Section 16.147 Firewalls Flashcards
Objective 3.2 Given a scenario, you must be able to apply security principles to secure enterprise architecture. Objective 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security
Firewall
A network security device or software that monitors and controls network traffic based on security rules
■ Protects networks from unauthorised access and potential threats
Firewalls can be hardware appliances or specialised software installed on a device to control network traffic
Screened Subnet (Dual-homed Host)
Acts as a security barrier between external untrusted networks and internal trusted networks using a protected host with security measures like a packet-filtering firewall
Types of Firewalls
Packet Filtering Firewalls
● Inspect packet headers for IP addresses and port numbers
● Limited in inspection, operates at Layer 4 (Transport Layer)
Simple header inspection
Types of Firewalls
Stateful Firewalls
● Track connections and requests, allowing return traffic for outbound
requests
● Operates at Layer 4, with improved awareness of connection state
Types of Firewalls
Proxy Firewalls
● Make connections on behalf of endpoints, enhancing security
● Two Types of Proxy Firewalls
○ Circuit Level: Session layer(Layer 5)
○ Application Level: Application layer (Layer 7)
Types of Firewalls
Kernel Proxy Firewalls (Fifth Generation Firewall)
● Minimal impact on network performance, full inspection of packets at every layer
● Placed close to the system they protect
Firewall Evolutions
Next Generation Firewall (NGFW)
Aims to address the limitations of traditional firewalls by being more aware of applications and their behaviours
● Application-aware: distinguish between different types of traffic
● Conduct deep packet inspection and use signature-based intrusion protection
● Operate fast within minimal network performance impact
● Offer full-stack traffic visibility
● Can integrate with other security products
Can be a problem if organizations become reliant on a single vendor due to firewall configurations tailored to one product line
Firewall Evolutions
Unified Threat Management (UTM) Firewall
Provides the ability to conduct multiple security functions in a single appliance
● Functions include firewall, intrusion prevention, antivirus, and more
● Reduces the number of devices
● UTMs use separate individual engine wheras NGFW used a single engine
Problem: May be cost efective as its one device butit has a single point of failure.
Firewall Evolutions
Web Application Firewall (WAF)
Focuses on inspecting HTTP traffic that Prevents common web application attacks like cross-site scripting and SQL injections
● Can be placed..
In-line (live attack prevention): Device sits between the network firewall and the web servers
Out of band (Detection) : Device receives a mirrored copy of web server traffic
Layer based Firewalls
Layer 4 Firewall
● Operates at the transport layer
● Filters traffic based on port numbers and protocol data
Layer based Firewalls
Layer 7 Firewall
● Operates at the application layer
● Inspects, filters, and controls traffic based on content and data
characteristics
