Table of Content • Firewall and its types • Modern firewall • Signature vs Anomaly based firewalls • Stateful vs Stateless firewall Firewall • A firewall is network security device, either hardware or software-based, which monitors all incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects or drops that specific traffic. – Accept: allow the traffic. – Reject: block the traffic with reply of unreachable error. – Drop: block the traffic with no reply.
• A firewall establishes a barrier between secured internal networks and outside
untrusted network, such as the internet. Types of Firewall 1. Packet Filtering Firewall: Packet filtering firewall is used to control network access by monitoring outgoing and incoming packets and allowing them to pass or stop based on source and destination IP address, protocols, and ports. It analyses traffic at the transport layer. Packet firewalls treat each packet in isolation. 2. Stateful Inspection Firewall: Stateful firewalls can determine the connection state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track of the state of networks connection travelling across it, such as TCP streams. So, the filtering decisions would not only be based on defined rules, but also on packet’s history in the state table. 3. Application Layer Firewall : Application layer firewall can inspect and filter the packets on any OSI layer, up to the application layer. It can block specific content, also recognize when certain application and protocols (like HTTP, FTP) are being misused. In other words, Application layer firewalls are hosts that run proxy servers. A proxy firewall prevents the direct connection between either side of the firewall, each packet must pass through the proxy. 4. Next Generation Firewalls : Next Generation Firewalls are being deployed these days to stop modern security breaches like advance malware attacks and application-layer attacks. NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH inspection and many functionalities to protect the network from these modern threats. Advantage of firewall 1. Protection from unauthorized access 2. Prevention of malware and other threats 3. Control of network access 4. Monitoring of network activity 5. Network segmentation Disadvantage of firewall 1. Complexity 2. Limited Visibility 3. False Positive 4. Limited adaptability 5. Cost Applications of firewall 1. Corporate networks 2. Government organizations 3. Small enterprises 4. Home Networks Modern Firewall • A modern firewall is a network security device that goes beyond the basic capabilities of a traditional firewall. It provides a comprehensive set of security features to protect organizations from a wide range of cyber threats, including malware, intrusion attempts, and data breaches. • Modern firewalls are also designed to be scalable and easy to manage. This makes them ideal for organizations of all sizes, from small businesses to large enterprises. Types of Modern Firewall 1. Intrusion Detection System : An intrusion detection system (IDS) is a security device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system. 2. Intrusion Prevention System : An intrusion prevention system (IPS) is like an IDS, but it can also take action to block detected intrusions. This can include dropping packets, resetting connections, or blocking specific IP addresses. they also have additional features that allow them to take action to block intrusions. For example, an IPS may have a feature that allows it to drop packets that match a known attack signature. Advantages of IDS & IPS • Improved security: IDS/IPS systems can help to improve security by detecting and blocking malicious activity. • Reduced risk: IDS/IPS systems can help to reduce the risk of data breaches, malware infections, and other security incidents. • Increased compliance: IDS/IPS systems can help organizations to comply with industry regulations and standards. • Improved visibility: IDS/IPS systems can provide organizations with improved visibility into network traffic and system activity. Signature vs Anomaly based firewall Aspect Signature-Based Firewall Anomaly-Based Firewall Relies on predefined patterns or Establishes a baseline of "normal" Detection Method signatures to identify known network behavior and flags threats. deviations. Effective at detecting known threats Potential to detect new, previously Coverage with matching signatures. May not unknown threats but may generate detect new, zero-day threats. false positives. Requires more computational Consumes fewer system resources; Resource Usage resources due to continuous faster and more efficient. monitoring. Relatively easy to configure and Requires more fine-tuning and Customization manage with predefined signatures. customization for specific networks. Useful for identifying unknown or Suitable for protecting against Use Cases uncommon threats and unusual known threats (e.g., malware). behavior. Stateful vs Stateless firewall Aspect Stateful Firewall Stateless Firewall Yes, maintains a state table to track No, treats each packet in isolation Connection Awareness active connections. without connection context.
Inspects packets in the context of Inspects packets based solely on
Packet Inspection established connections. static criteria (IP, port). Provides less granular access Offers granular access control based Granular Control control without connection state on connection states. awareness. May be less secure for certain Typically, more secure due to Security attacks that exploit connection awareness of connection states. states. Requires more resources to Requires fewer resources, simpler Resource Requirements maintain state tables. operation. Suited for complex network Suitable for basic packet filtering Use Cases environments, security-sensitive tasks, simplicity, and efficiency. applications. Thankyou