Firewall methodologies - GeeksforGeeks
Firewall methodologies
- Difficulty Level : Basic
- Last Updated : 03 Nov, 2021
A firewall is a network security system that monitors and takes actions (permit or deny traffic) on the basis of policies defined explicitly. It can be performed by a single device, group of devices, or by software running on a single device like a server.
Cisco ASA has the biggest share in the market while there are other vendors of firewall also like a checkpoint, Juniper, etc.
Firewall Methodologies –
There are certain methods through which firewalls can be implemented. These are as follows:
- Static packet filtering – Packet filtering is a firewall technique used to control access on the basis of source IP address, destination IP address, source port number, and destination port number. It works on layers 3 and 4 of the OSI model. Also, an ACL doesn’t maintain the state of the session. A router with ACL applied to it is an example of static packet filtering.
Advantages –
- If the administrator has a good knowledge of the network, it is easy to implement.
- It can be configured on almost all routers.
- It has minimal effect on network performance.
- The large amount of ACLs is difficult to maintain.
- ACLs use the IP address for filtering. If someone spoofs the same source IP address then that will be allowed by ACL.
- If the administrator has a good knowledge of the network, it is easy to implement.
- Stateful packet filtering –
In stateful packet filtering, the state of the sessions is maintained i.e when a session is initiated within a trusted network, it’s the source and destination IP address, source, and destination ports, and other layer information are recorded. By default, all the traffic from an untrusted network is denied.The replies of this session will be allowed only when the IP addresses (source and destination IP address) and port numbers (source and destination )are swapped.
Advantages –
- Dynamic in nature as compared to static packet filtering.
- Not susceptible to IP spoofing.
- Can be implemented on routers.
- Might not be able to prevent application-layer attacks.
- Some applications open dynamic ports on the server-side, if the firewall is analyzing this, it can cause application failure. This is where application inspection comes into use.
- Dynamic in nature as compared to static packet filtering.
- Proxy firewalls –
These are also known as application-layer firewalls. A proxy firewall acts as an intermediary between the original client and the server. No direct connection takes place between the original client and the server.The client, who has to establish a connection directly to the server to communicate with it, now has to establish a connection with the proxy server. The proxy server then establishes a connection with the server on the behalf of the client. Now, the client sends the data to the proxy server and the proxy server forwards it to the server. A proxy server can operate up to layer 7 (application layer).
Advantage –
- Difficult to attack a server as a proxy server is an intermediate between the client and the server.
- Can provide detailed logging.
- Can be implemented on common hardware.
- Processor intensive
- Memory and disk intensive
- Single point of failure in network security
- Difficult to attack a server as a proxy server is an intermediate between the client and the server.
- Application inspection –
These can analyze the packet up to layer 7 (deep inspection) but can’t act as a proxy server. These can deeply analyze conversations between a client and server even when the server is assigning a dynamic port to the client therefore it doesn’t fail in these cases (which can occur in a stateful firewall).Advantages –
- Can analyze deeper into the conversation between the server and the client.
- If there is a protocol anomaly happening from standard then it can deny the packets.
- Can analyze deeper into the conversation between the server and the client.
- Transparent firewall –
By default, the firewall operates at layer 3 but the benefit of using a transparent firewall is that it can operate at layer 2. It has 2 interfaces that will act as a bridge so can be configured through a single management IP address. Also, users accessing the network will not even know that a firewall exists.The main advantage of using a transparent firewall is that we don’t need to re-address our networks while putting up a firewall in our network. Also, while operating at layer 2, it can still perform functions like building a stateful database, application inspection, etc.
- Network Address Translation (NAT) –
NAT is implemented on a router or firewall. NAT is used to translate a private IP address into a public IP address through which we can hide our source IP address.
And if we are using dynamic NAT or PAT, an attacker will not be able to know that what devices are dynamically assigned which IP address from the pool. This makes it difficult to make a connection from the outside world to our private network. - Next-Generation Firewalls –
NGFWs are third-generation security firewall that is implemented in either software or device. It combines basic firewall properties like static packet filtering, application inspection with advanced security features like an integrated intrusion prevention system. Cisco ASA with firePOWER services is an example of a Next-Generation firewall.