FIREWALL:

A firewall is a network security device, either hardware or software-based, which monitors

all incoming and outgoing traffic and based on a defined set of security rules it accepts,
rejects or drops that specific traffic. Accept : allow the traffic Reject : block the traffic but
reply with an “unreachable error” Drop : block the traffic with no reply A firewall
establishes a barrier between secured internal networks and outside untrusted network, such
as the Internet.

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing
on routers. ACLs are rules that determine whether network access should be granted or
denied to specific IP address. But ACLs cannot determine the nature of the packet it is
blocking. Also, ACL alone does not have the capacity to keep threats out of the network.
Hence, the Firewall was introduced. Connectivity to the Internet is no longer optional for
organizations. However, accessing the Internet provides benefits to the organization; it also
enables the outside world to interact with the internal network of the organization. This
creates a threat to the organization. In order to secure the internal network from
unauthorized traffic, we need a Firewall.
Firewall match the network traffic against the rule set defined in its table. Once the rule is
matched, associate action is applied to the network traffic. For example, Rules are defined
as any employee from HR department cannot access the data from code server and at the
same time another rule is defined like system administrator can access the data from both
HR and technical department. Rules can be defined on the firewall based on the necessity
and security policies of the organization. From the perspective of a server, network traffic
can be either outgoing or incoming. Firewall maintains a distinct set of rules for both the
cases. Mostly the outgoing traffic, originated from the server itself, allowed to pass. Still,
setting a rule on outgoing traffic is always better in order to achieve more security and
prevent unwanted communication. Incoming traffic is treated differently. Most traffic which
reaches on the firewall is one of these three major Transport Layer protocols- TCP, UDP or
ICMP. All these types have a source address and destination address. Also, TCP and UDP
have port numbers. ICMP uses type code instead of port number which identifies purpose of
that packet. Default policy: It is very difficult to explicitly cover every possible rule on the
firewall. For this reason, the firewall must always have a default policy. Default policy only
consists of action (accept, reject or drop). Suppose no rule is defined about SSH connection
to the server on the firewall. So, it will follow the default policy. If default policy on the
firewall is set to accept, then any computer outside of your office can establish an SSH
connection to the server. Therefore, setting default policy as drop (or reject) is always a
good practice.
Generation of Firewall:
Firewalls can be categorized based on their generation.
First Generation- Packet Filtering Firewall: Packet filtering firewall is used to control
network access by monitoring outgoing and incoming packets and allowing them to pass or
stop based on source and destination IP address, protocols, and ports. It analyses traffic at
the transport protocol layer (but mainly uses first 3 layers). Packet firewalls treat each
packet in isolation. They have no ability to tell whether a packet is part of an existing
stream of traffic. Only It can allow or deny the packets based on unique packet headers.
Packet filtering firewall maintains a filtering table that decides whether the packet will be
forwarded or discarded. From the given filtering table, the packets will be filtered
according to the following rules:
1. Incoming packets from network 192.168.21.0 are blocked.
2. Incoming packets destined for the internal TELNET server (port 23) are blocked.
3. Incoming packets destined for host 192.168.21.3 are blocked.
All well-known services to the network 192.168.21.0 are allowed.
2. Second Generation- Stateful Inspection Firewall: Stateful firewalls (performs Stateful
Packet Inspection) are able to determine the connection state of packet, unlike Packet
filtering firewall, which makes it more efficient. It keeps track of the state of networks
connection travelling across it, such as TCP streams. So the filtering decisions would not
only be based on defined rules, but also on packet’s history in the state table.
3. Third Generation- Application Layer Firewall : Application layer firewall can inspect
and filter the packets on any OSI layer, up to the application layer. It has the ability to block
specific content, also recognize when certain application and protocols (like HTTP, FTP)
are being misused. In other words, Application layer firewalls are hosts that run proxy
servers. A proxy firewall prevents the direct connection between either side of the firewall,
each packet has to pass through the proxy. It can allow or block the traffic based on
predefined rules. Note: Application layer firewalls can also be used as Network Address
Translator(NAT).
4.Next Generation Firewalls (NGFW): Next Generation Firewalls are being deployed
these days to stop modern security breaches like advance malware attacks and application-
layer attacks. NGFW consists of Deep Packet Inspection, Application Inspection, SSL/SSH
inspection and many functionalities to protect the network from these modern threats.
Types of Firewall
Firewalls are generally of two types: Host-based and Network-based.
Host- based Firewalls : Host-based firewall is installed on each network node which
controls each incoming and outgoing packet. It is a software application or suite of
applications, comes as a part of the operating system. Host-based firewalls are needed
because network firewalls cannot provide protection inside a trusted network. Host firewall
protects each host from attacks and unauthorized access.
Network-based Firewalls : Network firewall function on network level. In other words,
these firewalls filter all incoming and outgoing traffic across the network. It protects the
internal network by filtering the traffic using rules defined on the firewall. A Network
firewall might have two or more network interface cards (NICs). A network-based firewall
is usually a dedicated system with proprietary software installed.
Advantages of using Firewall
Protection from unauthorized access: Firewalls can be set up to restrict incoming traffic
from particular IP addresses or networks, preventing hackers or other malicious actors from
easily accessing a network or system. Protection from unwanted access.
Prevention of malware and other threats: Malware and other threat prevention: Firewalls
can be set up to block traffic linked to known malware or other security concerns, assisting
in the defense against these kinds of attacks.
Control of network access: By limiting access to specified individuals or groups for
particular servers or applications, firewalls can be used to restrict access to particular
network resources or services.
Monitoring of network activity: Firewalls can be set up to record and keep track of all
network activity. This information is essential for identifying and looking into security
problems and other kinds of shady behavior.
Regulation compliance: Many industries are bound by rules that demand the usage of
firewalls or other security measures. Organizations can comply with these rules and prevent
any fines or penalties by using a firewall.
Network segmentation: By using firewalls to split up a bigger network into smaller subnets,
the attack surface is reduced and the security level is raised.
Disadvantages of using Firewall
Complexity: Setting up and keeping up a firewall can be time-consuming and difficult,
especially for bigger networks or companies with a wide variety of users and devices.
Limited Visibility: Firewalls may not be able to identify or stop security risks that operate
at other levels, such as the application or endpoint level, because they can only observe and
manage traffic at the network level.
False sense of security: Some businesses may place an excessive amount of reliance on
their firewall and disregard other crucial security measures like endpoint security or
intrusion detection systems.
Limited adaptability: Because firewalls are frequently rule-based, they might not be able to
respond to fresh security threats.
Performance impact: Network performance can be significantly impacted by firewalls,
particularly if they are set up to analyze or manage a lot of traffic.
Limited scalability: Because firewalls are only able to secure one network, businesses that
have several networks must deploy many firewalls, which can be expensive.
Limited VPN support: Some firewalls might not allow complex VPN features like split
tunneling, which could restrict the experience of a remote worker.
Cost: Purchasing many devices or add-on features for a firewall system can be expensive,
especially for businesses.
Real-Time Applications of Firewall
Corporate networks: Many businesses employ firewalls to guard against unwanted access
and other security risks on their corporate networks. These firewalls can be set up to only
permit authorized users to access particular resources or services and to prevent traffic from
particular IP addresses or networks.
Government organizations: Government organizations frequently employ firewalls to
safeguard sensitive data and to adhere to rules like HIPAA or PCI-DSS. They might make
use of cutting-edge firewalls like Next-generation firewalls (NGFW), which can detect and
stop intrusions as well as manage access to particular data and apps.
Service providers: Firewalls are used by service providers to safeguard their networks and
the data of their clients, including ISPs, cloud service providers, and hosting firms. They
might make use of firewalls that accommodate enormous volumes of traffic and support
advanced features such as VPN and load balancing.