Net. Devices & Infrastructure
Firewalls
Network security devices that monitor and filter incoming and outgoing network traffic based on an organization's previously established security policies.
-
Filters traffic based on predefined security rules.
- Help to protecting networked systems from unauthorized access.
-
Can be hardware-based, software-based, or a combination of both.
Firewalls, being the cornerstone of network security, come in various flavors. Let's delve into each type mentioned and address your specific questions:
Types of Firewalls
| Firewall Type | Description | Key Features |
|---|---|---|
| Static Packet-Filtering Firewalls | Operates on OSI layer 3. Filters packets based on source, destination, and ports. | - Rules-based filtering - Focuses on packet headers - Limited to basic filtering |
| Application-Level Firewall | Operates on OSI layer 7. Inspects traffic content. Can block specific applications/services. | - Filters based on application - Proxy functionality for applications |
| Circuit-level Firewall | Operates at OSI layer 5. Validates session legitimacy. Example: SOCKS protocol. | - Session-based filtering - Focuses on source, destination, and ports |
| Dynamic Inspection Firewall | Monitors entire communication, makes context-based decisions. | - Tracks communication state - Context-aware decision making |
| Deep Packet Inspection Firewalls | Inspects both packet headers and payload. Detects protocol violations, blocks malware, spam, intrusions. | - Inspects packet content - Identifies protocol non-compliance - Blocks malicious content |
| Stateless/First-Generation Firewalls | Make decisions based on static values. Unaware of traffic patterns. | - Aka First-Generation/Packet Filter - Decision-making based on static criteria- |
| Stateful Firewalls | Monitor traffic end-to-end, recognize and remember past traffic. | - Tracks and remembers traffic patterns - Context-aware decision making |
| Web Application Firewall (WAF) | Specifically for web apps. Blocks OWASP threats. Examples: Cloudflare, ModSecurity, AWS WAF. | - Protects web applications - Blocks OWASP threats |
| Next-Generation Firewall (NGFW) | Combines traditional and advanced features like DPI, intrusion detection. | - Advanced features - Real-time threat intelligence |
| Unified Threat Management (UTM) | All-in-one security solution with multiple features. Suited for SMBs. | - Multiple security features in one solution |
| NAT Gateway | Translates between public and private IP addresses. Used for outbound traffic from private subnets. | - IP address translation - Enables private subnet devices to access the internet |
| Content/URL Filter | Filters web content based on categories/sites, blocks harmful/inappropriate content. | - Web content filtering based on categories/sites |
Open Source vs. Proprietary Firewalls
Open Source: Tools like pfSense and iptables are open-source, meaning you can inspect the code. They might lack official support, but communities and third parties might offer help.
Proprietary: Companies like Cisco, Fortinet, or Palo Alto Networks offer proprietary firewalls. These often come with advanced functionalities, support, and integrations, but at a cost.
Hardware vs. Software Firewall
Hardware Firewall: Physical devices designed specifically for filtering network traffic. They can handle large volumes of traffic and are positioned between a local network and its connection point to the outside world.
Software Firewall: Installed on individual devices, like computers or servers. A host-based firewall is a type of software firewall. They are more susceptible to attack vectors due to the vulnerabilities of the underlying OS or software. Malware or attackers that compromise the host can potentially disable or alter the firewall.
Application vs. Host-Based vs. Virtual
Application: Often catered to a specific type of traffic. NGFWs can sometimes be classified here.
Host-Based: Installed directly on a device. Windows Firewall, Whonix (the gateway specifically), or ufw on Linux are examples.
Virtual Firewalls: Deployed as virtual appliances in virtualized environments or cloud platforms. Both Cloud Service Providers (CSPs) and traditional firewall vendors may offer these.
Other Infrastructure Terms
Switch
A device that connects devices together on a computer network and uses packet switching to forward data to its destination.
-
Efficiently delivers traffic to specific devices.
-
Operates primarily on OSI Layer 2 (sometimes Layer 3).
-
Creates separate collision domains, optimizing data throughput.
Unlike hubs that broadcast to all ports, switches target specific MAC addresses.
Routers
Devices that forward data packets between computer networks.
- Directs traffic between different networks.
- Uses static or dynamic routing tables to determine the best path for data.
Gateways
Devices that connect two different networks using different protocols.
- Often termed "protocol translators".
- Operate at OSI Layer 3.
- Can be standalone hardware, software services, or both.
Repeaters, Concentrators, & Amplifiers
Devices designed to extend the reach of or strengthen a communication signal over a network segment.
- Enhances the signal over cable segments.
- Operates at OSI Layer 1.
Bridges
Devices that connect two or more network segments, making them function as a single network.
- Can connect networks with different topologies or cabling types.
- Operates at OSI Layer 2.
Hubs
Basic networking devices that connect multiple devices in a LAN.
-
Broadcasts data to all connected devices.
-
Essentially acts as a multiport repeater.
-
Operates at OSI Layer 1.
More commonly found in home networks than in business settings due to their limited efficiency.
LAN Extenders
Devices that facilitate the connection of distant LANs over WAN links. Enables LANs to span larger geographic distances.