Skip to main content

Net. Devices & Infrastructure

Firewalls

Definition: Network security devices that monitor and filter incoming and outgoing network traffic based on an organization's previously established security policies.

Function:

  • Filters traffic based on predefined security rules.

  • Help to protecting networked systems from unauthorized access.

  • Can be hardware-based, software-based, or a combination of both.

Firewalls, being the cornerstone of network security, come in various flavors. Let's delve into each type mentioned and address your specific questions:

Types of Firewalls

  • Operate primarily
(Proxy Firewall)

orapplications.

  • Only

    the
  • Track
    • thestate of the conversation e.g "only speak if spoken to". 

    Firewalls

    intrusions.
    • These make
    or
    • They monitor
    recognizingoftheconversation e.g "only speak if spoken to". 

    • Incorporates
    and

    Address Translation) Gateway

     orotherAWS services.

    Firewall TypeDescriptionKey Features
    Static Packet-Filtering Firewalls

    		 Operates on OSI layer 33. (NetworkFilters Layer) and look at packet headers to determine whether to allow or drop a packet based on predefined rules.
  • Only filterspackets based on source, destination, and ports.
    		•  - Rules-based
    filtering
    -

    Focuses on packet headers
    - Limited to basic filtering

    Application-Level Firewall Operates on OSI layer 77. (ApplicationInspects Layer)traffic andcontent. inspects the content of the traffic. It canCan block specific applicationsapplications/services. - services.Filters based on application
    -
  • Proxy trafficfunctionality for specificapplications
    		•
    Circuit-level Firewall

    		 Operates at the session layer (OSI layer 5)5. and determines if aValidates session islegitimacy. legitimate. An example is theExample: SOCKS protocol. - filtersSession-based basedfiltering
    - Focuses on source, destination, and ports.ports
    Dynamic Inspection Firewall

    		 Monitors the entire communication process andcommunication, makes decisions context-based ondecisions. - contextTracks orcommunication state
    - ofContext-aware thedecision communication.making
    Deep Packet Inspection (DPI)Firewalls Inspects both headerpacket headers and payloadpayload. contentDetects ofprotocol eachviolations, packet. It can detect non-compliance with protocols and blockblocks malware, spam, orintrusions. - Inspects
    packet

    Statelesscontent
    - Identifies protocol non-compliance
    - Blocks malicious content

    Stateless/First-Generation Firewalls

    		 Make decisions based on static valuesvalues. and are unawareUnaware of traffic patternspatterns. - dataAka flow.First-Generation/Packet Filter
    -
    Decision-making

    based on static criteria- 

    Stateful Firewalls

    		 Monitor traffic streamsend-to-end, from end to endrecognize and areremember capablepast oftraffic. - Tracks and rememberingremembers previoustraffic traffic.patterns
    -
  • TrackContext-aware thedecision statemaking
    		•
    Web Application Firewall (WAF)

    		 Specifically designed to protectfor web applications.apps. Examples with pre-configuredBlocks OWASP rulethreats. sets includeExamples: Cloudflare, ModSecurity, and AWS WAF. -
    Protects

    web applications
    - Blocks OWASP threats

    Next-Generation Firewall (NGFW)

    		 Combines traditional firewall capabilities withand advanced functionalitiesfeatures like DPI, intrusion detection,detection. - real-Advanced features
    - Real-time threat intelligence.intelligence
    Unified Threat Management (UTM)

    		 All-in-one security solutionssolution that includewith multiple security features. They're best suitedSuited for SMBs. -
    Multiple

    security features in one solution

    NAT (NetworkGateway Translates both frombetween public IP addresses toand private IP addressesaddresses. and vice versa.
  • Used tofor enableoutbound devicestraffic infrom aprivate subnets.
    		• - IP address translation
    - Enables private subnet devices to initiate outbound IPv4 traffic toaccess the internet
    Content/URL Filter

    		 Filters web content based on categories or specific categories/sites, preventingblocks users from accessing harmful or harmful/inappropriate content. -

    Web content filtering based on categories/sites

    Open Source vs. Proprietary Firewalls

    Open Source: Tools like pfSense and iptables are open-source, meaning you can inspect the code. They might lack official support, but communities and third parties might offer help.

    Proprietary: Companies like Cisco, Fortinet, or Palo Alto Networks offer proprietary firewalls. These often come with advanced functionalities, support, and integrations, but at a cost.

    Hardware vs. Software Firewall

    Hardware Firewall: Physical devices designed specifically for filtering network traffic. They can handle large volumes of traffic and are positioned between a local network and its connection point to the outside world.

    Software Firewall: Installed on individual devices, like computers or servers. A host-based firewall is a type of software firewall. They are more susceptible to attack vectors due to the vulnerabilities of the underlying OS or software. Malware or attackers that compromise the host can potentially disable or alter the firewall.

    Application vs. Host-Based vs. Virtual

    Application: Often catered to a specific type of traffic. NGFWs can sometimes be classified here. 

    Host-Based: Installed directly on a device. Windows Firewall, Whonix (the gateway specifically), or ufw on Linux are examples.

    Virtual Firewalls: Deployed as virtual appliances in virtualized environments or cloud platforms. Both Cloud Service Providers (CSPs) and traditional firewall vendors may offer these.

    SwitchOther Infrastructure Terms

    Switch

    Definition: A device that connects devices together on a computer network and uses packet switching to forward data to its destination.

    Function:

    • Efficiently delivers traffic to specific devices.

    • Operates primarily on OSI Layer 2 (sometimes Layer 3).

    • Creates separate collision domains, optimizing data throughput.

    Unlike hubs that broadcast to all ports, switches target specific MAC addresses.

    Routers

    Devices that forward data packets between computer networks.

    • Directs traffic between different networks.
    • Uses static or dynamic routing tables to determine the best path for data.

    Gateways

    Devices that connect two different networks using different protocols.

    • Often termed "protocol translators".
    • Operate at OSI Layer 3.
    • Can be standalone hardware, software services, or both.

    Repeaters, Concentrators, & Amplifiers

    Devices designed to extend the reach of or strengthen a communication signal over a network segment.

    • Enhances the signal over cable segments.
    • Operates at OSI Layer 1.

    Bridges

    Devices that connect two or more network segments, making them function as a single network.

    • Can connect networks with different topologies or cabling types.
    • Operates at OSI Layer 2.

    Hubs

    Basic networking devices that connect multiple devices in a LAN.

    • Broadcasts data to all connected devices.

    • Essentially acts as a multiport repeater.

    • Operates at OSI Layer 1.

    More commonly found in home networks than in business settings due to their limited efficiency.

    LAN Extenders

    Devices that facilitate the connection of distant LANs over WAN links. Enables LANs to span larger geographic distances.

    Back to top