Firewall

By: Balram Singh Malik

Assistant Professor
 Index
• Introduction to firewall
• Working of firewall
• Types of firewall
• Components of firewall
• Limitations of firewall
• Firewall vs antivirus
 Firewall
• A firewall is a network security device that monitors incoming and outgoing network traffic and
decides whether to allow or block specific traffic based on a defined set of security rules.
• Firewalls have been a first line of defense in network security for over 25 years. They establish a
barrier between secured and controlled internal networks that can be trusted and untrusted
outside networks, such as the Internet.
• A firewall can be hardware, software, software-as-a service (SaaS), public cloud, or private cloud
(virtual).
 What Does a Firewall Do?
• Originally, firewalls were divided into two camps: proxy and stateful. Over time, stateful inspection became more sophisticated and the
performance of proxy firewalls became too slow., Today, nearly all firewalls are stateful and divide into two general types: network firewalls
and host-based firewalls.
• A host-based or computer firewall protect just one computer, or "host," and are typically deployed on home or personal devices, often
coming packaged with the operating system. Occasionally, though, these firewalls can also be used in corporate settings to provide an added
layer of protection. Considering the fact that host-based firewalls must be installed and maintained individually on each device, the
potential for scalability is limited.
• Firewall networks, on the other hand, protect all devices and traffic passing a demarcation point, enabling broad scalability. As the name
implies, a network firewall functions at the network level, OSI Layers 3 and 4, scanning traffic between external sources and your local area
network (LAN), or traffic moving between different segments inside the network. They are placed at the perimeter of the network or
network segment as a first line of defense and monitor traffic by performing deep packet inspection and packet filtering. If the content of
the packets do not meet previously selected criteria based on rules that the network administrator or security team has created, the
firewall rejects and blocks that traffic.
 Working of Firewall
• Backdoors : Backdoors are a form of malware that allow hackers to access an application or system
remotely. Firewalls can detect and stop data that contains backdoors.
• Denial of Service: Denial-of-service (DoS) attacks overwhelm a system with fake requests. You can use
a network firewall with an access control list (ACL) to control which kinds of traffic are allowed to
reach your applications. You can also use a web application firewall (WAF) to detect DoS-style traffic
and stop it from impacting your web app.
• Macros: Macros can be used by hackers to destroy data on your computer. A firewall can detect files
with malicious macros and stop them from entering your system.
• Remote Logins: Firewalls can prevent people from remotely logging in to your computer, which can
be used to control it or steal sensitive information.
• Spam: Spam, which involves unwanted emails being sent without the consent of the recipient, can
also be stopped by firewalls. An email firewall can inspect incoming messages and detect spam using
a predesigned assortment of rules.
• Viruses: Viruses copy themselves and spread to adjacent computers on a network. Firewalls can
detect data packets containing viruses and prevent them from entering or exiting the network.
 Components of a Firewall
The hardware of a firewall has its own processor or device that runs the software capabilities of the firewall. The software of a firewall
consists of various technologies that apply security controls to the data trying to go through the firewall. Some of these technologies
include:
• Real-time monitoring, which checks the traffic as it enters the firewall
• Internet Protocol (IP) packet filters, which examine data packets to see if they have the potential to contain threats
• Proxy servers, which serve as a barrier between your computer or network and the internet. Requests you send go to the proxy
server first, which forwards your web request on. A proxy server can control which websites users interact with, refusing to forward
requests to sites that may pose a threat.
• VPN, which is a type of proxy server that encrypts data sent from someone behind the firewall and forward it to someone else
• Network Address Translation (NAT) changes the destination or source addresses of IP packets as they pass through the firewall. This
way, multiple hosts can connect to the internet using the same IP address.
• Socket Secure (SOCKS) server that routes traffic to the server on the client’s behalf. This enables the inspection of the client’s traffic.
• Mail relay services, which takes email from one server and delivers it to another server. This makes it possible to inspect email
messages for threats.
• Split Domain Name System (DNS), which allows you to dedicate internal usage of your network to one DNS and external usage to
another. The firewall can then monitor the traffic going to each server individually.
• Logging, which keeps an ongoing log of activity. This can be reviewed later to ascertain when and how threats tried to access the
network or malicious data within the network attempted to get out.
 Types of Firewall
• Packet layer: A packet layer analyzes traffic in the transport protocol layer. At the transport protocol layer, applications can
communicate with each other using specific protocols: Transmission Control Protocol (TCP) and
User Datagram Protocol (UDP). The firewall examines the data packets at this layer, looking for malicious code that can
infect your network or device. If a data packet is identified as a potential threat, the firewall gets rid of it.
• Circuit level: A firewall at the circuit level is positioned as a layer between the transport layer and the application layer of
the TCP/Internet Protocol (TCP/IP) stack. Thus, they work at the session layer of the
Open Systems Interconnection (OSI) model. In the TCP model, before information can be passed from one cyber entity to
another, there needs to be a handshake. A circuit level firewall examines the data that passes during this handshake. The
information in the data packets can alert a firewall to potentially harmful data, and the firewall can then discard it before it
infects another computer or system.
• Application layer: An application layer firewall makes sure that only valid data exists at the application level before
allowing it to pass through. This is accomplished through a set of application-specific policies that allow or block
communications being sent to the application or those the application sends out.
• Proxy server: A proxy server captures and examines all information going into or coming out of a network. A proxy server
acts like a separate computer between your device and the internet. It has its own IP address that your computer connects
to. As information comes in or goes out of the proxy server, it is filtered, and harmful data is caught and discarded.
• Software firewalls: The most common kind of software firewall can be found on most personal computers. It works by
inspecting data packets that flow to and from your device. The information in the data packets is compared against a list of
threat signatures. If a data packet matches the profile of a known threat, it is discarded.
 Firewall Best Practices
1. Block Traffic by Default
2. Specify Source IP Address, Destination IP Address, and Destination Port
3. Update Your Firewall Software Regularly
4. Conduct Regular Firewall Software Audits
5. Have a Centralized Management Tool for Multi-vendor Firewalls
 Limitations of a Firewall
Firewalls can stop a wide range of threats, but they also have the following limitations:
• They can’t stop users from accessing information on malicious websites after the user has already
connected to the website.
• They don’t protect organizations from social engineering.
• If your system has already been infected, the firewall cannot find the threat unless it tries to
spread by crossing through the firewall.
• A firewall cannot prevent hackers from using stolen passwords to access sensitive areas of your
network.
 Firewall vs. Antivirus
• While both firewalls and antivirus software protect you from threats, the ways they go about
doing so are different. A firewall filters traffic that enters and exits your network, Antivirus
software is different in that it works by scanning devices and storage systems on your network
looking for threats that have already penetrated your defenses. It then gets rid of this malicious
software.
 References
• https://
www.cisco.com/c/en_in/products/security/firewalls/what-is-a-firewal
l.html
• https://www.fortinet.com/resources/cyberglossary/firewall
• https://
www.simplilearn.com/tutorials/cyber-security-tutorial/what-is-firewal
l#what_is_firewall