Skip to main content

Network Devices and Infrastructure

Firewalls

Definition: Network security devices that monitor and filter incoming and outgoing network traffic based on an organization's previously established security policies.

Function:

  • Filters traffic based on predefined security rules.

  • Help to protecting networked systems from unauthorized access.

  • Can be hardware-based, software-based, or a combination of both.

Firewalls, being the cornerstone of network security, come in various flavors. Let's delve into each type mentioned and address your specific questions:

Types of Firewalls

  1. Static Packet-Filtering Firewalls: Operate primarily on OSI layer 3 (Network Layer) and look at packet headers to determine whether to allow or drop a packet based on predefined rules.

  2. Application-Level Firewall (Proxy Firewall): Operates on OSI layer 7 (Application Layer) and inspects the content of the traffic. It can block specific applications or services.

  3. Circuit-level Firewall: Operates at the session layer (OSI layer 5) and determines if a session is legitimate. An example is the SOCKS protocol.

  4. Stateful Inspection Firewall: Monitors the entire communication process and makes decisions based on the context or state of the communication.

  5. Deep Packet Inspection (DPI) Firewalls: Inspects both header and payload content of each packet. It can detect non-compliance with protocols and block malware, spam, or intrusions.

  6. Stateless Firewalls: These make decisions based on static values and are unaware of traffic patterns or data flow.

  7. Stateful Firewalls: They monitor traffic streams from end to end and are capable of recognizing and remembering previous traffic.

  8. Web Application Firewall (WAF): Specifically designed to protect web applications. Examples with pre-configured OWASP rule sets include Cloudflare, ModSecurity, and AWS WAF.

  9. Next-Generation Firewall (NGFW): Incorporates traditional firewall capabilities with advanced functionalities like DPI, intrusion detection, and real-time threat intelligence.

  10. Unified Threat Management (UTM): All-in-one security solutions that include multiple security features. They're best suited for SMBs.

  11. NAT Gateway: Used to enable devices in a private subnet to initiate outbound IPv4 traffic to the internet or other AWS services.

  12. Content/URL Filter: Filters web content based on categories or specific sites, preventing users from accessing harmful or inappropriate content.

Open Source vs. Proprietary Firewalls

Open Source: Tools like pfSense and iptables are open-source, meaning you can inspect the code. They might lack official support, but communities and third parties might offer help.

Proprietary: Companies like Cisco, Fortinet, or Palo Alto Networks offer proprietary firewalls. These often come with advanced functionalities, support, and integrations, but at a cost.

Hardware vs. Software Firewall

Hardware Firewall: Physical devices designed specifically for filtering network traffic. They can handle large volumes of traffic and are positioned between a local network and its connection point to the outside world.

Software Firewall: Installed on individual devices, like computers or servers. A host-based firewall is a type of software firewall. They are more susceptible to attack vectors due to the vulnerabilities of the underlying OS or software. Malware or attackers that compromise the host can potentially disable or alter the firewall.

Application vs. Host-Based vs. Virtual

Application: Often catered to a specific type of traffic. NGFWs can sometimes be classified here. 

Host-Based: Installed directly on a device. Windows Firewall, Whonix (the gateway specifically), or ufw on Linux are examples.

Virtual Firewalls: Deployed as virtual appliances in virtualized environments or cloud platforms. Both Cloud Service Providers (CSPs) and traditional firewall vendors may offer these.

Switch

Definition: A device that connects devices together on a computer network and uses packet switching to forward data to its destination.

Function:

  • Efficiently delivers traffic to specific devices.

  • Operates primarily on OSI Layer 2 (sometimes Layer 3).

  • Creates separate collision domains, optimizing data throughput.

Unlike hubs that broadcast to all ports, switches target specific MAC addresses.

Routers

Devices that forward data packets between computer networks.

  • Directs traffic between different networks.
  • Uses static or dynamic routing tables to determine the best path for data.

Gateways

Devices that connect two different networks using different protocols.

  • Often termed "protocol translators".
  • Operate at OSI Layer 3.
  • Can be standalone hardware, software services, or both.

Repeaters, Concentrators, & Amplifiers

Devices designed to extend the reach of or strengthen a communication signal over a network segment.

  • Enhances the signal over cable segments.
  • Operates at OSI Layer 1.

Bridges

Devices that connect two or more network segments, making them function as a single network.

  • Can connect networks with different topologies or cabling types.
  • Operates at OSI Layer 2.

Hubs

Basic networking devices that connect multiple devices in a LAN.

  • Broadcasts data to all connected devices.

  • Essentially acts as a multiport repeater.

  • Operates at OSI Layer 1.

More commonly found in home networks than in business settings due to their limited efficiency.

LAN Extenders

Devices that facilitate the connection of distant LANs over WAN links. Enables LANs to span larger geographic distances.

 

 

Back to top