Firewall
A firewall is a mechanism for maintaining control over the traffic that flows in and out of networks.
- can be network-based (hardware) or host-based (software)
How Does a Firewall Work?
Many firewalls in use today work by examining the packets moving through the network to determine which ones it should allow in or out.
- these firewall rules are referred to as Access Control Lists (ACL)
- Each entry in the ACL lists
- source and/or destination network addresses
- protocol types
- whether to allow or block traffic that matches the rule
- Each entry in the ACL lists
- can also be deployed within a private network
- E.g.,
- might only want certain clients to connect to a particular group of servers
- could place the servers behind a local network firewall to enforce the relevant ACL
- E.g.,
- Most routers can implement some level of firewall functionality
- firewall can be implemented as a standalone appliance
- can perform deeper analysis of application protocol data and use more sophisticated rules to determine what traffic is allowed
- often implemented as unified threat management (UTM) appliances to perform multiple other security functions
packets are blocks of data.
Where do you place firewalls?
You typically place firewalls at points where the level of trust changes:
- the border between an internal network and the internet
You can also place on your internal network to prevent unauthorized users from accessing network traffic of a sensitive nature
Types of Firewalls
- Packet Filtering Firewalls
- Stateful Packet Inspection Firewalls
- Proxy Server
- Next-Generation Firewall (NGFW)
Firewall Tools
- Tools that map the topology of firewalls in a network and locate vulnerabilities in them
- Scanners
- find any open ports or services running on open ports that are vulnerable to known attacks
- Packet Sniffers
- examine the traffic that is entering and leaving firewalls
- if you can get a tool in place in a network location that will enable you to see the traffic