FIREWALL IN NETWORKING:-Network Firewalls are the devices that are used to prevent private networks from unauthorized access. A Firewall is a security solution for the computers or devices that are connected to a network, they can be either in form of hardware as well as in form of software.
A Firewall in networking is a network security device that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.
Network Firewalls are the devices that are used to prevent private networks from unauthorized access. A Firewall is a security solution for the computers or devices that are connected to a network, they can be either in form of hardware as well as in form of software.
A firewall’s main purpose is to allow non-threatening traffic in and to keep dangerous traffic out.
Firewalls strengths / capabilities
- They are excellent at enforcing corporate security policies
- They are used to restrict access to specify services
- The majority of firewalls can even provide selective access via authentication functionality
- Firewalls are singular in purpose and do not need to be made between security and usability
- They are excellent auditors
- Firewalls are very good at altering appropriate people of specified events.
Firewalls weakness / limitations
- Firewalls cannot protect against what has been authorized
- It cannot stop social engineering attacks or an unauthorized user intentionally using their access for unwanted purposes
- Firewalls cannot fix poor administrative practices or poorly designed security policies
- It cannot stop attacks if the traffic does not pass through them
- They are only as effective as the rules they are configured to enforce.
The four main firewalls technologies available are:
- Packet Filters
- Application gateways
- Circuit-level gateways
- Stateful packet inspection engines
Packet Filtering Firewalls
- They provide network security by filtering network communication based on the information contained in TCP/IP headers of each packet
- Good performance
- Good for traffic management
- Directed connectionless permitted
- Poor scalability
- Large port range may be opened
- Vulnerability to spoofing attacks
- An application gateway makes access decisions based on packet information at all seven layers of OSI model
- Application gateways provide a higher level of security that packet filters do but they as the loss of transparency to the services that are being controlled
- Application gateways can be used to protect vulnerable services to the protected systems
- Slower Performance
- Lack of performance
- Need for proxies for each application
Circuit Level Gateways
- Circuit-level gateways are similar to application gateways but they are not application aware.
- A circuit level gateway operates by relaying TCP connections from the trusted network to the untrusted network
- Advantages: The main advantage of a circuit level gateway over an application gateway is that it provides services for many different protocols and – Disadvantages: Clients must be able to use them and they cannot inspect application layer
- Stateful Packet Inspection (SPI) Firewalls
- A SPI firewall permits and denies packets based on a set of rules very that similar to packet filter.
- They track the state of each session and can dynamically open and close ports
- SPI firewalls were deployed to combine the speed and flexibility of packet filters with application-level security of application proxies
- They can differentiate between valid and faked ACK packets
- Ability to look inti the data of certain packet types
- The disadvantages of SPI firewall it permits direct connections between untrusted and trusted hosts.
Firewall in networking History
Firewalls have existed since the late 1980’s and started out as packet filters, which were networks set up to examine packets, or bytes, transferred between computers. Though packet filtering firewalls are still in use today, firewalls have come a long way as technology has developed throughout the decades.
- Gen 1 Virus
- Generation 1, Late 1980’s, virus attacks on stand-alone PC’s affected all businesses and drove anti-virus products.
- Gen 2 Networks
- Generation 2, Mid 1990’s, attacks from the internet affected all business and drove creation of the firewall.
- Gen 3 Applications
- Generation 3, Early 2000’s, exploiting vulnerabilities in applications which affected most businesses and drove Intrusion Prevention Systems Products (IPS).
- Gen 4 Payload
- Generation 4, Approx. 2010, rise of targeted, unknown, evasive, polymorphic attacks which affected most businesses and drove anti-bot and sandboxing products.
- Gen 5 Mega
- Generation 5, Approx. 2017, large scale, multi-vector, mega attacks using advance attack tools and is driving advance threat prevention solutions.
Back in 1993, Check Point CEO Gil Shwed introduced the first stateful inspection firewall, FireWall-1. Fast forward twenty-seven years, and a firewall is still an organization’s first line of defense against cyber attacks. Today’s firewalls, including Next Generation Firewalls and Network Firewalls support a wide variety of functions and capabilities with built-in features, including: