Firewalls :-
A firewall is a networking device, either hardware or software based, that
controls access to your organization’s network. This controlled access is
designed to protect data and resources from an outside threat. To do this,
firewalls are typically placed at entry/exit points of a network.
- for example, placing a firewall between an internal network and the Internet. Once there,
it can control access in and out of that point.
- Although firewalls typically protect internal networks from public networks,
they are also used to control access between specific network segments with-
in a network.
- for example, placing a firewall between the Accounts and the
Sales departments.
- As mentioned, firewalls can be implemented through software or through a
dedicated hardware device. Organizations implement software firewalls
through network operating systems (NOS) such as Linux/UNIX, Windows
servers, and Mac OS servers.
https://youtu.be/x1YLj06c3hM
working of firewalls :-
1. Network traffic is comprised of packets — there are typically many of them for any given request like loading a web page. The packets contain information about where they are coming from and where they are going and of course carry information such as the request for a web page or the response. The exact format of the packets depends on the type of software that is trying to communicate, but there are prescribed formats in various protocols.
2. A typical firewall is software that can look at those packets read the protocols and decide if the packet will be allowed to continue to the next step on the path between the “where they are coming from” and “where they are going”.
3. This software could be on your computer system, it could be in your cable modem, it could be in your internet service provider’s systems, it could be on the web services’ network, or the web services’ computer system. More than likely it will be on more than one of those.
4. Different firewall software varies in how it looks at the packets and how you can tell it about packets that you don’t want to traverse. The firewall on your computer for example should look at packets coming to your computer from anywhere and decide if they are following all the rules.
If any rules are being broken then the firewall software can take action including simply not forwarding the packet.
https://youtu.be/KZc1KaE1OKU
Why a Firewalls is needed?
There is no need for a firewall if each and every host of a private network is properly
secured. Unfortunately, in practice the situation is different. A private network may
consist of different platforms with diverse OS and applications running on them. Many of
the applications were designed and developed for an ideal environment, without
considering the possibility of the existence of bad guys. Moreover, most of the corporate
networks are not designed for security. Therefore, it is essential to deploy a firewall to
protect the vulnerable infrastructure of an enterprise.
Access Control Policies :-
Access control policies play an important role in the operation of a firewall. The policies
can be broadly categorized in to the following four types:
Service Control:-
- Determines the types of internet services to be accessed
- Filters traffic based on IP addresses and TCP port numbers
- Provides Proxy servers that receives and interprets service requests before it is
passed on.
Direction Control:-
- Determines the direction in which a particular service request may be initiated and
allowed to flow through the firewall.
User Control:-
- Controls access to a service according to which user is attempting to access it
- Typically applied to the users inside the firewall perimeter
- Can be applied to the external users too by using secure authentication technique
Behavioral Control:-
- Controls how a particular service is used
- For example, a firewall may filter email to eliminate spam
- Firewall may allow only a portion of the information on a local web server to an
external user
firewall capability :-
Important capabilities of a firewall system are listed below:
- It defines a single choke point to keep unauthorized users out of protected
network
- It prohibits potentially vulnerable services from entering or leaving the network
- It provides protection from various kinds of IP spoofing
- It provides a location for monitoring security-related events
- Audits and alarms can be implemented on the firewall systems
- A firewall is a convenient platform for several internet functions that are not
security related
- A firewall can serve as the platform for IPSec using the tunnel mode capability
and can be used to implement VPNs.
Types of firewalls :-
The firewalls can be broadly categorized into the following three types:
• Packet Filters
• Application-level Gateways
• Circuit-level Gateways
1. Application-level Gateway:
Application level gateway, also called a Proxy Server act as a relay of application level traffic. Users contact gateways using an application and the request is successful after authentication. The application gateway is service specific such as FTP, TELNET, SMTP or HTTP.
2.Circuit Level Gateway:
Circuit-level gateway can be a standalone or a specialized system. It does not allow end-to-end TCP connection; the gateway sets up two TCP connections. Once the TCP connections are established, the gateway relays TCP segments from one connection to the other without examining the contents. The security function determines which connections will be allowed and which are to be disallowed.
3. Packet Filters:
Packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards it. Pac ket filter is typically set up as a list of rules based on matches of fields in the IP or TCP header