Network Security Threats and Countermeasures-Types of Firewall

In this session, you will learn about:

• Types of firewalls
• Hardware Firewall
• Software Firewall

What is a firewall?

Firewalls are designed to protect computers and entire networks from malicious attacks. Essentially, what they do is they protect the hosts on one network from the hosts on another network.

• Designed to protect computers and networks from malicious attacks 
• Protects hosts on one network from hosts on another network 
• Segregates your internal network from the internet 
• Accomplished by configuring incoming and outgoing traffic filtering rules.

Types of Firewall

Hardware Firewall
Software Firewall

Hardware-based Firewalls	Software-based Firewalls
Best suited to medium and large enterprise networks	Best suited for protecting single host computers or small office and home office networks.
Provide better security	Less secure than a hardware firewall
Provide excellent performance, thanks to their dedicated hardware resources	The performance is reliant on the host operating system's resources. If one has an insufficient host hardware, it can cost performance degradation and issues
Smaller attack surface	Larger attack surface
More costly than a software-based counterpart	Generally, more cost effective than a hardware-based firewall

Software Firewalls 

Categories of Firewall

Packet Filtering Firewalls 

Some of the most common protocols and ports to be aware of, for filtering purposes are:

▪ HTTP – port 80 tcp 

▪ HTTPS – port 443 tcp 

▪ FTP – port 20 tcp and port 21 udp

▪ DNS – port 53 tcp and udp 

▪ SMTP – port 25 tcp 

▪ POP3 – port 110 tcp

Circuit-level Firewall

1. Also known as a transparent proxy
2. A second-generation firewall technology
3. Do not analyze each and every packet that passes through the firewall 
4. All sessions appear to originate from the firewall itself, this allows one’s internal network to be hidden from the external/public network
5. The traffic is filtered based on specific session rules- Session rules could be established and the firewall keeps a list of the valid connections

Application-level Firewalls

• Also known as proxy servers
• The deep data inspection of this type of firewall makes them resource intensive
• Under resourced firewalls can negatively affect network performance 
• Appropriate resourcing is imperative
• Plan for growth, and purchase the best resources you can afford

Stateful Multi-level Firewall

• Combines the best attributes of both Packet Filtering and Application-level Firewalls and they are frequently considered to be the best solution
• Very feature rich - It offers such features as anti-virus protection, content filtering, intrusion prevention as well as activity and usage reporting
• Very expensive
• Can be difficult to configure and maintain

Next-Generation Firewalls

• A next-generation firewall (NGFW) is a network security device that provides capabilities beyond a traditional, stateful firewall
• Some of the features include deep-packet inspection, TCP handshake checks, and surface-level packet inspection
• It could include intrusion prevention systems (IPSs) that work to automatically stop attacks against the network

Software Firewalls

• Host or Personal Firewall 
• Installed on host computers
• Protects the host directly from network based attacks

• Network Firewall
• Applications installed on servers 
• Protects network segments from other network segments
• Similar functionality to hardware firewalls 

Hardware Firewall

• Hardware firewalls use a physical appliance that act in a manner similar to a traffic router
• Excel at perimeter security by making sure malicious traffic from outside the network is intercepted
• Weakness of this firewalls is that it is often easy for insider attacks to bypass them. 
• Actual capabilities of a hardware firewall may vary depending on the manufacture

Cloud Firewall

• When a cloud solution is used to deliver a firewall, it can be called a cloud firewall, or firewall-as-a-service (FaaS)
• A cloud server is often used in a proxy firewall setup
• Cloud-based firewalls are very easy to scale with the organization
• Cloud firewalls, like hardware firewalls, excel at perimeter security

Using Hardware & Software Firewalls

Hardware Firewalls

Software Firewalls

·         Best suited for use in medium to large enterprise networks ·         Better security ·         Hardened OS ·         Smaller attack surface ·         Excellent performance ·         Dedicated hardware resources ·         Very reliable ·         More costly than software firewalls

·         Best suited for protecting single hosts, or small home networks ·         Lesser security than hardware firewall ·         Host OS requires hardening ·         Requires specialized expertise may require additional investment in time/resources ·         Larger attack surface ·         Performance is reliant on host OS resources ·         Insufficient host hardware can cause performance degradation/issues ·         Reliability is tied to underlying host hardware reliability

Fill in the blanks

1. Host or personal Firewalls and Network Firewall belong to this category _______.
2. HTTPS is used for _______ and it uses port _______ .
3. ________ typically used in conjunction with other kinds of firewalls that offer a more granular filtering.
4. ________ combines the best attributes of both packet filtering and application-level firewalls.
5. An example of a network-based software firewall will be _______.

Answers:

1. Software Firewall
2. Secure web traffic and 443
3. Circuit-level Firewall
4. State Multi-level Firewall
5. Microsoft's Forefront Threat Management Gateway