What is fire wall security ?2022




 In the world of computer firewall protection, a firewall refers to a network device which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network. It is analogous to a physical firewall in the sense that firewall security attempts to block the spread of computer attacks.


Firewall History

Firewalls have existed since the late 1980’s and started out as packet filters, which were networks set up to examine packets, or bytes, transferred between computers. Though packet filtering firewalls are still in use today, firewalls have come a long way as technology has developed throughout the decades.

  • Gen 1 Virus
    • Generation 1, Late 1980’s, virus attacks on stand-alone PC’s affected all businesses and drove anti-virus products.
  • Gen 2 Networks
    • Generation 2, Mid 1990’s, attacks from the internet affected all business and drove creation of the firewall.
  • Gen 3 Applications
    • Generation 3, Early 2000’s, exploiting vulnerabilities in applications which affected most businesses and drove Intrusion Prevention Systems Products (IPS).
  • Gen 4 Payload
    • Generation 4, Approx. 2010, rise of targeted, unknown, evasive, polymorphic attacks which affected most businesses and drove anti-bot and sandboxing products.
  • Gen 5 Mega
    • Generation 5, Approx. 2017, large scale, multi-vector, mega attacks using advance attack tools and is driving advance threat prevention solutions.

 

Back in 1993, Check Point CEO Gil Shwed introduced the first stateful inspection firewall, FireWall-1. Fast forward twenty-seven years, and a firewall is still an organization’s first line of defense against cyber attacks. Today’s firewalls, including Next Generation Firewalls and Network Firewalls support a wide variety of functions and capabilities with built-in features, including:

Types of Firewalls

  • Packet filtering

    A small amount of data is analyzed and distributed according to the filter’s standards.

  • Proxy service

    Network security system that protects while filtering messages at the application layer.

  • Stateful inspection

    Dynamic packet filtering that monitors active connections to determine which network packets to allow through the Firewall.

  • Next Generation Firewall (NGFW)

    Deep packet inspection Firewall with application-level inspection.

What Firewalls Do?

A Firewall is a necessary part of any security architecture and takes the guesswork out of host level protections and entrusts them to your network security device. Firewalls, and especially Next Generation Firewalls, focus on blocking malware and application-layer attacks, along with an integrated intrusion prevention system (IPS), these Next Generation Firewalls can react quickly and seamlessly to detect and react to outside attacks across the whole network. They can set policies to better defend your network and carry out quick assessments to detect invasive or suspicious activity, like malware, and shut it down.

Why Do We Need Firewalls?

Firewalls, especially Next Generation Firewalls, focus on blocking malware and application-layer attacks. Along with an integrated intrusion prevention system (IPS), these Next Generation Firewalls are able to react quickly and seamlessly to detect and combat attacks across the whole network. Firewalls can act on previously set policies to better protect your network and can carry out quick assessments to detect invasive or suspicious activity, such as malware, and shut it down. By leveraging a firewall for your security infrastructure, you’re setting up your network with specific policies to allow or block incoming and outgoing traffic.

Network Layer vs. Application Layer Inspection

Network layer or packet filters inspect packets at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set where the source and destination of the rule set is based upon Internet Protocol (IP) addresses and ports. Firewalls that do network layer inspection perform better than similar devices that do application layer inspection. The downside is that unwanted applications or malware can pass over allowed ports, e.g. outbound Internet traffic over web protocols HTTP and HTTPS, port 80 and 443 respectively.

The Importance of NAT and VPN

Firewalls also perform basic network level functions such as Network Address Translation (NAT) and Virtual Private Network (VPN). Network Address Translation hides or translates internal client or server IP addresses that may be in a “private address range”, as defined in RFC 1918 to a public IP address. Hiding the addresses of protected devices preserves the limited number of IPv4 addresses and is a defense against network reconnaissance since the IP address is hidden from the Internet.

 

Similarly, a virtual private network (VPN) extends a private network across a public network within a tunnel that is often encrypted where the contents of the packets are protected while traversing the Internet. This enables users to safely send and receive data across shared or public networks.

Next Generation Firewalls and Beyond

Next Generation Firewalls inspect packets at the application level of the TCP/IP stack and are able to identify applications such as Skype, or Facebook and enforce security policy based upon the type of application.

 

Today, UTM (Unified Threat Management) devices and Next Generation Firewalls also include threat prevention technologies such as intrusion prevention system (IPS) or Antivirus to detect and prevent malware and threats. These devices may also include sandboxing technologies to detect threats in files.

 

As the cyber security landscape continues to evolve and attacks become more sophisticated, Next Generation Firewalls will continue to be an essential component of any organization’s security solution, whether you’re in the data center, network, or cloud. To learn more about the essential capabilities your Next Generation Firewall needs to have, download the Next Generation Firewall (NGFW) Buyer’s Guide today.

Packet filtering firewall

This type of firewall has a list of firewall security rules which can block traffic based on IP protocol, IP address and/or port number. Under this firewall management program, all web traffic will be allowed, including web-based attacks. In this situation, you need to have intrusion prevention, in addition to firewall security, in order to differentiate between good web traffic (simple web requests from people browsing your website) and bad web traffic (people attacking your website).

A packet filtering firewall has no way to tell the difference. An additional problem with packet filtering firewalls which are not stateful is that the firewall can't tell the difference between a legitimate return packet and a packet which pretends to be from an established connection, which means your firewall management system configuration will have to allow both kinds of packets into the network.

Stateful firewall

This is similar to a packet filtering firewall, but it is more intelligent about keeping track of active connections, so you can define firewall management rules such as "only allow packets into the network that are part of an already established outbound connection." You have solved the established connection issue described above, but you still can't tell the difference between "good" and "bad" web traffic. You need intrusion prevention to detect and block web attacks.

Deep packet inspection firewall

An application firewall actually examines the data in the packet, and can therefore look at application layer attacks. This kind of firewall security is similar to intrusion prevention technology, and, therefore, may be able to provide some of the same functionality.

There are three caveats, however: first, for some vendors, the definition of "deep" extends to some particular depth in the packet and does not necessarily examine the entire packet. This can result in missing some kinds of attacks. Second, depending on the hardware, a firewall may not have adequate processing power to handle the deep packet inspection for your network. Be sure to ask questions about how much bandwidth it can handle while performing such inspection. And finally, embedded firewall management technology may not have the flexibility to handle all attacks.

Application-aware firewall

Similar to deep packet inspection, except that the firewall understands certain protocols and can parse them, so that signatures or rules can specifically address certain fields in the protocol. The flexibility of this approach to computer firewall protection is great and permits the signatures or rules to be both specific and comprehensive. There are no specific drawbacks to this approach to firewall security as generally it will yield improvements over a standard "deep packet inspection" approach. However, some actual attacks may be overlooked (false negatives) because the firewall security parsing routines are not robust enough to handle variations in real-world traffic.

Application proxy firewall

An application proxy acts as an intermediary for certain application traffic (such as HTTP, or web, traffic), intercepting all requests and validating them before passing them along. Again, an application proxy firewall is similar to certain kinds of intrusion prevention. The implementation of a full application proxy is, however, quite difficult, and each proxy can only handle one protocol (e.g. web or incoming email).

For an application proxy firewall to be effective as computer firewall protection, it has to be able to understand the protocol completely and to enforce blocking on violations of the protocol. Because implementations of the protocol being examined often do not follow a protocol correctly, or because implementers add their own extensions to a protocol, this can result in the proxy blocking valid traffic (false positives). Because of these kinds of problems, end users will often not enable these technologies.

Now regardless of what firewall security solution you invest in, within today’s cyberthreat landscape standalone it isn’t enough. The telemetry you gather from your firewall must be ingested and correlated with other telemetry from cloud, endpoints, identity, email and more to build a comprehensive cybersecurity protection plan. Even with preventive systems in place threat actors will find their way inside and it is critical to detect their presence as early as possible. This is where solutions like Extended Threat Detection and Response (XDR) come in to help you get a single view across all security systems with correlated and prioritized alerts. Then if you need help managing maximize partners who can deliver XDR with a managed service layer.










Comments

Post a Comment

Popular posts from this blog

python interview questions 2022?

Image
  Top 100+ Python Interview Questions You Must Prepare In 2022 Basic Python Interview Questions for Freshers Q1. What is the difference between list and tuples in Python? LIST vs TUPLES LIST TUPLES Lists are mutable i.e they can be edited. Tuples are  immutable (tuples are lists which can’t be edited). Lists are slower than tuples. Tuples are faster than list. Syntax: list_1 = [10, ‘Chelsea’, 20] Syntax: tup_1 = (10, ‘Chelsea’ , 20) Q2. What are the key features of Python? Python is an  interpreted  language. That means that, unlike languages like  C  and its variants, Python does not need to be compiled before it is run. Other interpreted languages include  PHP  and  Ruby . Python is  dynamically typed , this means that you don’t need to state the types of variables when you declare them or anything like that. You can do things like  x=111  and then  x="I'm a string"  without error Python is well suited to  object oriented progamming  in that it allows the definition of
Read more

Java Basic Interview Questions?

Image
  1. Why is Java a platform independent language? Java language was developed in such a way that it does not depend on any hardware or software due to the fact that the compiler compiles the code and then converts it to platform-independent byte code which can be run on multiple systems. The only condition to run that byte code is for the machine to have a runtime environment (JRE) installed in it. 2. Why is Java not a pure object oriented language? Java supports primitive data types - byte, boolean, char, short, int, float, long, and double and hence it is not a pure object-oriented language. 3. Pointers are used in C/ C++. Why does Java not make use of pointers? Pointers are quite complicated and unsafe to use by beginner programmers. Java focuses on code simplicity, and the usage of pointers can make it challenging. Pointer utilization can also cause potential errors. Moreover, security is also compromised if pointers are used because the users can directly access memory with the he
Read more

How to Code – Coding for Beginners and How to Learn Programming for Free?

Image
  These days, there are a lot resources out there for learning how to code. And many of them are readily available online for free – so choosing one can be overwhelming. But there's definitely an upside: you don't need to attend a paid bootcamp or university anymore in order to learn how to code. You can teach yourself. In this article, I will share some tips and info about how to learn to code for free as a beginner. I'll also point you to free learning platforms and resources. What is Coding? "Coding" is a commonly used term for computer programming. Some people use it interchangeably with programming, while others would argue they are not entirely the same. By definition, "code" refers to a set of instructions that tells a computer what to do. Computers don't understand human language, so over time, humans have created languages that computers can understand. And developers speak to them through those languages. Examples of coding languages includ
Read more