Table of Contents
“Firewalls prevent breaches, get deep visibility to detect and stop threats fast, and automate your network and security operations to save time and work smarter”
Cisco Firewall Introduction
Firewalls are the physical devices and software that defend an internal network or system from unauthorized access by performing as a filter. Firewalls are an essential mechanism to fight against the malicious activities on the internet.
Functions
- Firewalls filter the flow of traffic that are either inbound traffic, or outbound traffic of a network
- They inspect each packet by certain rules and policies
- By functioning, firewalls are of two types: network-based firewall and host-based firewall
- Network-based firewalls are mostly implemented on hardware appliances as they protect the whole network, but they cannot fight against the traffic generating from inside the network itself
- Host-based firewalls are installed on the ‘host’ that provides the firewall services; it will come across a network technology in future
Applications
- The firewall provides the platform for IPSec to implement virtual private networks
- Monitores security-related actions
- Protects from several sorts of IP spoofing and routing attacks
- Provides a suitable platform for various internet activity that does not require security such as NAT, internet usage audits or logs
Types of Firewalls
Firewalls have changed tremendously over the past ten years as technologies have grown. There are different types of firewalls categorized by functionality; two broad categories of firewalls are host based and network based.
Host-based
A host-based firewall is a set of firewall software that runs on an individual computer or other devices connected to a network. These types of firewalls are a granular way to protect the individual hosts from viruses and malware, and to control the spread of these harmful infections throughout the network. A great example of this type of firewall is the Windows Firewall.
Network-based
The network-based firewall is often implemented in some sort of hardware appliance or is built into the router that is installed between the LAN and the wilds of the internet. These firewalls form the first line of defense, protecting the whole network. Although they do a great job of protecting whole network, they cannot provide any help if the malicious traffic is originating from inside the network itself. Some of the popular network-based firewalls from different vendors are:
- Barracuda NextGen Firewall
- Cisco Firepower Series
- Fortinet FortiGate
- Juniper SRX
- Meraki MX Series
Software vs. Hardware
Software firewalls are generally part of an Operating System or are a third-party application that installs onto the Operating System. They can be configurable for a single host and are therefore flexible for configuration for that host alone.
Hardware firewalls are specialized machines that are built to filter packets between networks. The main purpose of using a hardware firewall is to protect a computer or an entire network from unauthorized access from the Internet. Firewalls can be programmed to control the flow of data and filter the packets to and from multiple networks within the same organization based on the information contained in the packets.
Application-aware/Context-aware
Application-aware firewalls have developed to deal with today’s application-centric threats. Application and context-aware firewalls filter the data traffic by using specific protocols or ports. They can inspect the data that is going through the firewall. Some of the popular application-layer firewalls from different vendors are:
- Amazon AWS WAF
- Cloudflare WAF
- StackPath Web Application Firewall
- Sucuri Website Firewall
- Akamai Kona Site Defender
- Imperva Incapsula
Small Office/Home Office Firewall
Most small office/home office users depend on two different types of firewalls: software firewall and hardware firewall. Software firewalls include those in the Operating Systems, such as the Windows Firewall Service, and those in other security packages such as their anti-virus software. These firewalls generally allow only normal traffic in and out by default. Hardware firewalls provided by the LAN/WAN router is used to connect to the internet. It can generally be controlled through the software provided by the vendor.
Stateful vs. Stateless Firewall
The difference between a stateful firewall and a stateless firewall is the intelligence with which the firewall examines the packets. A stateless firewall is configured to recognize only static attributes in each packet, such as the source IP address, destination IP address, and protocol. It does not concern the stream of data that would be normal for a protocol . A stateful firewall can hold the major attributes of each connection in its memory. These attributes may include IP addresses, ports, and sequence numbers involved in the connection. The stateful firewall makes filtering more efficient and more accurate for most communication sessions. Stateful firewalls were the first steps in the technical evolution toward IDSs, IPSs, and application-aware firewalls.
Conclusion
Firewall can be either network or host based, but the important consideration is the requirement of the network depending upon the running services. Selection of the right firewall may vary depending on where your data is originating and where is most right place to be inspected. An effective firewall solution not only depends upon selecting the appropriate firewall but also its deployment, configuration and creating right policies, which leads to proactive inspection of filtered packets.
“Firewalls should be the first layer of defense in depth”