An Internet firewall is a network security device, which can be either hardware- or software-based, that monitors all incoming and outgoing traffic and, following a defined set of security rules and policies, accepts, rejects, or drops the specific traffic it encounters.
Accept: permit traffic to flow.
Alternatively, reject: block the traffic but respond with an “unreachable error”
Drop: halt all traffic if there is no response.
A firewall is a device that creates a barrier between protected internal networks and untrusted external networks, such as the Internet…
History and Need for Firewall
Before the introduction of firewalls, network security was provided via Access Control Lists (ACLs) stored on routers. These are rules that decide whether a given IP address should be allowed access to the network or deny it access.
ACLs, on the other hand, are unable to determine the type of packet they are preventing. Furthermore, ACL alone does not have the capability of keeping threats from entering the network. As a result, the Firewall was implemented.
Organizations are no longer able to function without being connected to the Internet. Accessing the Internet, on the other hand, has advantages for the organization; it also allows the outside world to communicate with the organization’s internal network. This poses a threat to the organization’s survival. The use of a Firewall is required to protect the internal network from illegal traffic.
How Does a Firewall Work?
The firewall compares network traffic to the ruleset that has been defined in its table. When a rule is matched, the associated action is applied to the network traffic that has been matched. For example, rules can be created such that any employee from the HR department is prohibited from accessing the data on the code server, while another rule can be defined such that the system administrator is permitted to view the data from both the HR and technical departments. Rules can be defined on the firewall following the organization’s security policies and the requirement of the rules.
Network traffic can be classified as either outgoing or incoming from the standpoint of a server. The firewall keeps a separate set of rules for each of these scenarios. The majority of the outbound traffic, which originates from the server, is allowed to pass through. Nonetheless, enforcing a restriction on outbound traffic is always preferable to increase security and prevent undesired communication from occurring.
Incoming traffic is treated differently from outgoing traffic. The majority of traffic that makes it through the firewall is comprised of one of the three major Transport Layer protocols: TCP, UDP, or ICMP. All of these sorts of addresses have a source address and a destination address associated with them. Additionally, both TCP and UDP have port numbers. Instead of using a port number, ICMP employs a type code to identify the purpose of a particular packet.
Default policy: It is extremely difficult to explicitly cover every potential rule on a firewall in a single configuration. As a result, the firewall must always be configured with a default policy. The default policy consists solely of action (accept, reject or drop).
Assume that there is no rule specified on the firewall regarding SSH connections to the server. As a result, it will adhere to the default policy. As long as the default policy on the firewall is configured to allow, any computer located outside of your office will be able to create an SSH connection with the server. To prevent this from happening, setting the default policy to drop (or reject) is always a good idea.
Firewalls are being developed at this time.
Firewalls can be classified according to when they were built.
One type of firewall is the first generation-packet filtering firewall. Packet filtering firewalls are used to control network access by monitoring both outgoing and incoming packets and either allowing them to pass or stopping them based on the source and destination IP addresses, protocols, and ports. Specifically, it examines traffic at the transport protocol layer (but mainly uses the first 3 layers).
Packet firewalls are designed to treat each packet individually. In addition, they have no way of knowing whether a packet is a part of a previously established stream of traffic. Only it can allow or prohibit packets depending on their unique packet headers.
A packet-filtering firewall contains a filtering table that determines whether a packet will be sent or deleted by the firewall. The packets will be filtered using the filtering table that has been provided. The rules for filtering are as follows:
Types of Firewall
It is not possible to receive any packets from the network 192.168.21.0.
It is prohibited to receive any incoming packets intended for the internal TELNET server (port 23).
Incoming packets destined for the IP address 192.168.21.3 are being rejected by the server.
192.168.21.0 is open for business, and all well-known services are permitted.
Second Generation- Stateful Inspection Firewall: Unlike packet filtering firewalls, stateful firewalls (which execute Stateful Packet Inspection) can determine the connection state of a packet, which makes it more efficient than packet filtering firewalls. It keeps track of the state of network connections traveling across it, such as TCP streams, and reports this information to the network administrator. This means that in addition to established rules, filtering decisions would be dependent on the history of each packet as stored in the state table.
Application Layer Firewall (Third Generation): An application-layer firewall can inspect and filter packets at any OSI layer, all the way up to the application layer. It can block specific content, as well as recognize when certain applications and protocols (such as HTTP and FTP) are being abused and blocked.
In other words, application-layer firewalls are hosts on which proxy servers are installed and maintained. A proxy firewall precludes a direct connection between the two sides of the firewall; instead, each packet must travel through the proxy before it can be transmitted. It can accept or deny traffic depending on established rules.
Keep in mind that application-layer firewalls can also function as Network Address Translators (NATs) (NAT).
To prevent modern security breaches such as advanced malware attacks and application-layer attacks, next-generation firewalls, also known as Next-Generation Firewalls (NGFW), are being deployed more and more frequently. Deep Packet Inspection, Application Inspection, SSL/SSH inspection, and a variety of other features are included in an NGFW to protect the network from today’s sophisticated security threats.
Firewalls are classified into several categories.
In general, firewalls are classified into two types: host-based and network-based.
Host-based Firewalls: A host-based firewall is a type of network firewall that is installed on each network node and regulates each incoming and outgoing packet on the network. It is a software application or a collection of software applications that are included as part of the operating system. Host-based firewalls are required because network firewalls are unable to protect within a trusted network environment. Each host is protected by a host firewall, which keeps out threats and illegal access.
Network-based firewalls: The network firewall performs its job at the network level. In other words, these firewalls are responsible for filtering all incoming and outgoing traffic throughout a network environment. Using firewall rules, it protects the internal network by filtering the traffic entering and leaving the network. A network firewall may consist of two or more network interface cards, depending on the configuration (NICs). A network-based firewall is often comprised of a specialized system that has proprietary software pre-installed on its hard drive.