Firewalls — The First Line of Defense
“Whoever is first in the field and awaits the coming of the enemy, will be fresh for the fight” — Sun Tzu (Art of War).
“Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically”— Kevin Mitnick.
What is a firewall?
Firewalls are devices that are placed in internet gateway which enforce security policies by allowing or denying incoming traffic based on a set of rules. The rules can be of software or hardware. It separates the internet from internal private network as segment trusted from untrusted. It connects directly to internet that is an untrusted network, we have firewall inspecting traffic from untrusted to trusted.
Do you know that firewall has generational evolution?
There are 4 types of generational firewalls which we use in different layers of OSI model.
1st Generation:
They operate at layer 3 of OSI model where we have source and destination information, port numbers so based on these we can block the traffic. This is also called screening router because router has access control lists which are rules that firewall applies to each receiving packet. It is a rule-based access control. We don’t have any table, so it is called stateless inspection. The first paper published on this was in 1988.
Advantages:
As it provides high performance, it is still used on the network beneath a stateful firewall. They offer scalability through implementing security policies
Disadvantages:
It is very basic one, so they don’t prevent TCP/IP protocol or application-layer attacks
They can be complex to configure. They can’t filter above the network layer.
2nd Generation: The second-generation firewall is a proxy.
Why proxies are considered as type of firewall?
Both of them are used to block or limit the connections between the networks. Specifically, firewalls are used to block the communication whereas proxies would redirect.
A firewall is a hardware device or an application that prevents an internal network from accessing or denying communications from the outside network based on defined rules.
A proxy is a device or program that creates a barrier between forward traffic from an internal client to an untrusted external host. It hides the trusted internal client from attacks
It keeps track of the state, the connection as we send query and expecting a reply back
There are 2 types of proxies: Application level proxy and circuit-level proxy.
Both types of proxies hide the internal hosts from the outside world
Circuit-level proxy:
In this a trusted network can communicate with untrusted network. It works on session layer which is layer 5 in OSI model. They check TCP handshaking between packet header and session information to know whether a session is legitimate and give access permissions. It acts as an VPN between client and server.
Advantages:
They provide security for wide range of protocols. It is inexpensive and simple to implement. It doesn’t require proxy for each protocol
Disadvantages:
It doesn’t filter each packet. This can only handle TCP.
Application-level proxy:
Relays traffic between a trusted endpoint running specific application to an untrusted endpoint. It operates at the application layer that is layer 7 in OSI model. It understands the inner working of protocols which they are proxying. They are used for encrypting, decrypting traffic through SSL.
Advantages:
They are more secure because they can understand the protocol. They have advanced access control, logging or auditing features
Disadvantages:
Each protocol has different application proxy. It requires more CPU as it does more processing per packet.
3rd Generation:
In this firewall maintain the state table and router keeps track of a connections in a table. It allows return traffic where a packet filter would have to have a specific rule to define returned traffic. It operates in 3 and 4 layers of OSI model. It is a context dependent access control. As it is a stateful or dynamic packet filtering which monitors the state of the high port connection.
Advantages:
It makes direct connections between the client and the server. Data transfer and connections are secured as it implements complex security models and algorithms that are specific to protocol
Disadvantages:
They are complex, harder to administer so it requires more memory and to track active connections.
Next Generation:
Next generation firewall (NGFW) combines the packet inspection with stateful inspection that is called deep packet inspection. It tracks the session and can able to see the data in packet. Unified Threat management (UTM) combines anti-virus, firewalls, malware filtering and intrusion detection or prevention.
Now that we looked into different types of Firewalls, and their advantages and disadvantages, hope this post helps in deciding which is the best firewall that suits your environment. Please like, share and comment your feedback.