2. F i r e w a l l
What is a Firewall?
1
Firewall Architecture
2
Firewall:Types
3
3. What is a
Firewall?
Firewalls scrutinize inbound traffic based on predefined
security rules and filter traffic coming from unsecured or
suspicious sources to prevent attacks. Traffic is guarded
at a computers entry point called ports, where
information is actually exchanged with external devices.
Consider an example where source address ‘198.21.1.1’
is allowed to reach destination ‘198.21.2.1’ over port
22. Here, port 22 is looked at as a point of data
exchange, and therefore firewall safeguards it against
intruder attacks.
A firewall is defined as a cybersecurity
tool that monitors incoming and
outgoing network traffic and permits or
blocks data packets based on a set of
cybersecurity rules.
4. Firewall
Architecture
• Network Policy: This refers to the set of rules or
guidelines established by an organization to govern
how devices within the network communicate with
each other and with external networks.
• Advanced Authentication: Advanced authentication
mechanisms are used to verify the identity of users or
devices attempting to access the network. This can
involve various methods such as passwords,
biometrics, digital certificates, two-factor
authentication, etc.
Firewall architecture is built upon four
primary components — network policy,
advanced authentication, packet
filtering, and application gateways. Let
us look at each component in detail.
5. Firewall
Architecture
• Packet Filtering: Packet filtering is a fundamental
function of a firewall that involves inspecting
individual data packets as they traverse the network
and making decisions about whether to allow or
block them based on predefined rules
• Application Gateways: Application gateways, also
known as proxy servers or application-level gateways,
operate at the application layer of the OSI model and
provide additional security by inspecting and filtering
traffic based on specific applications or services.
Unlike packet filtering, which operates at the network
layer, application gateways can examine the contents
of application-layer protocols such as HTTP, FTP,
SMTP, etc., allowing for more granular control over
traffic.
6.
7. Types of Firewall
Host-based Firewalls
A host-based firewall is installed on
each network node, which controls
each incoming and outgoing
packet. It is a software application
or suite of applications that come
as a part of the operating system.
Host firewall protects each host
from attacks and unauthorized
access.
Network-based Firewalls
Network firewall functions on the
network level by employing two or
more network interface cards (NICs).
In other words, these firewalls filter all
incoming and outgoing traffic across
the network by using firewall rules.
8. Types of Firewall
Packet filtering firewall
Packet filtering firewalls operate in
line at junction points where
devices such as routers and
switches do their work. These
firewalls don’t route packets but
compare each packet to a set of
established criteria — such as the
allowed IP addresses, packet type,
port number, and other aspects of
the packet protocol headers.
Packets that are flagged as
troublesome are dropped.
Stateful inspection
firewall
State-aware devices examine
each packet and keep track
of whether that packet is
part of an established TCP or
other network sessions. Such
provision offers more
security than packet filtering
or circuit monitoring alone
but takes a greater toll on
network performance.
9. Types of Firewall
Circuit-level gateway
Circuit-level gateways monitor TCP
handshakes and other network
protocol session initiation messages
across the network as they are
established between the local and
remote hosts to determine whether
the session being initiated is
legitimate, whether the remote
system is considered trusted. They
don’t inspect the packets
themselves. However, they provide a
quick way to identify malicious
content.
10. Types of Firewall
Next-generation firewall
(NGFW)
NGFW combines packet inspection
with stateful inspection, including a
variety of deep packet inspection,
along with other network security
systems, such as intrusion
detection/prevention, malware
filtering, and antivirus.
NGFWs integrated with deep
packet inspection (DPI) capabilities
can check data at transmission
control protocol (TCP), internet
protocol (IP), and application layers
(from top to bottom). This gives
application awareness to next-
generation firewalls, such as
context regarding which
application information is being
routed.
11. Types of Firewall
Application-level gateway
Application-level gateway, also known as
a proxy or a proxy firewall, combines
some of the attributes of packet filtering
firewalls with those of circuit-level
gateways. They filter packets according
to the service they are intended for
(specified by the destination port) and
certain other characteristics, such as the
HTTP request string.