Firewalls 2.1 Flashcards
How do Firewalls work?
Everything passes through the firewall. Can control inappropriate content. Protects against viruses and malware. They establish security policies through the following mechanisms.
Network Address Translation (NAT) Basic packet filtering Stateful packet filtering Access Control Lists (ACL) Application layer proxies
Network-based Firewalls
Filters traffic by port numbers and IP addresses. (OSI layer 4, TCP/UDP)
Can encrypt traffic into/out of the network. Can proxy traffic. Most firewalls can be layer 3 devices (routers).
Stateless Firewall
Does not keep track of traffic flow. Each packet is individually examined regardless of past history. If traffic is sent outside to an active session, the traffic returning from said location will still be examined. Must have rules for send and receive.
Statefull Firewall
Remembers the “state” of the session. Everything within a valid flow is allowed. If a rule is created to a destination, there is no need to create a receive rule from said destination so long as it within the same traffic flow.
Access Control List (ACL)
These are the firewall rules. They allow or disallow traffic based on tuples or security policies. Tuples are a grouping of categories; source IP, destination IP, port number, time of day, application, etc.
Application-based Firewalls
Application based firewalls can filter through OSI layer 7 which is the Application Layer. They can analyze traffic at a much deeper level examining the application characteristics of traffic. They can block parts of an application, yet allow other parts through giving them much greater specificity than network-based firewalls.