Thanks for watching another episode of Infosec Hub, today we will explain the concept of a firewall. I know most of the viewers and subscribers to my channel are more into the technical measures you can take to keep you computers and network safe, so this one is for all of you. To secure your computers and applications on a network level, the firewall is a good place to start.
So what is a firewall ?
A firewall is a system designed to prevent unauthorised access to a private network, the private network being your home network or a company network for instance. The attempt to access that network comes from the internet. In IT terms, the WAN, wide area network is the internet, the LAN, local area network is your own network. All computers on your private network have internet access but the firewall is placed at a central place in your network, all requests will go trough the firewall. So what do the professionals at CISCO say that a firewall is ?
According to CISCO a provider from network devices such as switches, routers, VoIP phones a firewall is as follows;
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules.
Firewalls have been a first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet.
There are several implementations of firewalls, I will go over the most common implementations;
Stateful inspection firewall
Now thought of as a “traditional” firewall, a stateful inspection firewall allows or blocks traffic based on state, port, and protocol. It monitors all activity from the opening of a connection until it is closed. Filtering decisions are made based on both administrator-defined rules as well as context, which refers to using information from previous connections and packets belonging to the same connection.
Next generation firewall
Firewalls have evolved beyond simple packet filtering and stateful inspection. Most companies are deploying next-generation firewalls to block modern threats such as advanced malware and application-layer attacks.
According to Gartner, Inc.’s definition, a next-generation firewall must include:
- Standard firewall capabilities like stateful inspection
- Integrated intrusion prevention
- Application awareness and control to see and block risky apps
- Upgrade paths to include future information feeds
- Techniques to address evolving security threats
While these capabilities are increasingly becoming the standard for most companies, NGFWs can do more.
Proxy firewall
An early type of firewall device, a proxy firewall serves as the gateway from one network to another for a specific application. Proxy servers can provide additional functionality such as content caching and security by preventing direct connections from outside the network. However, this also may impact throughput capabilities and the applications they can support.
Virtual firewall
A virtual firewall is typically deployed as a virtual appliance in a private cloud (VMware ESXi, Microsoft Hyper-V, KVM) or public cloud (AWS, Azure, Google, Oracle) to monitor and secure traffic across physical and virtual networks. A virtual firewall is often a key component in software-defined networks (SDN).
PfSense – OPENSOURCE firewall solution
In the near future we will make a few videos based on the open source firewall solution that has the name PFSENSE, based on FreeBSD, PfSense is free but setting it up will take time and experience. I will try to make a few videos for you guys to better understand the inner workings of PfSense.
Web Application Firewalls
Last type of firewall I want to talk about is the WAF or web application firewall, if you are reading this on my blog you are accessing a web application, if you are browsing to your favorite website it is probably a CMS, content management system. These systems organise content like text, images, embedded videos etc. These are web-based applications, there is a specific need for these web applications to stay safe. They are connected to the internet 24/7 365 days a year. A web application firewall is specifically tailor made for the application. If you go for a subscription service the WAF will be regularly updated with the latest information about threats, weaknesses in other words vulnerabilities. Also security rules can be updated, usually the WAF is maintained by the security community of the firewall. Like it is the case with WordPress. The firewall can detect attacks based on AI, it can detect automated attacks and close the firewall on ip-basis or port-number.