Firewall

By: Siddhant Singhal

Table of Content
• Firewall and its types
• Modern firewall
• Signature vs Anomaly based firewalls
• Stateful vs Stateless firewall
Firewall
• A firewall is network security device, either hardware or software-based,
which monitors all incoming and outgoing traffic and based on a defined set
of security rules it accepts, rejects or drops that specific traffic.
– Accept: allow the traffic.
– Reject: block the traffic with reply of unreachable error.
– Drop: block the traffic with no reply.

• A firewall establishes a barrier between secured internal networks and outside

untrusted network, such as the internet.
Types of Firewall
1. Packet Filtering Firewall: Packet filtering firewall is used to control network
access by monitoring outgoing and incoming packets and allowing them to
pass or stop based on source and destination IP address, protocols, and ports.
It analyses traffic at the transport layer. Packet firewalls treat each packet in
isolation.
2. Stateful Inspection Firewall: Stateful firewalls can determine the connection
state of packet, unlike Packet filtering firewall, which makes it more
efficient. It keeps track of the state of networks connection travelling across
it, such as TCP streams. So, the filtering decisions would not only be based
on defined rules, but also on packet’s history in the state table.
3. Application Layer Firewall : Application layer firewall can inspect and filter
the packets on any OSI layer, up to the application layer. It can block specific
content, also recognize when certain application and protocols (like HTTP,
FTP) are being misused. In other words, Application layer firewalls are hosts
that run proxy servers. A proxy firewall prevents the direct connection
between either side of the firewall, each packet must pass through the proxy.
4. Next Generation Firewalls : Next Generation Firewalls are being deployed
these days to stop modern security breaches like advance malware attacks
and application-layer attacks. NGFW consists of Deep Packet Inspection,
Application Inspection, SSL/SSH inspection and many functionalities to
protect the network from these modern threats.
Advantage of firewall
1. Protection from unauthorized access
2. Prevention of malware and other threats
3. Control of network access
4. Monitoring of network activity
5. Network segmentation
Disadvantage of firewall
1. Complexity
2. Limited Visibility
3. False Positive
4. Limited adaptability
5. Cost
Applications of firewall
1. Corporate networks
2. Government organizations
3. Small enterprises
4. Home Networks
Modern Firewall
• A modern firewall is a network security device that goes beyond the basic
capabilities of a traditional firewall. It provides a comprehensive set of
security features to protect organizations from a wide range of cyber threats,
including malware, intrusion attempts, and data breaches.
• Modern firewalls are also designed to be scalable and easy to manage. This
makes them ideal for organizations of all sizes, from small businesses to large
enterprises.
Types of Modern Firewall
1. Intrusion Detection System : An intrusion detection system (IDS) is a
security device or software application that monitors a network or systems
for malicious activity or policy violations. Any intrusion activity or violation
is typically reported either to an administrator or collected centrally using a
security information and event management system.
2. Intrusion Prevention System : An intrusion prevention system (IPS) is like an
IDS, but it can also take action to block detected intrusions. This can include
dropping packets, resetting connections, or blocking specific IP addresses.
they also have additional features that allow them to take action to block
intrusions. For example, an IPS may have a feature that allows it to drop
packets that match a known attack signature.
Advantages of IDS & IPS
• Improved security: IDS/IPS systems can help to improve security by detecting
and blocking malicious activity.
• Reduced risk: IDS/IPS systems can help to reduce the risk of data breaches,
malware infections, and other security incidents.
• Increased compliance: IDS/IPS systems can help organizations to comply
with industry regulations and standards.
• Improved visibility: IDS/IPS systems can provide organizations with
improved visibility into network traffic and system activity.
Signature vs Anomaly based firewall
Aspect Signature-Based Firewall Anomaly-Based Firewall
Relies on predefined patterns or Establishes a baseline of "normal"
Detection Method signatures to identify known network behavior and flags
threats. deviations.
Effective at detecting known threats Potential to detect new, previously
Coverage with matching signatures. May not unknown threats but may generate
detect new, zero-day threats. false positives.
Requires more computational
Consumes fewer system resources;
Resource Usage resources due to continuous
faster and more efficient.
monitoring.
Relatively easy to configure and Requires more fine-tuning and
Customization
manage with predefined signatures. customization for specific networks.
Useful for identifying unknown or
Suitable for protecting against
Use Cases uncommon threats and unusual
known threats (e.g., malware).
behavior.
Stateful vs Stateless firewall
Aspect Stateful Firewall Stateless Firewall
Yes, maintains a state table to track No, treats each packet in isolation
Connection Awareness
active connections. without connection context.

Inspects packets in the context of Inspects packets based solely on

Packet Inspection
established connections. static criteria (IP, port).
Provides less granular access
Offers granular access control based
Granular Control control without connection state
on connection states.
awareness.
May be less secure for certain
Typically, more secure due to
Security attacks that exploit connection
awareness of connection states.
states.
Requires more resources to Requires fewer resources, simpler
Resource Requirements
maintain state tables. operation.
Suited for complex network
Suitable for basic packet filtering
Use Cases environments, security-sensitive
tasks, simplicity, and efficiency.
applications.
Thankyou