Firewall Basics Flashcards
The word firewall commonly describes
a system or device or Software
Firewall is placed between
a trusted network and an untrusted network
A firewall is security devices used to
stop or mitigate unauthorized access.
The only traffic allowed on the network
is defined via the firewall policies.
It grants or rejects access to traffic flows between
untrusted & trusted zone
A firewall monitors and check
incoming and outgoing network related traffic
It decides to allow or block specific traffic based on
defined set of security rules.
A firewall can be
hardware, software, or both or can be Cloud-based or Virtual
The first generation of firewall technology consisted of
packet filters techniques.
The second generation of firewall started with
application layers technologies
The third generation of firewall had
“Stateful” filters inspection also called NGFW
Stateful Firewall:
o It maintain the state of connection when packet is travelling for the appliance.
o State Full Firewall maintain the state of connection in the state table of Firewall.
o After adding information in state table, it forwards the packet to the destination.
o When it receive the reply-packet, it match the packet information to state-table.
o If Firewall receive the reply packet if match packet is accepted otherwise drop.
Simplified Packet Flow
Stateless Firewalls:
o Stateless Firewalls watch network traffic and restrict or block the packets.
o This Firewalls restrict or block packet based on source & destination addresses.
o Stateless Firewalls also restrict or block packet based on other static values.
o Stateless Firewalls are not ‘aware’ of the traffic patterns or the data flows.
o A stateless firewall filter, also known as an Access Control List or (ACL).
o Stateless Firewall does not state fully inspect the traffic to keep the records.
o It evaluates packet contents statically and does not keep track of connection state.
o An example of a packet filtering firewall is the Extended ACL on Cisco Routers
Packet Filtering Firewall:
o In Packet, filtering firewall packets are filtered using the Access-List (ACL).
o Packet Filtering Firewall is vulnerable to IP spoofing network attack easily.
o Cisco IOS use Standard or Extended ACL, Named ACL etc to filter the traffic.
o Limits info is allowed into a network based on the destination and source address.
o Packet Filtering Firewall can only be implemented on Network & Transport Layers.
o Packet Filtering Firewall filters packets based on address and port number only.
Proxy Firewall:
o Proxy Firewall works as a proxy for clients of Internal LAN users.
o No direct communication occurs between client & destination server.
o Takes requests from a client, puts that client on hold for a moment.
o Makes the requests as if it is its own request out to the final destination.
o Proxy Firewall is Memory and disk intensive at the proxy server or device.
o Proxy Firewall could potentially be a single point of failure in the network.
Application Firewall:
o Application level gateways works on the Application Layer of the OSI reference Model.
o Application Firewall you can block or control the traffic generated by any applications.
o Application Firewalls can also be configured as Caching Servers to increase performance.
o Application Level gateway Firewall is more processor intensive but have very tight control.
o Application Firewall is the ability to analyze traffic all the way up to the Application Layer.
Personal Firewall:
o Personal Firewall is typically software application that is installed on endpoint device.
o Personal Firewall protect the device itself from unauthorized intrusions or access.
o Most operating systems such as windows or Linux have integrated personal firewalls.
o Personal Firewalls protect a single host or device only in the network.
o Personal Firewalls control traffic arriving at and leaving individual hosts.
o Personal Firewalls have the ability to permit and deny traffic based on the application.
o Personal Firewalls have also the ability to define policies for different classes of network.
Transparent Firewall:
o It works at layer 2, or it forwards the frames based on destination MAC.
o It has the capabilities to filter the traffic from layer 2 to layer 7 of OSI Model.
o Transparent Firewall is invisible to devices on both sides of protected network.
o Transparent mode does not support dynamic routing protocols or more stuff.
Virtual Wire Firewall:
o Virtual Wire Firewall mode logically binds two Ethernet interfaces together.
o Virtual Wire Firewall mode allowing for all traffic to pass between interfaces.
o Virtual Wire, also known V-Wire, deployment options use Virtual Wire interfaces.
o A virtual Wire Firewall mode requires no changes to adjacent network devices.
o A Virtual Wire interface supports App-ID, User-ID, Content-ID, NAT & decryption.
o Virtual Wire Firewall mode is typically used when no switching or routing is needed
Traditional Network Firewall:
o Traditional firewalls work at the network & transport layer of OSI Model.
o Allow or block traffic based on criteria such as an IP address and/or port
Zone-Based Firewall:
o Zone Based Firewall is the most advanced method of a Stateful Firewall.
o Zone Based Firewall is available on Cisco IOS Routers.
o The idea behind ZBF is that we do not assign access-lists to interfaces.
o In ZBF, different zones created & assigned Interfaces to different zones.
o In Zone Based Firewall security policies assigned to traffic between zones.
Could-Based Firewall:
o Cloud Firewalls are software-based, cloud deployed network devices.
o Cloud Firewalls built to stop or mitigate unwanted access to private networks.
o As Cloud Firewalls a new technology, they are designed for modern business needs.
o Cloud Firewalls are sit within online application environments to stop any attacks.
o Firewall-as-a-service (FWaaS), Security-as-a-service (SECaaS) are the examples.
Virtual Firewall:
o Virtual firewall is a firewall service or an application for virtualized environment.
o Virtual firewall provides packet filtering within a virtualized environment.
o Virtual firewalls are commonly used to protect virtualized environments only.
o Virtual firewall is often deployed as a software appliance in virtual environment.
o A virtual firewall manages and controls incoming and outgoing traffic.
o It works in conjunction with switches and servers similar to a physical firewall.
UTM Firewall:
o The term UTM firewall or simply UTM (Unified Threat Management) is the terminology.
o It is given to hardware or software device capable of assembling various security functions.
o Such as packet filtering, proxy, IDS & IPS, protection against malware, application control.
o UTM provides multiple security features & services in single device or service on network.
o UTM includes functions such as anti-virus, anti-spam, content filtering, & web filtering etc.
o UTM (Unified Threat Management) Firewall is not consider Next-Generation Firewall.
Next-Generation Firewall (NGFW):
o NGFW performs the role of a traditional firewall and adds NGIPS features.
o Next-Generation Firewall is part of the third generation of Firewall technology.
o All NGFWs offer two key features App Awareness & Control & ID Awareness.
o Next-Generation Firewall (NGFW) provide deep-packet inspection of traffic.
o Next-Generation Firewall add application-level inspection & Intrusion Prevention.
o Next-Generation Firewall provides all traditional IPS features with high performance.
o Next-Generation Firewall allow, and block traffic based on specific application as well.
o Next-Generation Firewall allow, and block traffic based on user information as well.
o Next-Generation Firewall (NGFW) provide both IPS and application control functions.
o There is no big difference between the UTM and Next-Generation Firewall (NGFW).
o Next-Generation Firewall provide high performance and Processing using to protect.
Palo Alto Firewall:
o The only firewall to identify, control & inspect your SSL encrypted traffic & applications.
o The only firewall with real-time content scanning to protect you against viruses.
o The only firewall to protect against spyware, data leakage & application vulnerabilities.
o The only next-generation firewall based on a stream-based threat prevention engine.
o Palo Alto unleashes the power of the cloud against threats known and unknown.
o Palo Alto is security application that allows or denies traffic by a single fingerprint.
o If one company experiences unique attack, all other subscribers’ networks are updated.
o You can allow certain functions of an application without blocking the entire application
Parallel Processing:
o The other critical piece of Palo Alto Networks SP3 Architecture is hardware.
o It is use Parallel Processing hardware to ensure Single Pass software runs fast.
o Palo Alto Networks engineers designed separate data plan and control plane.
o This separation means you can update the device while still keep forwarding going.
o Palo Alto firewall using multiple cores and processors will run checks in parallel.
o It is not re-compile files in order to scan them but scan stream for signature.
o Identification Technologies Transform the Firewall, App-ID, User-ID, and Content-ID.
Single-Pass Architecture:
o PAN Firewall are optimized to only inspect the packet “ONE TIME”, concurrently.
o At same time do Signature Matching, Security Processing & Networking Processing.
o All in Parallel to each other without having to re buffer same packet over & over again.
o Single-Pass performs the L7 classification and inspection Operations once per packet.
o Strength of Palo Alto Networks Firewall is its Single Pass Parallel Processing (SP3) engine.
o Every single layer of Protection Antivirus, Spyware, Data Filtering & Vulnerability protection.
o Palo Alto Networks Firewall all utilized the same stream-based signature format.
o allows PAN to buffer and inspect a packet at the same time, it can do all three in parallel.
Firewall Zones:
o Security zones are logical way to group physical and virtual interfaces on the Firewall.
o Security Zones is used to control and log the traffic that traverses specific interfaces.
o Interface on Firewall must be assigned to security zone before interface process traffic.
o Zone can have multiple interfaces of same type, but interface belong to only one zone.
o Palo Alto Firewalls zone names have no predefined meaning or policy associations.
o Palo Alto Firewalls rely on concept of security zones in order to apply security policies.
o It means that Security Policies (Firewall Rules) are applied to zones & not to interfaces.
o This zone feature is similar to Cisco’s Zone-Based Firewall supported by IOS Routers.
o Policy rules on Firewall use zones to identify where traffic comes from & where going.
o Traffic can flow freely within a zone, but traffic cannot flow between different zones.
o Traffic between different zones can’t flow until define Security policy rule that allows it.
o Creating a security zone in the Palo Alto Networks NG Firewalls involves three steps.
o Specify the Zone Name, Select the Zone Type and Assign the Interface to the given Zone.
