Firewalls are network security devices that control incoming and outgoing network traffic based on a set of security rules. There are three main types of firewalls: packet filtering firewalls, which filter network traffic at the packet level; application-level firewalls, which filter traffic at the application layer; and circuit-level firewalls, which monitor traffic connections and sessions. Firewalls provide security benefits but also have limitations, such as not preventing unauthorized internal access or protecting against social engineering attacks.

1. Information Security
Firewalls

2. Firewall
• Firewall is a network device that isolates organization’s internal
network from larger outside network/Internet. It can be a hardware,
software, or combined system that prevents unauthorized access to
or from internal network.
• All data packets entering or leaving the internal network pass through
the firewall, which examines each packet and blocks those that do not
meet the specified security criteria.

3. Firewall
• Deploying firewall at network boundary is like aggregating the security at a
single point. It is analogous to locking an apartment at the entrance and
not necessarily at each door.
• Firewall is considered as an essential element to achieve network security
for the following reasons −
• Internal network and hosts are unlikely to be properly secured.
• Internet is a dangerous place with criminals, users from competing
companies, disgruntled ex-employees, spies from unfriendly countries,
vandals, etc.
• To prevent an attacker from launching denial of service attacks on network
resource.
• To prevent illegal modification/access to internal data by an outsider
attacker.

4. Firewall
• Firewall is categorized into three basic types −
• Packet filter (Stateless & Stateful)
• Application-level gateway
• Circuit-level gateway
• These three categories, however, are not mutually exclusive. Modern
firewalls have a mix of abilities that may place them in more than one
of the three categories.

6. Stateless & Stateful Packet Filtering Firewall
• In this type of firewall deployment, the internal network is connected to the
external network/Internet via a router firewall. The firewall inspects and filters
data packet-by-packet.
• Packet-filtering firewalls allow or block the packets mostly based on criteria such
as source and/or destination IP addresses, protocol, source and/or destination
port numbers, and various other parameters within the IP header.
• The decision can be based on factors other than IP header fields such as ICMP
message type, TCP SYN and ACK bits, etc.
• Packet filter rule has two parts −
• Selection criteria − It is a used as a condition and pattern matching for decision
making.
• Action field − This part specifies action to be taken if an IP packet meets the
selection criteria. The action could be either block (deny) or permit (allow) the
packet across the firewall.

7. • Packet filtering is generally accomplished by configuring Access
Control Lists (ACL) on routers or switches. ACL is a table of packet
filter rules.
• As traffic enters or exits an interface, firewall applies ACLs from top to
bottom to each incoming packet, finds matching criteria and either
permits or denies the individual packets.

9. Stateless firewall
• Stateless firewall is a kind of a rigid tool. It looks at packet and allows it if its
meets the criteria even if it is not part of any established ongoing communication.
• Hence, such firewalls are replaced by stateful firewalls in modern networks. This
type of firewalls offer a more in-depth inspection method over the only ACL
based packet inspection methods of stateless firewalls.
• Stateful firewall monitors the connection setup and teardown process to keep a
check on connections at the TCP/IP level. This allows them to keep track of
connections state and determine which hosts have open, authorized connections
at any given point in time.
• They reference the rule base only when a new connection is requested. Packets
belonging to existing connections are compared to the firewall's state table of
open connections, and decision to allow or block is taken. This process saves time
and provides added security as well. No packet is allowed to trespass the firewall
unless it belongs to already established connection. It can timeout inactive
connections at firewall after which it no longer admit packets for that connection.

10. Design goals
• PROTOCOL SECURITY. By this we mean liveness and safety guarantees,
namely, that the protocols achieve their goals and that every participant
gets its information, and is secure in the sense that the other parties which
are considered adversaries do not compromise or spoil the system. This
aspect is the main focus of this paper.
INTERNAL SECURITY. The security of the internal operation system of the
issuer of electronic currency, its capability to withstand insider attacks and
abuses. The internal network architecture, operation policies, employment
of tamper-proof hardware as well as dual control measures and access-
control and physical access limitations should be reviewed. The internal
security architecture has to be combined with issues such as availability,
reliability, load balancing and back-up requirements.

11. Design goals
• NETWORK SECURITY. The security of the network (e.g., Internet) of users
and the issuer, to prevent attacks not via the protocol but rather through
``break-ins;'' these attacks exploit the lack of proper protection into the
system and software holes. Careful design of the interface to the external
network (firewall protection) is required. Both the internal and the network
systems have to be evaluated under ``Global Security Testing,'' which
includes penetration attempts and security assessment of design and
implementation.
• USER SECURITY. Security of the user's assets. The user must obviously
protect his electronic currency, and the software and procedures supplied
to the user have to provide for protection at a proper level (e.g., beyond
password-only protection), but at the same time be user-friendly.

12. Security Controls
• Types of information security controls, intended to strengthen
cybersecurity, include:
• Security policies
• Procedures
• Plans
• Devices
• Software

13. Security Controls
• They fall into three categories:
• Preventive controls, designed to prevent cybersecurity incidents
• Detective controls that detect a cybersecurity breach attempt
(“event”) or successful breach (“incident”) while it is in progress, and
alert cybersecurity personnel
• Corrective controls, used after a cybersecurity incident to minimize
data loss and damage to information systems and restore systems as
quickly as possible.

14. Security Controls
• Security controls come in the form of:
• Access controls, including restrictions on physical access such as security
guards at building entrances, locks, and perimeter fences, and on virtual
access, such as privileged access authorization
• Procedural controls such as security awareness education, security
framework compliance training, and incident response plans and
procedures
• Technical controls such as multi-factor user authentication at login (login),
antivirus software, and firewalls
• Compliance controls such as privacy laws and cybersecurity frameworks
and standards designed to minimize security risks. These typically require
an information security risk assessment, and impose information security
requirements, with penalties for non-compliance.

15. Security Controls
• The most widely used information security frameworks and standards
include:
• The National Institute of Standards and Technology (NIST) Special
Publication 800-53, Security and Privacy Controls for Federal
Information Systems and Organizations
• The International Organization for Standardization (ISO) standard ISO
27001, Information Security Management
• The Payment Card Industry Data Security Standard (PCI DSS)
• The Health Insurance Portability and Accountability Act (HIPAA)

16. Packet filtering Router
• Packet filtering is a firewall technique used to control network access
by monitoring outgoing and incoming packets and allowing them to
pass or halt based on the source and destination Internet Protocol
(IP) addresses, protocols and ports.
• Network layer firewalls define packet filtering rule sets, which provide
highly efficient security mechanisms.
• Packet filtering is also known as static filtering.

17. Packet filtering Router
• During network communication, a node transmits a packet that is filtered and
matched with predefined rules and policies. Once matched, a packet is either
accepted or denied.
• Packet filtering checks source and destination IP addresses. If both IP addresses
match, the packet is considered secure and verified. Because the sender may use
different applications and programs, packet filtering also checks source and
destination protocols, such as User Datagram Protocol (UDP) and Transmission
Control Protocol (TCP). Packet filters also verify source and destination port
addresses.
• Some packet filters are not intelligent and unable to memorize used packets.
However, other packet filters can memorize previously used packet items, such as
source and destination IP addresses.
• Packet filtering is usually an effective defense against attacks from computers outside
a local area network (LAN). As most routing devices have integrated filtering
capabilities, packet filtering is considered a standard and cost-effective means of
security.

18. Firewall Limitations
• A firewall is a crucial component of securing your network and is designed to
address the issues of data integrity or traffic authentication (via stateful packet
inspection) and confidentiality of your internal network (via NAT). Your network
gains these benefits from a firewall by receiving all transmitted traffic through the
firewall. Your network gains these benefits from a firewall by receiving all
transmitted traffic through the firewall. The importance of including a firewall in
your security strategy is apparent; however, firewalls do have the following
limitations:
• A firewall cannot prevent users or attackers with modems from dialing in to or
out of the internal network, thus bypassing the firewall and its protection
completely.
• Firewalls cannot enforce your password policy or prevent misuse of passwords.
Your password policy is crucial in this area because it outlines acceptable conduct
and sets the ramifications of noncompliance.

19. Firewall Limitations
• Firewalls are ineffective against nontechnical security risks such as
social engineering.
• Firewalls cannot stop internal users from accessing websites with
malicious code, making user education critical.
• Firewalls cannot protect you from poor decisions.
• Firewalls cannot protect you when your security policy is too lax.

20. Application gateways
• An application gateway or application level gateway (ALG) is a firewall
proxy which provides network security. It filters incoming node traffic
to certain specifications which mean that only transmitted network
application data is filtered. Such network applications include File
Transfer Protocol (FTP), Telnet, Real Time Streaming Protocol (RTSP)
and BitTorrent.

21. Application gateways
• Application gateways provide high-level secure network system
communication. For example, when a client requests access to server
resources such as files, Web pages and databases, the client first
connects with the proxy server, which then establishes a connection
with the main server.
• The application gateway resides on the client and server firewall. The
proxy server hides Internet Protocol (IP) addresses and other secure
information on the client’s behalf. A computer’s internal system may
communicate with an external computer using firewall protection.
The application gateway and external computer function without
client information or knowledge of the proxy server IP address.

22. circuit-level gateway
• A circuit-level gateway is a firewall that provides User Datagram
Protocol (UDP) and Transmission Control Protocol (TCP) connection
security, and works between an Open Systems Interconnection (OSI)
network model’s transport and application layers such as the session
layer. Unlike application gateways, circuit-level gateways monitor TCP
data packet handshaking and session fulfillment of firewall rules and
policies.

23. circuit-level gateway
• A proxy server is a security barrier between internal and external
computers, while a circuit-level gateway is a virtual circuit between
the proxy server and internal client.
For example, when a user Web page access request passes through
the circuit gateway, basic internal user information, such as IP
address, is exchanged for proper feedback. Then, the proxy server
forwards the request to the Web server. Upon receiving the request,
the external server sees the proxy server’s IP address but does not
receive any internal user information. The Web or real server sends
the proxy server a proper response, which is forwarded to the client
or end user via the circuit-level gateway.