In this tutorial, you will learn about the basic concepts of firewalls, including what a firewall is, how it protects network security, different types of firewalls, firewall security features, its functions, and the advantages and disadvantages of using a firewall.
Contents:
- What is Firewall?
- Firewall Protection in Network Security
- Types of Firewall
- Firewall Security
- Functions of Firewall
- Advantages of Using Firewall
- Disadvantages of Using Firewall
What is Firewall?
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls are a critical component of network security and are typically deployed at the perimeter of a network to protect against unauthorized access and cyber threats.
Firewall Protection in Network Security
Large companies have confidential information such as product codes, financial analysis, business reports, employee data, business strategies, growth plans, etc. An attacker can steal this information and sell it to a competitor of the company. Therefore, the company is prone to leaking information. Security is needed to prevent unauthorized access to resources and information to company data, and this can be achieved by deploying a firewall.
- Security breaches are caused by viruses, worms, or Trojan horses that destroy valuable data and create problem for administrators to clean up all the bad stuff. That’s why we need a system to keep in the good bits of the message and keep out the bad bits of the message.
- The company may have multiple LAN connections, and their traffic is passed through the firewall so that the firewall can inspect the packets.
The diagram below explains the firewall protection in the network.
As shown in the figure, the firewall protects the network, and all traffic passes through the firewall only because no other route exists.
Types of Firewalls
- Packet Filtering Firewalls: These operate at the network layer and provide basic filtering of IP packets. They check the headers of packets to determine their source and destination, then decide whether to allow or deny the packets based on predefined rules.
- Stateful Inspection Firewalls: These not only examine the headers but also monitor the state of active connections. They make decisions based on the state of the connection and the rules set by the network administrator.
- Proxy Firewalls: These operate at the application layer and act as an intermediary between end users and the internet. They filter messages at the application layer and can perform more detailed inspections of traffic.
- Next-Generation Firewalls (NGFWs): These include features like deep packet inspection (DPI), intrusion detection systems (IDS), and intrusion prevention systems (IPS). They can filter packets based on their content and block more sophisticated attacks.
Firewall Security
A firewall acts as a packet filter, meaning it keeps good packets in but bad packets out. Basically, the network administrator defines the rules in the firewall, and based on those rules, the packets are filtered.
For example, the network administrator allowed TCP port 25 (mail service) and TCP port 80 (web service) for communication. The firewall does not allow traffic from TCP port 79, so the firewall discards any packet whose port number is 79.
Demilitarized Zone (DMZ)
Now, the company wants security, but it doesn’t want to stop communication with the outside world. For that, the network administrator creates a zone outside the company network called a demilitarized zone (DMZ).
Anything can go into the DMZ because it is outside the company’s security perimeter. The computers on the Internet can access the company’s website by contacting a web server that resides in the DMZ. This setup allows for public access to certain resources while keeping the internal network secure.
Types of Filtering
- Packet Filtering: The firewall allows or denies requests based on the MAC or IP address.
- Application Filtering: The firewall allows or disallows messages based on port numbers. This is useful for controlling the use of applications that operate over specific ports.
- URL Filtering: The firewall allows or denies access to websites using keywords and URLs of the websites. This can prevent access to inappropriate or harmful websites.
Stateful vs. Stateless Firewalls
A stateful firewall is a type of firewall that uses TCP/IP header fields to manage and keep track of connections. For example, an internal user may send traffic to an external user after establishing a connection. Once a connection is established, the firewall keeps track of the connection and allows communication between two connected devices. This is not possible using stateless firewalls.
Functions of Firewall
Firewalls perform several essential functions to enhance network security:
- Packet Filtering: Examines packets of data passing through the firewall and blocks or allows them based on predefined rules. Rules can be based on IP addresses, port numbers, protocols, or other criteria.
- Stateful Inspection: Monitors the state of active connections and filters packets based on the context of the connection. This method is more secure than simple packet filtering.
- Proxy Service: Acts as an intermediary between internal and external networks by receiving and inspecting traffic before forwarding it. This adds an additional layer of security by hiding internal IP addresses.
- Network Address Translation (NAT): Translates private IP addresses of internal network devices into public IP addresses, and vice versa, to allow communication over the internet while maintaining security.
- Virtual Private Network (VPN) Support: Provides secure remote access to internal network resources over an encrypted connection, ensuring data confidentiality.
Advantages of Using Firewall
- Improved Network Security: Firewalls protect against unauthorized access and cyber attacks, reducing the risk of data breaches and network intrusions.
- Access Control: Allows network administrators to control which services and resources users can access both internally and externally.
- Regulatory Compliance: Helps organizations comply with industry regulations and standards by enforcing security policies and protecting sensitive data.
- Monitoring and Logging: Provides detailed logs of network traffic, which helps in detecting and investigating security incidents.
- Cost-Effective Security: Implementing a firewall is generally more cost-effective than dealing with the aftermath of a security breach.
Disadvantages of Using Firewall
- Complexity: Configuring and managing firewalls can be complex, requiring skilled network administrators and regular updates to keep up with evolving threats.
- Performance Impact: Firewalls can introduce latency into network communications, especially when performing deep packet inspection or proxying connections.
- Single Point of Failure: If the firewall fails, all network traffic may be compromised, requiring redundant systems for failover.
- Limitations with Encrypted Traffic: Firewalls may have difficulty inspecting encrypted traffic without decryption capabilities, which raises privacy concerns.
- False Sense of Security: Organizations may rely too heavily on firewalls and neglect other aspects of network security, such as endpoint protection or user education.
Key Points to Remember
Here is the list of key points we need to remember about “Firewall”.
- Security is needed to prevent unauthorized access to resources and information to company data, and this can be achieved by deploying a firewall.
- A stateful firewall is a type of firewall that uses TCP/IP header fields to manage and keep track of connections.
- Most firewalls and some common routers have VPN capability that provides a secure tunnel for communication.
- Filtering techniques like packet, application, and URL filtering help control network access.
- Next-Generation Firewalls (NGFWs) include advanced features like deep packet inspection and intrusion prevention systems (IPS).
- Firewalls can introduce latency in network communications, especially during deep packet inspection.
- Implementing a firewall is generally more cost-effective than dealing with the aftermath of a security breach.