What Is a Firewall?

Written by gigmocha in Firewall,Uncategorized

What Is a Firewall?

A firewall is a barrier that prevents unauthorized network traffic from entering or leaving an organization’s private network. The firewall can be a software application running on a computer, a hardware device installed in the entrance of the building or room, or both. It monitors incoming and outgoing network data packets to check for matches against the list of allowed packets. If there is no match, then it does one of three things: allow the packet to pass through; drop (ignore) the packet; or send back an error message alerting you to potential security risks.

How does a firewall work?

Security is always a concern, as more and more devices connect to the Internet. Whether it’s your phone or laptop or new smart refrigerator. You want to prevent hackers from accessing these devices remotely and stealing data on them, but you also don’t want to cut off access completely by blocking everything that isn’t part of your home network. A firewall can be a piece of software, hardware or both.

The firewall is one of several security measures that can be used to protect your network and information. Once a connection is established between two computers on the network, data packets are transmitted back and forth. Firewall systems can be configured to allow data to pass through only if certain conditions are met (see Figure). For example, packets containing specific source or destination addresses may be allowed passage while others are discarded. Packets that do not match the rules of allowed packets are discarded.

Types of firewalls

There are many different types of firewalls. Some analyze the structure and content of each incoming message, while others inspect only parts that could be dangerous (such as messages with virus-like characteristics).

Types of firewalls include:

Next-generation firewall (NGFW)

A next generation firewall or NGFW provides all the services of a traditional stateful inspection based firewall, but it also includes some form of application layer intelligence. This allows an NGFW to identify applications running on your network by inspecting the entire packet payload without requiring any changes to the applications.

  • Deep packet inspection (DPI)

DPI in NGFW  is a method of packet inspection that goes beyond port and IP address blocking, which was used in earlier firewalls. DPI looks at the data inside network traffic to identify applications, users and malware without using signatures. This allows it to detect unknown threats from legitimate content or transactions from known-good sources such as your email provider.

  • Application awareness

This feature in NGFW is also known as deep application inspection. It helps detect and prevent attacks that use the same protocols commonly used by legitimate applications, such as user authentication or email protocols like SMTP and POP.

  • Sand Boxing

A next generation firewall with sandbox provides all the services of a traditional stateful inspection based firewall, but it also includes some form of application layer intelligence. This allows an NGFW to identify applications running on your network by inspecting the entire packet payload without requiring any changes to the applications. It can run threats in virtualized containers for further analysis and detonation if deemed necessary.

  • Identity awareness

It is also known as user session awareness, identity based security or contextual access control. It allows organizations to implement policies that are more granular than just source/destination IP address and port pairs, the traditional approach used by firewalls. For example, you can allow your employees working from home to access

Stateful multilayer inspection (SMLI) firewall

It inspects the complete contents of packets and allows only desired traffic to pass. An SMLI examines packet data at every level in the OSI model, including header information such as source address and port number; payload content such as file names or commands; and message context that includes connection state, user authentication status and resource availability.

Proxy firewalls

A proxy server, or application-level gateway (ALG), sits between the client and the Internet. A proxy server has access to all traffic that flows over it; this allows you to monitor what users do on the Internet for example by allowing only certain websites through. If a user tries to visit an unauthorized website, the proxy filters the traffic and blocks access.

Transparent firewall  (TF)

A transparent firewall uses a pre-configured list of allowed services to filter all traffic on an interface. It doesn’t provide any configuration options for users, because it works with all protocols by inspecting only headers information at Layer Three or four of the OSI model. A transparent firewall is invisible to users, but can still be used with authentication mechanisms for access control

Virtual firewall

A virtual firewall (VF) is a software or hardware-based firewall that runs within an operating system. VFs are used to monitor and control network traffic between two host computers, such as in a server cluster environment.

Network address translation (NAT) firewalls

A network address translation (NAT) firewall is often used in conjunction with a proxy server. It allows multiple users within an organization to access the Internet through one IP address, and it makes it harder for hackers outside of the organization’s network to gain unauthorized access.

Threat-focused NGFW

A threat-focused NGFW inspects traffic for malware and other threats as it passes through the network. These firewalls look beyond packet headers to prevent emerging security vulnerabilities from compromising your organization’s network, users and data.

Firewall-as-a-service (FWaaS)

Firewall-as-a-service (FWaaS) is a subscription service that manages your firewall infrastructure for you. It provides the ability to monitor and manage distributed firewalls, including virtualized networks running on cloud computing environments.

Why Do We Need Firewalls?

They protect our computer from harmful activities. Firewalls are one layer of defense in a multi-level security strategy. It is one of several technologies that can be used to protect your network and information from external threats. It can block data packets, which are the pieces of digital information sent back and forth between computers on a network, based upon their origin or type. It acts as an additional layer of security that can protect your home or work computer from unwanted access, hacking attempts, viruses etc.

They are used to protect the computer from external attacks. They block any unauthorized traffic that attempts to enter through a network connection. A firewall can be configured either to allow access only from authorized locations, using “whitelists” of acceptable source IP addresses, or by blocking all connections except those which are explicitly allowed.

What is Next generation intrusion prevention systems  (NGIPS).

Next-generation intrusion prevention systems (NGIPS) are designed to detect and prevent intrusions by using application behavior analysis (BAA) that inspects each connection with the intent of establishing whether it is legitimate or an attack.

This approach has several advantages over traditional signature-based solutions that focus on known attack patterns. NGIPS stops attacks using application data rather than relying solely on network traffic, which enables it to detect new and unknown threats.

What is a Network-based intrusion detection/prevention system (NIDS/NIPS).

A network-based intrusion detection or prevention system (NIDS or NIPS), inspects incoming data packets to ensure that they conform to acceptable formats for their protocols before passing them on to the receiving host. A NIDS can be more effective than a firewall at identifying and stopping certain types of attacks because it monitors data packets as they are transmitted, not just after they have been received by the host computer.

NIDS Vs. HIPS

A NIDS can inspect packets at the network layer (Layer-Three) or application layer (Layer-Seven). While a firewall typically looks only for known signatures, patterns of data that indicate an attack, a NIDS is more flexible and can be programmed to watch for suspicious activity.

Though there are several types of intrusion detection systems available on the market, they are typically categorized as either network IDSs or host-based IDSs. The benefit of application layer filtering is that it can block attacks before they reach the host.  The drawback is that it can’t stop attacks with encrypted data, because the NIDS cannot read through the encryption.

Network Intrusion Detection System (NIDS)

A network intrusion detection system stands between the firewall and router on a company’s internal network to monitor all incoming traffic for suspicious activity such as buffer overflows, port scans and other telltale signs of an attack.

Host-based Intrusion Prevention System (HIPS)

A host-based intrusion prevention system is installed on a specific computer and monitors all inbound traffic to that machine for suspicious activity such as buffer overflows, port scans and other telltale signs of an attack. In some cases, the HIPS can be programmed to allow certain traffic through while blocking others, such as anonymous ftp requests or port scans.

Network Intrusion Detection System (NIDS) vs Host-based Intrusion Prevention System (HIPS)

The algorithm used by the NIDS and HIPS is similar, looking for suspicious network activity that may indicate an attack. The difference is how the systems are deployed, A NIDS sits between an organization’s gateway and its internal network, monitoring all traffic that goes in or out of the company for suspicious activity. A HIPS is usually located on individual servers within a network to monitor only those machines for potential attacks.

Are firewalls still needed today?

Yes, firewalls are still needed because they help to protect your computer from external attacks. They block any unauthorized traffic that attempts to enter through a network connection. Firewalls can be configured either to allow access only from authorized locations or by blocking all connections except those which are explicitly  allowed.

Which firewall is best?

The firewall you choose should be the one that balances your business’ needs with its budget. You also need to consider how much time and effort it takes for employees to manage the protection features, so choosing a vendor whose products are simple enough to use is important. There are many vendors who sell firewalls, but it is essential to understand your needs before you begin looking.

Vulnerabilities of Firewalls

Firewalls can be vulnerable if not configured properly, or if they are compromised by an attacker. A firewall is only as good as the person who sets it up; all firewalls have configuration options, which may introduce new vulnerabilities through misconfiguration. Some examples of modern threats or attacks that a firewall may be vulnerable to are:

  • Spoofing attacks from internal or external hosts, such as IP address spoofing and Man in the middle attack (MITM).
  • Tunneled traffic bypassing firewall rules. For example, an attacker can use a backdoor Trojan to tunnel harmful data into a computer through existing authorized connections created by peer-to-peer software.
  • Depending on the firewall and how it is configured, other attacks can include:
  • Unauthorized access to data by internal or external attackers.
  • Web-based exploitation such as Cross Site Scripting (XSS), SQL injection etc..
  • Buffer overflows, denial of service (DoS) and man in the middle attack
  • Malware, spyware and viruses can easily bypass a firewall if it is not configured correctly.

Firewalls are designed to block unwanted external connections from entering your network, however they may also prevent employees from accessing legitimate websites such as Facebook or Snapchat which could cause productivity issues within an organization.

Pros and Cons of Firewalls

Pros

  • Firewalls protect computer networks from unauthorized access, including hackers and malware.
  • Blocks viruses which are transferred via removable media such as USB drives or CDs/DVDs.
  • Can block outbound traffic that may be sending private information to an external source without the company’s knowledge.
  • Prevents DoS attacks on your network.

Cons

  • Can block authorized traffic that employees need to use such as email or websites.
  • If not configured properly, it can introduce vulnerabilities and security risks in your computer network.
  • Takes time and effort from IT staff when configuring one for a business with many different types of users.
  • Can slow down network speeds, especially if it has to examine a large amount of data.

Conclusion

Firewalls are an important security measure to protect your business network. They can be configured in many different ways depending on the needs of a particular organization, however one should thoroughly examine their own company’s risks before choosing which type to implement and how it will be used.

Overall, firewalls can be an effective way of protecting your computer network from external threats such as hackers and malware. However, they must be correctly configured to avoid causing issues within the company itself.

Recent Posts