FIREWALL - LinuxHunt
196
 

FIREWALL

FIREWALL

In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet. “A firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or leave a network“
Firewalls are incorporated into a wide variety of networked devices to filter traffic and lower

The risk that malicious packets traveling over the public internet can impact the security of a private network. Firewalls may also be purchased as stand-alone software applications.

The term firewall is a metaphor that compares a type of physical barrier that’s put in place to limit the damage a fire can cause, with a virtual barrier that’s put in place to limit damage from an external or internal cyberattack. When located at the perimeter of a network, firewalls provide low-level network protection, as well as important logging and auditing functions.

While the two main types of firewalls are host-based and network-based, there are many different types that can be found in different places and controlling different activities. A host-based firewall is installed on individual servers and monitors incoming and outgoing signals. A network-based firewall can be built into the cloud’s infrastructure, or it can be a virtual firewall service.

Types of firewalls

Other types of firewalls include packet-filtering firewalls, stateful inspection firewalls, proxy firewalls and next-generation firewalls (NGFW).

  • A packet-filtering firewall examines packets in isolation and does not know the packet’s context.
  • A stateful inspection firewall examines network traffic to determine whether one packet is related to another packet.
  • A proxy firewall inspects packets at the application layer of the Open Systems Interconnection (OSI) reference model.

An NGFW uses a multilayered approach to integrate enterprise firewall capabilities with an intrusion prevention system (IPS) and application control.

“ firewall is two types in networking, one is hardware firewall and other is software firewall “

Firewalls can either be software or hardware, though it’s best to have both. A software firewall is a program installed on each computer and regulates traffic through port numbers and applications, while a physical firewall is a piece of equipment installed between your network and gateway.

Packet-filtering firewalls, the most common type of firewall, examine packets and prohibit them from passing through if they don’t match an established security rule set. This type of firewall checks the packet’s source and destination IP addresses. If packets match those of an “allowed” rule on the firewall, then it is trusted to enter the network.

Packet-filtering firewalls are divided into two categories: stateful and stateless. Stateless firewalls examine packets independently of one another and lack context, making them easy targets for hackers. In contrast, stateful firewalls remember information about previously passed packets and are considered much more secure.

While packet-filtering firewalls can be effective, they ultimately provide very basic protection and can be very limited—for example, they can’t determine if the contents of the request that’s being sent will adversely affect the application it’s reaching. If a malicious request that was allowed from a trusted source address would result in, say, the deletion of a database, the firewall would have no way of knowing that. Next-generation firewalls and proxy firewalls are more equipped to detect such threats.

Next-generation firewalls (NGFW) combine traditional firewall technology with additional functionality, such as encrypted traffic inspection, intrusion prevention systems, anti-virus, and more. Most notably, it includes deep packet inspection (DPI). While basic firewalls only look at packet headers, deep packet inspection examines the data within the packet itself, enabling users to more effectively identify, categorize, or stop packets with malicious data. Learn about Forcepoint NGFW here.

Proxy firewalls filter network traffic at the application level. Unlike basic firewalls, the proxy acts an intermediary between two end systems. The client must send a request to the firewall, where it is then evaluated against a set of security rules and then permitted or blocked. Most notably, proxy firewalls monitor traffic for layer 7 protocols such as HTTP and FTP, and use both stateful and deep packet inspection to detect malicious traffic.

Network address translation (NAT) firewalls allow multiple devices with independent network addresses to connect to the internet using a single IP address, keeping individual IP addresses hidden. As a result, attackers scanning a network for IP addresses can’t capture specific details, providing greater security against attacks. NAT firewalls are similar to proxy firewalls in that they act as an intermediary between a group of computers and outside traffic.

Stateful multilayer inspection (SMLI) firewalls filter packets at the network, transport, and application layers, comparing them against known trusted packets. Like NGFW firewalls, SMLI also examine the entire packet and only allow them to pass if they pass each layer individually. These firewalls examine packets to determine the state of the communication (thus the name) to ensure all initiated communication is only taking place with trusted sources.

1 Comment

Post A Comment

Get notified automatically by email when there is new content!
For Questions or Comments, Contact us: editor @ linuxhunt.com

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

LinuxHunt will use the information you provide on this form to be in touch with you and to provide updates.