A firewall is a network security system which monitors and takes actions (permit or deny traffic) on the basis of policies defined explicitly.It can be performed by a single device, group of devices or by software running on a single device like server.
Cisco ASA has the biggest share in the market while there are other vendors of firewall also like checkpoint, Juniper etc.
Firewall Methodologies –
There are certain methods through which firewall can be implemented. These are as follows:
- Static packet filtering – Packet filtering is a firewall technique used to control access on the basis of source IP address, destination IP address, source Port number and destination port number. It works on layer 3 and 4 of OSI model.Also, an ACL doesn’t maintain the state of session. A router with ACL applied on it is an example of static packet filtering.
- If the administrator has a good knowledge of network, it is easy to implement.
- It can be configured on almost all routers.
- It has minimal effect on network performance.
- Large amount of ACLs are difficult to maintain.
- ACLs uses IP address for filtering. If someone spoofs the same source IP address then that will be allowed by ACL.
- Stateful packet filtering –
In stateful packet filtering, the state of the sessions are maintained i.e when a session is initiated within a trusted network, it’s source and destination IP address, source and destination ports and other layer information are recorded. By default, all the traffic from untrusted network is denied.
The replies of this session will be allowed only when the IP addresses (source and destination IP address) and port numbers (source and destination )are swapped.
- Dynamic in nature as compared to static packet filtering.
- Not susceptible to IP spoofing.
- Can be implemented on routers.
- Might not be able to prevent application layer attack.
- Some applications open dynamic ports on the server side, if the firewall is analysing this, it can cause application failure. This is where application inspection comes into use.
- Proxy firewalls –
These are also known as application layer firewalls. Proxy firewall acts as an intermediary between the original client and the server. No direct connection takes place between the original client and the server.
The client, who has to establish a connection directly to the server to communicate with it, now have to establish a connection with proxy server. The proxy server then establishes a connection with the server on the behalf of client. Now, the client sends the data to the proxy server and proxy server forwards it to the server. Proxy server can operate upto layer 7 (application layer).
- Difficult to attack server as proxy server is the intermediate between the client and the server.
- Can provide detailed logging.
- Can be implemented on common hardware.
- Processor intensive
- Memory and disk intensive
- Single point of failure in network security
- Application inspection –
These can analyze the packet upto layer 7 (deep inspection) but can’t act as a proxy server. These can deeply analyze conversation between a client and server even when the server is assigning a dynamic port to the client therfore it doesn’t fail in these cases (which can occur in stateful firewall).
- Can analyze deeper into the conversation between the server and the client.
- If there is a protocol anamoly happening from standard then it can deny the packets.
- Transparent firewall –
By default, the firewall operates at layer 3 but the benefit of using transparent firewall is that it can operate at layer 2.It has 2 interfaces which will act like a bridge so can be configured through a single management IP address. Also, users accessing the network will not even know about that a firewall exists.
The main advantage of using transparent firewall is that we don’t need to re-address our networks while putting up a firewall in our network. Also, while operating at layer 2, it can still perform functions like building stateful database, application inspection etc.
- Network Address Translation (NAT) –
NAT is implemented on a router or firewall. NAT is used to translate private IP address into a public IP address through which we can hide our source IP address.
And if we are using dynamic NAT or PAT, an attacker will not be able to know that what devices are dynamically assigned which IP address from the pool. This makes difficult to make a connection from outside world to our private network.
- Next-Generation Firewalls –
NGFWs are third generation security firewall that is implemented in either in software or device. It combines basic firewall properties like static packet filtering, application inspection with advanced security features like integrated intrusion prevention system. Cisco ASA with firePOWER services is an example of Next-Generation firewall.