2 JOHNSON MASSAWE T/UDOM/2020/05230 3 MUSTAPHA HASSAN T/UDOM/2020/10296 4 4 HUSSEIN ISSA CHRISTINA SOMPO T/UDOM/2020/05241 T/UDOM/2020/05251
5 HUSSEIN ISSA T/UDOM/2020/05241
DEFINITION An advanced policy firewall is a type of firewall that provides more granular control over network traffic by allowing administrators to define policies based on specific criteria, such as application, user, or content. It examines the contents of network packets and compares them against predefined policies, allowing only authorized users and applications to access sensitive resources. Palo Alto Networks' Next-Generation Firewall (NGFW) is an example of an advanced policy firewall it uses a combination of signature-based and behavioral-based detection methods to identify threats HOW IT DIFFERS FROM OTHER FIREWALLS An advanced policy firewall differs from other firewalls in that it provides more granular control over network traffic based on specific criteria, such as application, user, and content. This allows administrators to create policies that are tailored to the specific needs of their organization and provide greater security against targeted attacks. Additionally, advanced policy firewalls typically include real-time threat detection, comprehensive protection against a wide range of threats, and scalability to handle large and complex networks. In contrast, traditional firewalls typically provide basic packet filtering and network address translation without the granular control or advanced features of advanced policy firewalls. FEATURES OF ADVANCED POLICY FIREWALL Granular control over network traffic based on a range of criteria, including application, user, content, and context. Real-time identification and blocking of threats, including known and unknown malware, phishing attempts, and other attacks Both Signature-based and behavioral-based detection methods are used to identify threats. Scalable to handle large and complex networks. Management and reporting tools to help administrators monitor and analyze network activity. WHERE CAN IT BE PLACED An advanced policy firewall can be placed in a variety of locations within a network, depending on the organization's specific security needs. Some common locations for advanced policy firewalls include: At the network edge: An advanced policy firewall can be placed at the edge of a network, such as between the internet and an organization's internal network. This can help to prevent unauthorized access and block malicious traffic before it enters the network. Within the internal network: An advanced policy firewall can also be placed within an internal network to protect specific resources or segments. This can be useful for protecting sensitive data or critical systems that require additional security. WHERE CAN IT BE PLACED CONT…. In the cloud: As more organizations move their applications and data to the cloud, advanced policy firewalls can be placed in cloud environments to provide additional security. This can help to protect cloud-based applications and data from attacks and ensure compliance with relevant regulations and standards. GENERALLY: The placement of an advanced policy firewall will depend on the organization's specific security needs and the network architecture. It's important to carefully consider the placement of a firewall and ensure that it is configured correctly to provide the desired level of protection. RECOMMENDED VENDORS The choice of vendor and product will depend on the organization's specific security needs, budget, and network architecture. Here are some recommended vendors 1.Cisco 2.Palo alto networks 3.Fortinet 4.Checkpoint 5.Juniper networks How to configure advanced policy firewall Configuring an advanced policy firewall like the Palo Alto Networks NGFW typically involves the following steps: Define security policies: Involves identifying the applications and services that need to be allowed or blocked, and creating policies that specify which users or groups are allowed to access them. Policies can be based on a range of criteria, including application, user, content, and context. Configure network interfaces: Involves setting up the interfaces that connect the firewall to the network, and configuring IP addresses, subnet masks, and other network settings as needed. Configure security profiles: Advanced policy firewalls typically use security profiles to enforce policies and detect threats. Security profiles can include intrusion prevention, antivirus, web filtering, and other security features. These profiles need to be configured and tuned to match the organization's security needs. How to configure advanced policy firewall cont… Configure logging and reporting: To effectively monitor and analyze network activity, an advanced policy firewall needs to be configured to log events and generate reports. This involves setting up logging and reporting settings, and configuring alerts and notifications as needed. Test and verify: Once the advanced policy firewall has been configured, it's important to test and verify that it is working as expected. This involves testing policies, security profiles, logging and reporting, and other features to ensure that they are providing the desired level of protection and are not causing any disruptions to legitimate network traffic. Note: It's worth noting that configuring an advanced policy firewall can be a complex and time-consuming process, and may require specialized knowledge or support. IMPORTANCE OF ADVANCED FIREWALLS Granular control: Advanced policy firewalls provide granular control over network traffic based on specific criteria, such as application, user, and content. This allows administrators to create policies that are tailored to the specific needs of their organization and provide greater security against targeted attacks. VPN Support: Advanced policy firewalls often include VPN capabilities, enabling secure remote access to the network. This is crucial for organizations with remote workers or branches, providing secure communication and protecting sensitive data. IMPORTANCE OF ADVANCED FIREWALLS Enhanced Security: Advanced policy firewalls provide advanced threat detection and prevention capabilities, such as deep packet inspection, intrusion prevention, and application-level control. They help protect the network from various cyber threats, including malware, unauthorized access attempts, and data breaches. Scalability: Advanced policy firewalls are designed to be scalable, allowing them to handle large and complex networks. This makes them suitable for use in a wide range of organizations, from small businesses to large enterprises. Compliance: Advanced policy firewalls can help organizations meet industry-specific security requirements and comply with relevant regulations and standards. LIMITATIONS OF ADVANCED FIREWALLS Encrypted Traffic: Advanced policy firewalls face challenges in inspecting encrypted traffic, such as HTTPS. As encryption prevents visibility into the content, it becomes difficult to identify potential threats hidden within encrypted communications. False Positives and Negatives: Intrusion prevention systems and deep packet inspection techniques used in NGFWs may occasionally generate false positives, flagging legitimate traffic as malicious. On the other hand, false negatives may occur, allowing potentially harmful traffic to pass undetected. LIMITATIONS OF ADVANCED FIREWALLS Performance Impact: The advanced inspection and analysis performed by NGFWs can impose a performance impact on network throughput. The computational overhead required for deep packet inspection and other security features may introduce latency and affect overall network performance. Evolving Threat Landscape: Advanced policy firewalls need to continually update their threat intelligence and security signatures to keep up with the constantly evolving threat landscape. Failure to do so may result in missing emerging threats or new attack vectors. CONCLUSION • A firewall is an appliance (a combination of hardware and software) or an application (software) designed to control the flow of Internet Protocol (IP) traffic to or from a network or electronic equipment. Firewalls are used to examine network traffic and enforce policies based on instructions contained within the Firewall's Ruleset. THANK YOU…