Join Lisa Bock for an in-depth discussion in this video Exploring different types of firewalls, part of IT Security Foundations: Network Security.
- A firewall is a hardware or software based mechanism that controls incoming and outgoing traffic based on a set of rules that either permit or deny traffic on a network or host. Firewalls should be used in every network as they monitor for many of today's threats. Early firewalls were simply packet filters, inspecting packets as they pass through the firewall checking the source and destination address, protocol, and port. Packet filters do not do any payload inspection, for example it will not block a string value association with a buffer overflow.
Also, there are no means for authentication. Stateful filtering is better than packet inspection as each packet is based on the context of an active state or connection. Once a new connection is initiated, the firewall will check against the security policy. If there is an existing connection, it will look it up in the state transition table and update the table. The challenges are stateless protocols such as UDP and ICMP. Now we can set which ICMP packets we want to allow or deny but UDP doesn't have a fin packet or ending sequence.
The firewall will simply have to wait for that connection to slowly time out and then close that firewall connection. There are different classes of firewalls. Class one is a host based software firewall set up on a laptop or desktop computer. Most support packet filtering, stateful packet inspection, and some offer network address translation. Application specific rules such as HTTPS and DNS can be set to allow specific applications to pass through.
Class two is a router firewall. Specifically, a small office, home office, wireless router, that generally retails under 100 dollars and can provide straight forward firewall features that block and allow certain IP addresses and port numbers and use network address translation to mask private IP addresses. They're often ready out of the box and can be further configured to meet specific needs. They are not for use in an enterprise network for security reasons, it simply can't withstand an aggressive attack.
Class three, low end hardware firewall is easy to set up. Plug and play units which also have swtiching and some VPN functionality as well. These are best for small businesses with under 30 users. They provide static filtering and some remote management. In addition, some have unified threat management built in, with anti-virus and anti-spyware capabilities. Class four are high end hardware firewalls. High performance which are great for small and mid-size businesses.
They provide edge protection and critical infrastructure environments without reducing performance. Class five are high end server firewalls used when the stakes are high and provide much of the same features as a separate appliance but it is built for high throughput requirements. The server can take advantage of high CPU performance and multiple processors and generally does not require a lot of disk capacity. However, this firewall requires high end hardware.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Implementing secure content management (SCM)
- Implementing unified threat management (UTM)
- Introducing VLANs
- NAT addressing
- Network sniffing
- Understanding common attack methods, such as password attacks
- Protecting clients with antivirus software
- Implementing physical security