SF101 Firewalls - ITPro

Firewall

Firewall Definition
  • [i] Firewall) - (definition:: A security device or software that acts as a barrier between a private network and a public internet by monitoring and controlling inbound and outbound network traffic based on a predefined set of security rules and policies) - (subject:: Cybersecurity

The primary function of a firewall is to allow or deny access to network resources based on these rules, creating a "perimeter defense" against unauthorized access or malicious activity.

Firewall Operation

Inbound Traffic
Firewall
Inbound Traffic
Internet
Traffic Inspection
Check Access Control List
Intranet

When network traffic enters a firewall, the firewall inspects the traffic and compares it against its Access Control List (ACL)s. These rules define criteria for inbound and outbound traffic.

  • Inbound Traffic: The firewall checks inbound traffic against ACL rules. If the traffic matches a "deny" rule, the firewall will block the traffic. If it matches an "allow" rules, the firewall will permit the traffic to pass through.
  • Outbound Traffic: The firewall also examines outbound traffic from the internal network. By default, most firewalls have a "permissive" outbound policy, allowing all outbound traffic unless explicitly denied.

This "implicit deny" approach means that unless a traffic type is explicitly allowed, it is automatically blocked by the firewall.

Types of Firewalls

There are two main categories of firewalls.

Software-based (Host-based) Firewalls:

  • Implemented as software running on the OS of a specific host or device.
  • Examples include the Windows Defender Firewall and Linux iptables.
  • Provide protection for only the individual host they are installed on.

Hardware-based (Network) Firewalls:

  • Dedicated security appliances placed between the private and public networks.
  • Designed to handle larger volumes of network traffic and provide more advanced security features.
  • Examples include Cisco ASA, Palo Alto Networks, Fortinet firewalls, and more

These usually offer a bit more comprehensive security capabilities, such as stateful packet inspection and application-level filtering, compared to a software-based counterpart.

Firewall Deployment Considerations

When deploying a firewall, organizations should consider factors such as:

  • Network Topology: Determining the optimal placement of firewalls to create effective security zones
  • Traffic Inspection: Choosing between stateless (basic packet filtering) and stateful (advanced traffic analysis) inspection.
  • Performance: Ensuring the network can handle the required network throughput without bottlenecking the connection.
  • High Availability: Implementing redundancy and failover mechanisms to maintain connectivity in the event of a firewall failure.