Firewall Review: A Deep Dive With Diverse Types Of Firewall
A software firewall used to be a unique feature for a device that only advanced users install to their personal computers, but now all operating systems come with one by default. This threat is even greater if the computer is permanently connected to the Internet. The use of a firewall is critical, including the scenario when an electronic device is connected to the Internet without technical supervision, or that it does not change. The threat of external interference from the Internet to a local machine such as the desktop, laptops, smartphones and tablets have increased compared to decades ago. Today, a typical Internet-connected device is protected by two firewalls, the hardware firewall feature provided by the home/corporate router and the software firewall of the operating system.
A firewall is a system that shields a computer or a network of computers from intrusions that come from the Internet. The firewall is a system that allows filtering the data packets that go around the network. A firewall can be a program or a hardware that acts as an intermediary between the local network and one or several external networks.
A firewall has a simple job, with only 3 actions to take when dealing with network traffic:
- Redirect a connection request without notifying the sender (Drop).
- Block a connection (Deny)
- Authorize a connection (Allow)
Firewalls are categorized into functional purposes, we specifically deleted the ‘traditional firewall’ category, as current firewalls are basically ‘smart’ nowadays. A firewall, either software or hardware uses clever algorithms in deciding if a packet is allowed, denied or dropped.
1. Stateful Inspection Firewalls
A newer firewall standard that watches over a “state” identifies the location of a particular packet within a communication session between two nodes. This concept applies mainly to TCP ( Transmission Control Protocol ), a connection oriented protocol that manages 11 possible states within a session and different control bits, which allows identifying whether or not a particular packet belongs to a session. All status information is stored in a “state table”, which is compared with incoming and outgoing packets to determine whether or not they belong to an established session and based on it make decisions of acceptance or denial of traffic. In other protocols such as UDP ( User Datagram Protocol ) – which is not connection oriented and does not have state management as such – a pseudo-state filtering is implemented using ICMP ( Internet Control Message Protocol).
2. Next-Generation Firewall
The Next-Generation Firewall (NGFW), emerged to revolutionize the security of the network as we knew it until now. All firewalls before it are limited to the inspection of packets by state and access control rules, but as hackers become more sophisticated, the threats are more advanced and this system is no longer effective. In order to protect a business from constantly evolving threats, the Next Generation Firewall must be able to offer a deeper level of network security. For this the key is to guarantee the inspection of all the bytes of each packet , but this has to be achieved by maintaining high performance and low latency so that networks with high traffic continue to work optimally. In addition to combating threats effectively and addressing increasingly pressing productivity issues, companies require a deeper level of security and control. Next-generation firewalls have the following features: Decryption and TLS inspection, IPS with anti-evasion technology, Application control based on context and Protection against network-based malware.
3. Web Application Firewall
A Web application firewall or application layer firewall, located between the Web client and a Web server, analyzes the communications in the application layer and looks for actions that violate a default security policy. In this way, the device defends Web applications from attacks and prevents potential leaks of information. WAF functions should not be confused with intrusion detection and prevention systems (IDS / IPS) and network firewalls, which protect the perimeter of the network.
4. Database Firewall
One of the different options that currently exist to protect the information stored consists of the implementation of a database firewall. The database firewall is a software application that allows filtering, through a set of pre-established rules, the requests that reach the database manager. Additionally, when installing a solution oriented to protect the database, not only malicious requests are blocked, but monitoring of activities can be carried out, generating binnacles and exploiting the information stored in them. This point is very important, since it allows to identify where the attackers come from, which may be repeat offenders, or to look for specific data. Most especially the time when the activity is recorded and the most frequent attacks that occur. In this way, statistics can be generated to visualize the possible behavior of the attackers and take the necessary security measures. When a malicious user tries to gain access to the stored information, there is an additional layer of protection provided by the database firewall that will prevent them from being able to consult it. The firewall will only allow the passage to the users or to previously authorized consultations and accesses.
5. Unified Threat Management Firewall
Unified threat management based on user identity can offer complete protection against emerging threats to enable a secure business environment and have control over legal liability by controlling user activities and complying with compliance requirements when they are regulated. System administrators have to have full visibility and control over all users, anywhere in the network to be able to act quickly and easily change the security policies of individual users to prevent security errors in their networks proactively. System administrators must be able to eliminate the possibility of misusing the privileges of other users, and not allow users to decide where they can access.It should be possible to link the user name in the workplace, avoiding unauthorized access to the network abusing the rights of another person’s network to obtain higher levels of security and confidentiality of data.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.