Basics of a Firewall

Basics about Firewall

It is a part of Computer network or system that is to block the access of unauthorized attack in a communication. It can be installed either software or hardware. It is a device which permits or denies network transmissions or traffics. This is first fence of the defense of a network.

• Basically Firewalls protect inside networks from unauthorized access by users on an outside network. 
• It can permit or block any port number, web applications.
• A firewall can also protect inside networks from each other, let say, by keeping a Human resources network separate from a User network. 
• A firewall typically establishes a obstacle between a trusted internal network and  zero trusted external network such as web.
• Basically a firewall is to isolate one network from another.

If you have network resources that need to be available to an outside user, such as a web or FTP server, you can place these resources on a separate network behind the firewall, called a demilitarized zone (DMZ). The firewall allows limited access to the DMZ, but because the DMZ only includes the public servers, an attack there only affects the servers and does not affect the other inside networks.

Demilitarized Zone

Demilitarized Zone or DMZ zone is a perimeter that adds an additional security layer to organization's internal local area network from untrusted traffic. It is ideally set between two firewalls. 

The prime advantage of using DMZ is to provide an internal network is strong in security layers by restricting access to sensitive data and servers. 

                                                                       

   Firewall 

1. Basic firewall placement:

In a typical firewall configuration, a firewall is placed between the Internet and the organization's servers or office computers. The firewall will block all unauthorized inbound and/or outbound traffic.

2.  Firewall with Demilitarized Zone (DMZ) Configuration

In this scenario, server "A" has special requirements which might make it more vulnerable to intrusion. For additional security, Server "A" is placed on a separate network segment with its own firewall rules. If a hacker manages to compromise server "A", the hacker will still not be able to gain access to the other servers because they are on a different network segment protected by their own firewall rules.

The goal of a DMZ is to add an extra layer of security to an organization's local area network and critical resources. This functions as a small, isolated network positioned between the Internet and the private network.

                                                                    DMZ firewall

3. Firewall with Fail-over Configuration

In this scenario, a backup firewall is installed. The backup device will continuously monitor the "health" of the primary firewall. If the primary firewall fails, the backup firewall will assume the IP address of the failed primary firewall and take over the firewall duties. You might choose to install a backup firewall if your Internet service is mission critical and you cannot tolerate extended periods of downtime due to hardware failure.

There are also some Security Policies that can be applied here because A security policy determines which traffic is allowed to pass through the firewall to access another network.

The policies are like so as: 

•   Permitting or denying access list.
•   Applying HTTP, HTTPS or FTP filtering.
•   Applying QoS Policy.
•   Applying Connection Limits, TCP controls.
•   NAT applying for hiding IP address.
•   Using AAA [authentication, authorization and accounting].

Firewall hardware devices:

The hardware or devices are also used as firewall service.

like : Cisco ASA server or hot bricks.

Two types of firewall dominate the market today.

1. Application Proxies.

2. Packet filtering gateways.

windows firewall:

It is a software of Microsoft that firewalls or packet filters. It is a default software setting present in windows 7/8/10 and other products.

Firewall Type :-

Hardware (Network):Protects local network from un-authorized access from outside.

Software (Application):To be installed in computer or client system. 

Both Software and Hardware firewall can also be configured from User level to compromise between Security and convenience.

A firewall works based on the "Access Control List". 

ACL: Access Control List

• This is a list of Conditions that decides/filters the packets movement or inbound and outbound traffic.
• It categorizes the packets.

They are two types:

1. Standard Access List
2. Extended Access List

A firewall protects us from below attacks;

• IP Spoofing
• Password Attack
• Man in the middle attack
• Network packet sniffing
• Denial of service
• Software exploitation

Besides the above attacks, we also get benefit in other ways as mentioned below;

• Limited access of ports from outside network to internal LAN.
• We can hide our Internal IPs from the external world. Actual IP addresses will be unknown to hackers.
• One can limit the access level of critical servers both from LAN and WAN.
• Can allow the trusted users sitting outside to access the resources through VPNs.
• Establish secured tunnels with other firewall for data access over VPN.
• Block the IP addresses which are generating malicious traffic.

-DR