Firewalls Flashcards
What is a Firewall
A system or group of systems used to control access between two networks – a trusted network (Internal Private Network) & an untrusted network (Internet).
Perimeter Defence (mcq)
Intercepts and controls traffic between networks with differing levels of trust, enforced with a network security policy
Log inter-network activity, and limit the exposure of an organization.
Firewall Challenges
Detecting malware
Connections that do not go through the firewall
Unknown threats
Poorly trained firewall administrator
Stateful Packet Filtering (open ended)
- Maintains an entry for each established connection
- Packet filter based on profile of the entries
- Keeps track of TCP sequence numbers to prevent attacks based on sequence numbers
- Inspect data for protocols (FTP, IM, SIP) commands
- Detects and drops packets that overload server
- Disallow packets that has no connection to server
Stateful Packet Filtering drawbacks
Cannot prevent, Trojan, spyware, adware where an connection has been established from within the network.
Stateful Packet Filtering Solution
Deep Packet Inspection (DPI)
Examines also the data part of packet (content)
One example of Web Application Firewall
ModSecurity
What is Web Application Firewall
- Inspect request and response data (including HTTPS)
- Increase information log (Credit card numbers, ID numbers, Passwords, Raw Transaction data)
- Act as an inbound proxy to Webserver: Apache, IIS
What does Web Application Firewall alert
SQL Injection
XSS
Buffer Overflow
Cookie Tampering
Abnormal Activities
etc
Unified Threat Management (UTM)
Consolidates multiple security and networking functions all on one appliance. Popular with SMEs (Small Medium Enterprise)
Examples of Unified Threat Management (UTM)
- Firewall
- IDS/IPS
- SIEM
- Secure Web/Email Gateway
- Remote Access
Unified Threat Management (UTM) Advantages
- Browser based management
- Short learning curve for security policy configuration
- Localized software and documentation
- By 2022, more than 50% of new SMB firewall deployment will tunnel web traffic to a cloud-based secure web gateway, up from less than 10% today.
Application Firewall (Often called NGFW)
(ref image)
4 Properties of Next generation firewall (NGFW)
- Application Awareness
Does not assume a specific application is running on a specific port.
Firewall can monitor traffic from layers 2 to 7 with greater granularity
Eg: HTTP Port 80 assumed to be HTTP Traffic. Useful for bandwidth
control (P2P) - Identity Awareness
Track the identity of the local traffic device and user,
Typically using existing enterprise authentication systems
(i.e. Active Directory, LDAP). Control the what a specific
User or groups is allowed to send and receive - Extra firewall Intelligence
Optimized rule set and intelligence gathered from outside sources
continually (Whitelist, blacklist, directory integration to block by
identity) - Integrated IPS
Automatic correlation to IPS(To cover in PM) to suggest
blocking of certain malicious websites. Eg: Block and address
that is continually loading the IPS with bad traffic
Packet Filtering Rules (Two common strategies)
1) Build rules from most specific to most general. This is to ensure that
a general rule does not “override” a more specific but conflicting
rule.
2) Rules should be ordered such that the ones most often used are at
top of list. Done for performance reasons.
