A firewall is a network security system that monitors incoming and outgoing network traffic and filters out unauthorized access based on a set of rules. It uses access control lists (ACLs) and intrusion detection/prevention systems (IDS/IPS) to monitor traffic and identify potential threats. There are different types of firewalls including packet filtering, application-level gateways, circuit-level gateways, stateful multilayer inspection, and cloud-based firewalls that operate at different layers of the network and provide varying levels of security. Firewalls are a critical component of network security but must be properly configured to balance access needs with threat protection.

1. FIREWALL

2. Introduction
Firewall is device that provides secure
connectivity between networks
A firewall is a hardware or software designed to
permit or deny network transmissions based upon
a set of rules and is frequently used to protect
networks from unauthorized access while
permitting legitimate communication to pass
A firewall monitors the incoming traffic by
applying set of rule i.e Acess control rules

3.  In Firewall we have ACL’s ,
IDS/IPS

4. Intrusion Detection
and Prevention
System (IDS/PDS)
 Intrusion Prevention System:
 Intrusion prevention is the
process of performing intrusion
detection and stopping the
detected incidents
 Intrusion Detection System:
 Intrusion detection is the process
of monitoring the events occurring
in your network and analyzing
them for signs of possible
incidents, violations, or imminent
threats to your security policies.

5. Network IDS(NIDS)
 It monitors traffic to and from all
devices on the network
 NIDS are placed at various places
in network to monitor traffic to and
from all devices on network
 EX :Snort
Host based IDS(HIDS)
 It only monitors traffic to and from
the device on which IDS is
installed
 HIDS are runs of individual hosts
on the network
 EX : OSSEC – Open Source
Host-based Intrusion Detection
System

6. Techniques of
IDS
 The three IDS detection methodologies are
typically used to detect incidents.
 Signature-Based Detection compares
signatures against observed events to identify
possible incidents. This is the simplest detection
method because it compares only the current
unit of activity (such as a packet or a log entry,
to a list of signatures) using string comparison
operations.
 Anomaly-Based Detection compares definitions
of what is considered normal activity with
observed events in order to identify significant
deviations. This detection method can be very
effective at spotting previously unknown threats.
 Stateful Protocol Analysis compares
predetermined profiles of generally accepted
definitions for benign protocol activity for each
protocol state against observed events in order
to identify deviations.

7. Access Control Lists(ACL)
ACL’s are rule or commands that are used to filter traffic entering or
leaving a network . There are two types of ACL’s depending upon the
direction in which the traffic is to be filtered i.e entering or leaving
Outbound ACL: Outbound ACL’s filter traffic that exiting an interface in
the network
Inbound ACL: Inbound ACL’s filter traffic that is entering an interface in
the network

8. Hardware firewall
 It was expensive
 It was complex when
compare to the software
 Difficult to upgrade
 Difficult to Configure
 Suitable for larger
organizations
Software Firewall
 It was cheaper than
hardware
 It wasn’t complex
 Easy to upgrade
 Can be easily installed or
configure
 Ideal for individual users

9. Types of Firewall
Packet Filter
firewall
Stateful multilayer
inspection firewall
Circuit level
gateway firewall
Application level
gateway firewall
Cloud based
Firewall

10. 1.Packet
Filtering
Firewall
 A packet filtering firewall applies a set of
rules to each incoming and outgoing IP
packet and the forwards or discards the
packet
 Filtering rules are based on information
contained in a network packet
 Source IP address
 Destination IP address
 Source and destination transport level
address
 IP protocol field
 Interface

11.  It looks at each packet entering or
leaving the network accepts or
rejects it based on user-defined
rules
Ex: HTTP

12. Advantages
 Cost
 Low resource usage
 Best suited for smaller
network
Disadvantages
 Can work only on the
network layer
 Do not support complex
rule based support
 Vulnerable to spoofing

13. 2.Application
Level Gateway
Firewall
 An application level gateway , also
called an application proxy , acts as a
rely of application level traffic .
 User request service from proxy.
 Proxy validates requests as legal.
 Then actions request and returns result
to user.
 Can log/audit traffic at application level
EX: FTP , SMTP , HTTP.

15.  Advantages:
 More secure than packet filter firewalls
 Easy to log and audit incoming traffic
 Disadvantages:
 Additional processing overhead on each
connection

16. 3.Circuit
Level
Gateway
Firewall
It does not permit an end-to-end TCP
connection ; rather , the gateway sets two
TCP connections
A typical use of circuit level gateway is a
situation in which the system
administrator trusts the internal users
The gateway can be configured to support
application level or proxy service on
inbound connections and circuit level
functions for outbound connections

18.  Advantages:
 Comparatively inexpensive and provide
Anonymity to the private network
 Disadvantages:
 Do not filter individual packets

19. 4.Stateful
Multilayer
Inspection
Firewall
 A stateful inspection packet firewall
tightens up the rules for TCP traffic by
creating a directory of outbound TCP
connections
 There is an entry for each currently
established connection
 It also stores the mac addresses

20.  Advantages:
 Can work on a transparent mode
allowing direct connections between the
client and the server
 Can also implement algorithms and
complex security models which are
protocol specific , making the
connections and data transfer more
secure
 Disadvantages:
 They require more memory to track
active connections
 Cache table overflow : As more and
more connections are activated , the
cache table grows.

21. 5.Cloud-Based
Firewall
 Cloud Firewalls are software-based ,
cloud deployed network devices, built to
stop or mitigate unwanted access to
private networks. As a new technology
they are designed for modern business
needs.
 Cloud Firewall Types
There are two types of cloud firewalls.
 SaaS Firewalls
 Next Generation Firewalls

22. i. Next-Gen
Firewall
 Next Generation Firewalls are cloud-based
services intended to deploy within a virtual data
center. They protect an organization’s own
servers in a platform-as-a-service (PaaS) or
infrastructure-as-a-service (IaaS) model. The
firewall application exists on a virtual server and
secures incoming and outgoing traffic between
cloud-based applications.
 Vendors: Barracuda, Check Point Software,
Cisco, Sophos, Juniper Networks, Palo Alto
Networks

23. ii. Saas Firewalls
 SaaS Firewalls are designed to secure an
organization’s network and its users – not unlike
a traditional on-premises hardware or software
firewall. The only difference is that it’s deployed
off-site from the cloud. This type of firewall can
be called:
 Software-as-a-service firewall (SaaS firewall)
 Security-as-a-service (SECaaS)
 Firewall-as-a-service (FWaaS)

25. Thank you