Security Architecture: Firewalls Flashcards
What are firewalls?
Firewalls are specialized and important devices that help secure our networks. There are many types of firewalls, including:
Layer 4 (L4) through Layer 7 (L7).
WAFs.
UTM firewalls.
NGFW.
What is L4 - L7
L4 through L7 firewalls
An L4 through L7 firewall, also known as an application firewall or an advanced firewall, operates at higher layers of the OSI model compared to traditional Layer 3 (network) and Layer 4 (transport) firewalls. This type of firewall is designed to provide more granular and context-aware security measures by inspecting and controlling traffic based on application-specific information, user behavior, and content.
Unlike lower-layer firewalls that primarily focus on source and destination addresses, Layer 4 through 7 firewalls delve into the content and context of the data packets.
What are WAFS?
WAFs
A web application firewall, or WAF, is a specialized security solution designed to protect web applications from a wide array of cyber threats and vulnerabilities. Positioned between a web server and its users, the WAF analyzes and filters incoming HTTP and HTTPS traffic, scrutinizing it for malicious activities, unauthorized access attempts, and application-layer vulnerabilities.
WAFs operate by enforcing security policies based on a comprehensive understanding of web-application behavior and common attack patterns, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). By actively inspecting the content, headers, and parameters of incoming requests, a WAF identifies and blocks malicious requests, effectively preventing attackers from exploiting potential weaknesses in the application’s code or design.
What are UTM?
UTM firewalls
A UTM firewall is a comprehensive security solution that combines multiple security functionalities into a single platform, designed to protect networks from a diverse range of cyber threats. Unlike traditional firewalls that focus primarily on packet filtering and access control, UTM firewalls offer an integrated suite of security features, including:
Intrusion detection and prevention.
Antivirus and anti-malware.
Content filtering.
Application control.
Virtual private networks (VPNs).
This holistic approach allows organizations to streamline their security infrastructure, manage multiple security aspects from a single interface, and enhance their ability to detect, prevent, and respond to various types of threats.
What are NGFWs?
NGFWs
A next-generation firewall, or NGFW, is an advanced security solution that goes beyond traditional firewall functionalities to provide a comprehensive defense against modern cyber threats. Unlike conventional firewalls that primarily focus on port and protocol filtering, NGFWs offer a sophisticated blend of capabilities, including:
Deep packet inspection.
Intrusion prevention.
Application awareness and control.
User identity tracking.
Integrated threat intelligence.
These features enable NGFWs to analyze the content and context of network traffic, identifying both known and unknown threats, and providing the ability to block malicious activities in real time. NGFWs often incorporate advanced threat-detection mechanisms, such as behavioral analysis and machine learning, to identify emerging threats and zero-day vulnerabilities.
