to control it or steal sensitive information. • Spam: Spam, which involves unwanted emails being sent without the consent of the recipient, can also be stopped by firewalls. An email firewall can inspect incoming messages and detect spam using a predesigned assortment of rules. • Viruses: Viruses copy themselves and spread to adjacent computers on a network. Firewalls can detect data packets containing viruses and prevent them from entering or exiting the network. Components of a Firewall The hardware of a firewall has its own processor or device that runs the software capabilities of the firewall. The software of a firewall consists of various technologies that apply security controls to the data trying to go through the firewall. Some of these technologies include: • Real-time monitoring, which checks the traffic as it enters the firewall • Internet Protocol (IP) packet filters, which examine data packets to see if they have the potential to contain threats • Proxy servers, which serve as a barrier between your computer or network and the internet. Requests you send go to the proxy server first, which forwards your web request on. A proxy server can control which websites users interact with, refusing to forward requests to sites that may pose a threat. • VPN, which is a type of proxy server that encrypts data sent from someone behind the firewall and forward it to someone else • Network Address Translation (NAT) changes the destination or source addresses of IP packets as they pass through the firewall. This way, multiple hosts can connect to the internet using the same IP address. • Socket Secure (SOCKS) server that routes traffic to the server on the client’s behalf. This enables the inspection of the client’s traffic. • Mail relay services, which takes email from one server and delivers it to another server. This makes it possible to inspect email messages for threats. • Split Domain Name System (DNS), which allows you to dedicate internal usage of your network to one DNS and external usage to another. The firewall can then monitor the traffic going to each server individually. • Logging, which keeps an ongoing log of activity. This can be reviewed later to ascertain when and how threats tried to access the network or malicious data within the network attempted to get out. Types of Firewall • Packet layer: A packet layer analyzes traffic in the transport protocol layer. At the transport protocol layer, applications can communicate with each other using specific protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The firewall examines the data packets at this layer, looking for malicious code that can infect your network or device. If a data packet is identified as a potential threat, the firewall gets rid of it. • Circuit level: A firewall at the circuit level is positioned as a layer between the transport layer and the application layer of the TCP/Internet Protocol (TCP/IP) stack. Thus, they work at the session layer of the Open Systems Interconnection (OSI) model. In the TCP model, before information can be passed from one cyber entity to another, there needs to be a handshake. A circuit level firewall examines the data that passes during this handshake. The information in the data packets can alert a firewall to potentially harmful data, and the firewall can then discard it before it infects another computer or system. • Application layer: An application layer firewall makes sure that only valid data exists at the application level before allowing it to pass through. This is accomplished through a set of application-specific policies that allow or block communications being sent to the application or those the application sends out. • Proxy server: A proxy server captures and examines all information going into or coming out of a network. A proxy server acts like a separate computer between your device and the internet. It has its own IP address that your computer connects to. As information comes in or goes out of the proxy server, it is filtered, and harmful data is caught and discarded. • Software firewalls: The most common kind of software firewall can be found on most personal computers. It works by inspecting data packets that flow to and from your device. The information in the data packets is compared against a list of threat signatures. If a data packet matches the profile of a known threat, it is discarded. Firewall Best Practices 1. Block Traffic by Default 2. Specify Source IP Address, Destination IP Address, and Destination Port 3. Update Your Firewall Software Regularly 4. Conduct Regular Firewall Software Audits 5. Have a Centralized Management Tool for Multi-vendor Firewalls Limitations of a Firewall Firewalls can stop a wide range of threats, but they also have the following limitations: • They can’t stop users from accessing information on malicious websites after the user has already connected to the website. • They don’t protect organizations from social engineering. • If your system has already been infected, the firewall cannot find the threat unless it tries to spread by crossing through the firewall. • A firewall cannot prevent hackers from using stolen passwords to access sensitive areas of your network. Firewall vs. Antivirus • While both firewalls and antivirus software protect you from threats, the ways they go about doing so are different. A firewall filters traffic that enters and exits your network, Antivirus software is different in that it works by scanning devices and storage systems on your network looking for threats that have already penetrated your defenses. It then gets rid of this malicious software. References • https:// www.cisco.com/c/en_in/products/security/firewalls/what-is-a-firewal l.html • https://www.fortinet.com/resources/cyberglossary/firewall • https:// www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-firewal l#what_is_firewall