What is a firewall?
Firewall is a device or a software feature designed to control the flow of trafic into and out-of a network.
Firewall interconnects networks with different trust.
Firewall implements and enforces a security policy between networks.
Firewall Zones
Trusted Zone
Untrusted Zone
Demilitarized Zone(DMZ)
Trusted zone contains a numerical value of 100 which means highest level of trust.
Untrusted zone contains a numerical value of 0 which means lowest level of trust.
A WAN port can only be mapped to an Untrusted Zone.
DMZs are less trusted zones
Public Zone is demilitarized zone and has a trust value of 50
Types of firewall
Software Based Firewalls
Run as additional program on Personal Computers
Known as Personal Firewalls
Examples of SBFs are:- Windows Firewall, Kaspersky Firewall, Zone Alarm Pro Firewall
Also there are some open source firewall available. Exa:- OpenWRT, PfSense, Untangle Gateway, IPcop.
Hardware based firewalls are the first line of defense against the cyber attacks.
HBFs are more expensive as compared to SBFs.
Traditionally HBFs were only used to carry out Packet Filtering.
Today HBFs have built-in Intrusion Prevention System and Intrusion Detection System IPS/IDPS
When IDPS detects a malicious activity it sends a signal, drops the packet, blocks the IP and resets the connection.
Some Hardware Based Firewall providers are:
CISCO
ProSafe
D-Link
SonicWall
Netgear
Services provided by firewall
Packet Filtering
Stateful packet Inspection
Proxying
Authentication
Logging
Content Filtering
Network Address Translation
Packet Filtering
The header of the each packet is compared to the pre-configured set of rules.
Rules of packet filtering are:
Protocol Type (TCP,IP,UDP,ICMP,ESP,etc)
Source Address
Source Port
Destination Address
Destination Port
Packet Filtering Firewalls works on the Network Layer (layer 3) and Transport Layer (layer 4) of the OSI model of reference.
Stateful Packet Inspection
All packets are examined and the header information is stored in dynamic state session table.
The rules of stateful packet inspection are:
Protocol Type (TCP,IP,UDP,ICMP,ESP,etc)
Source Address
Source Port
Destination Address
Destination Port
Connection State
Proxy Services
Proxy/Application gateway acts as an intermediate between the connections.
Each connection can only communicate with other by going through the proxy/application gateway.
Proxy/Application gateway operates at the Application layer (Layer 7) of the OSI Model of reference.
When a client issues a request from an untrusted network, a connection is established between the client and proxy/gateway. The proxy/gateway compares the request to the set of rules, if finds the request valid, it sends a connection request to the destination on the behalf of the client.
Proxy Servers also provide some other services:
Logging:-Proxy servers makes log of the each communication.
Content Filtering
Authentication
NAT(Network Address Translation)
NAT is a method that enables hosts on private networks to communicate with hosts on the Internet.
NAT is mostly used to translate between public address and private address.
NAT can be also used for Public to Public Address Translation and Private to Private Address Translation.
NAT hides the IP address and IP address structure of the internal network.
In NAT the actual IP address/port used in an internal network is translated to the outside IP address/outside port.
This is done by replacing the local IP address from the header of the data packet with the outside IP address.
Types of NAT
Static NAT
Dynamic NAT
Load Sharing NAT
Static NAT
Static NAT performs one to one translation between two addresses or between a port on one address to a port on another address.
Static NAT maps a block on external IP addresses to the same size block of internal IP addresses.
NAT maps a specific port to come through the firewall rather than all ports.
Static NAT allows the internal client to maintain their set-up information.
Multiple ISP’s can be enlisted to provide a degree of fault-tolerant access to the system. If network performance or quality degrades, connections can be swapped to another supplier.
Dynamic NAT
Dynamic does not perform one to one translation but instead maps a group on internal IP addresses to a pool of external IP addresses.
These mappings can be set to expire if they are not used within a programmable period of time.
Dynamic NAT works as firewall between internal network and the outside network or internet.
Dynamic NAT only allows the connections that originate inside the internal domain.
A computer on an external network can not connect to one of the internal servers unless the internal node has initiated the contact.
Load Sharing NAT
Load Sharing NAT(LSNAT) distributes a session load across a pool of servers.
LSNAT is most often used in embedded server farms where a single blade server is unable to handle the increasing number of clients or sessions.
No comments:
Post a Comment