Security Technology - Firewall

avatar
Created by
giimo

Cards (65)

  • The default behavior is to block unsolicited inbound network traffic, but to allow all outbound network traffic.
  • A firewall in an information security program is like a building’s firewall in that it prevents specific types of information from moving between the outside world, known as the untrusted network (e.g., the Internet), and the inside world, known as the trusted network.
  • The firewall may be a separate computer system, a software service running on an existing router or server, or a separate network containing several supporting devices.
  • Firewalls fall into five major processing-mode categories: packetfiltering firewalls, application gateways, circuit gateways, MAC layer firewalls, and hybrids.
  • Hybrid firewalls use a combination of the other four modes, and in practice, most firewalls fall into this category, since most firewall implementations use multiple approaches.
  • Traffic on a network is broken into packets, smaller message units.
  • Each packet must hold at least two addresses: that of the sender and that of the recipient.
  • A packet-filtering firewall will hold a database of rules that tell it what to do with packets.
  • Packet filtering firewalls examine the header information of data packets that come into a network.
  • A packet filtering firewall installed on a TCP/IP based network typically functions at the IP level and determines whether to drop a packet (Deny) or forward it to the next network connection (Allow) based on the rules programmed into the firewall.
  • Packet filtering firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet types, and other key information.
  • Packet filtering firewalls come in three types: static, dynamic, and stateful.
  • In a static packet filtering firewall, a system administrator sets the rules for the firewall.
  • Application firewalls work at the application layer and are typically restricted to a single application such as FTP, Telnet, HTTP, SMTP, and SNMP.
  • Like filtering firewalls, circuit gateways do not usually look at data traffic flowing between one network and another, but they do prevent direct connections between one network and another.
  • There are four common architectural implementations of firewalls: packet filtering routers, screened host firewalls, dual-homed firewalls, and screened subnet firewalls.
  • A packet filter can be configured in three ways once the set of filtering rules has been defined: it can accept only those packets that it is certain are safe, dropping all others, this is the most secure mode, but it can cause inconvenience if legitimate packets are inadvertently dropped.
  • Circuit gateways operate at the transport layer and authorize connections based on addresses.
  • A commercial-grade firewall system consists of application software that is configured for the firewall application and run on a general-purpose computer.
  • Hybrid firewalls combine the elements of other types of firewalls, such as packet filtering and proxy services, or of packet filtering and circuit gateways.
  • SOHO firewalls, also known as broadband gateways or DSL/cable modem routers, connect the user’s local area network or a specific computer system to the Internetworking device, in this case, the cable modem or DSL router provided by the Internet service provider (ISP).
  • In a software firewall, packet filtering is done by a program called a packet filter, which examines the header of each packet based on a specific set of rules, and on that basis, decides to prevent it from passing (called DROP) or allow it to pass (called ACCEPT).
  • MAC layer firewalls are designed to operate at the media access control layer of the OSI network mode, giving these firewalls the ability to consider the specific host computer’s identity in its filtering decisions.
  • In a dynamic packet filtering firewall, the firewall sets some rules for itself, such as dropping packets from an address that is sending many bad packets.
  • In the third method, if the filter encounters a packet for which its rules do not provide instructions, that packet can be quarantined, or the user can be specifically queried concerning what should be done with it.
  • Firewalls are, however, a necessary component of an effective information security infrastructure.
  • The DMZ can be a dedicated port on the firewall device linking a single bastion host, or it can be connected to a screened subnet, servers providing services through an untrusted network were commonly placed in the DMZ.
  • The firewall should be run on a hardened and routinely patched operating system.
  • Best practices for firewalls include denying all traffic by default, disabling or uninstalling unnecessary services and software, limiting the number of applications that run on the firewall, and changing the default firewall administrator or root password.
  • Firewalls are not the end-all, be-all solution to information security.
  • If a malicious user can obtain physical access to the firewall, anything can happen.
  • Physical access to the firewall should be controlled.
  • In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a usually larger and untrusted network, usually the Internet.
  • An insecure and non-hardened operating system can render the firewall completely useless.
  • The architecture of a screened subnet firewall provides a DMZ.
  • In the second method, the filter drops only the packets that it is certain are unsafe, accepting all others.
  • This mode is the least secure, but is causes less inconvenience, particularly in casual Web browsing.
  • The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external network node only has direct access to equipment in the DMZ, rather than any other part of the network.
  • Screened subnet firewalls are a dominant architecture used today.
  • In a stateful packet filtering firewall, packets sent by an attacker often are sent to a port that the attacker has guessed is open; a stateful firewall denies packets sent to any port unless a connection to that port has already been negotiated; this kind of checking puts more processing overhead on the firewall.