2. What is a Firewall
Firewall is a crucial component of network
security that acts as a barrier between internal
networks and the external world, enforcing
access control policies and protecting against
unauthorized access and malicious activities. It
monitors and filters incoming and outgoing
network traffic based on predetermined rules,
allowing legitimate traffic to pass through while
blocking or inspecting potentially harmful or
suspicious traffic.
3. Types of Firewall
There are several types of firewalls, each with
its own approach to securing network traffic.
Let's explore some of the commonly used
types:
4. Packet Filtering
Firewall:
This type of firewall operates at the network
layer (Layer 3) of the OSI model. It examines
individual packets of data based on
predetermined filtering rules, such as source
and destination IP addresses, ports, and
protocols. Packet filtering firewalls are efficient
and offer basic protection but lack advanced
inspection capabilities. An example of a packet
filtering firewall is iptables, which is commonly
used in Linux environments.
6. Stateful Inspection
Firewall:
Stateful inspection firewalls work at the network and
transport layers (Layers 3 and 4) of the OSI model. They
keep track of the state of network connections by
maintaining a table of active connections. This allows them
to make more intelligent decisions by considering the
context of the traffic, such as TCP handshake, sequence
numbers, and session information. Stateful inspection
firewalls provide better security than packet filtering
firewalls. Examples include Cisco ASA (Adaptive Security
Appliance) and Palo Alto Networks Next-Generation
Firewalls.
8. Application-Level
Firewall:
Also known as proxy firewalls, these operate at
the application layer (Layer 7) of the OSI model.
They act as intermediaries between clients and
servers, inspecting application-layer protocols,
such as HTTP, FTP, or SMTP. By
understanding the application protocols, these
firewalls can perform more advanced analysis
and provide granular control over application-
specific traffic. An example of an application-
level firewall is the Squid proxy server.
10. Next-Generation
Firewall (NGFW):
NGFWs combine traditional firewall functionalities
with additional security features, such as intrusion
prevention systems (IPS), application awareness,
deep packet inspection (DPI), and advanced threat
protection. NGFWs offer more advanced security
capabilities to combat evolving threats and provide
better visibility into application-level traffic.
Examples of NGFW vendors include Fortinet,
Check Point, and Juniper Networks.
12. Unified Threat Management
(UTM) Firewall:
UTM firewalls integrate multiple security
features into a single device, including
firewalling, intrusion detection/prevention,
antivirus, content filtering, virtual private network
(VPN) support, and more. UTM firewalls are
designed for small to medium-sized businesses
that require comprehensive security in a cost-
effective and easy-to-manage solution.
Examples of UTM firewall vendors include
Sophos, WatchGuard, and SonicWall.