What is Firewall?
Firewall is a computer program that protects computers and computer networks against unwanted access by other computers. It prevents unauthorized users from accessing your computer or network resources. The type of security you want depends on what you are trying to protect against.
For example, if your computer is connected to the Internet, you want to make sure that anyone who tries to access it can’t do so without your permission. On a home network, you may want to keep out visitors who don’t belong there. You also need to consider what kinds of activities are allowed on your network, such as sharing files with others or using web services such as Google Docs or Facebook.
On a local area network (LAN), firewall software can block incoming connections from other devices on the same LAN segment or from outside LANs through gateways and routers. A firewall can also limit incoming traffic within a specific range of ports on a single IP address or network interface card (NIC) or range of IP addresses assigned to the router itself. Firewalls protect against attacks by controlling, filtering and inspecting traffic before allowing it into an internal network and protecting it from outsiders. Here are the firewall types:
Packet-filtering Firewalls:
Packet-filtering firewalls are firewall appliances that filter traffic based on the content of TCP or UDP packets. Packet filtering is a method of inspecting packets and deciding whether to allow them to pass through the firewall or not. Packet filtering firewalls can be categorized into two main categories: packet-filtering firewalls and protocol-based (or application-layer) firewalls.
Packet-filtering firewalls inspect the contents of individual packets. They examine the source address and destination address fields in each packet, along with any other fields that may be present in the header, such as TCP/UDP ports or protocol numbers. Packet filters then compare these values against a list of known good values, or “blacklist” entries, which they maintain in memory or on disk. If a packet matches an entry in the blacklist, then it will be allowed to pass through; otherwise it will be rejected by the firewall device.
Protocol-based (or application-layer) firewalls examine TCP/IP traffic at its highest level — not just individual packets but also entire sessions (packets exchanged between two machines). Protocol.
Circuit-level Gateways:
A circuit-level gateway is a device that allows data to flow from one network to another. Circuit-level gateways are used when you have two different networks that need to share data, but do not have any kind of connection between them. For example, you may have a local area network (LAN) and a wide area network (WAN), such as an Ethernet or Token Ring network. To enable communication between these networks, you must use a protocol converter to translate the data from one format into another. The protocol converter can be either hardware or software based.
Application-level Gateways (Proxy Firewalls)
Application-level gateways are proxies that sit between the application layer and the network layer. They allow traffic to flow between two networks, or two applications running on hosts in different networks. Application-level gateways are also known as proxy firewalls, although they are not strictly firewalls in the sense of a firewall that sits between a host and the Internet.Application-level gateways can be classified into three main categories:
Transparent proxies, which forward packets with no changes to their contents (e.g., HTTP).
Filtering proxies, which modify packets based on a set of rules or conditions (e.g., HTTP or SMTP).
Application level encryption (ALG), which encrypts entire flows (both client and server) with an ALG algorithm, often SSL/TLS or IPsec (IKEv2).
Stateful Multi-layer Inspection (SMLI) Firewalls:
The stateful multi-layer inspection firewall is a new breed of firewall, designed to protect against the latest and greatest threats. It is a combination of network security appliances and next-generation firewalls (NGFWs). The main purpose of stateful multi-layer inspection firewalls is to provide network visibility, control access and enforce policies. The stateful multi-layer inspection firewall has three layers in its architecture:
Application layer: Application layer firewalls inspect traffic and control access on an application level. They are commonly used to enforce security policies for specific applications or protocols, such as HTTP and FTP.
Network layer: Network layer firewalls inspect packets at the physical and logical network layer, to provide visibility into network traffic. They can also be used to control access between virtual machines (VMs).
Control plane: The control plane can be implemented in a variety of ways for different architectures, but typically includes one or more centralized management interfaces that allow administrators to configure and manage all components of the system from a single location.
Next-generation Firewalls (NGFW)
Next-generation Firewalls (NGFW) are the next generation of firewall technology that has come to be in use today. It is a combination of hardware, software and services that work together to provide a robust firewall solution. The NGFW provides more features than traditional firewalls, especially when it comes to the management console. The NGFW allows organizations to have centralized control over their firewall and all of its components. With this new model, there is no longer a need for multiple devices or complex configurations for each network device. Instead, one device can be used for all of your needs and this makes it easier for administrators to manage their networks.
The NGFW also offers more advanced features than traditional firewalls such as application inspection services and web content filtering capabilities. These are designed to protect against threats such as phishing attacks as well as viruses and malware that poses an online threat to network security. Organizations using an NGFW can expect improved performance over traditional firewalls because they are able to block malicious traffic before it enters the network while still allowing secure communication between users within the organization’s internal network.
Threat-focused NGFW:
The threat-focused NGFW is a security architecture that protects against both internal and external threats. The goal is to prevent threats from reaching a network, protecting from both internal and external attackers.
The threat-focused NGFW has three major components:
- A network perimeter defense system that monitors traffic on a network and blocks unauthorized access or traffic flows that may be malicious.
- An intrusion detection system (IDS) that monitors for malicious activity on a network by matching information provided by IDS rules and signatures with known malicious activity patterns.
- A firewall that sits between the two components, allowing legitimate traffic to flow through while blocking unauthorized access or traffic flows that may be malicious.
Network Address Translation (NAT) Firewalls:
A network address translation firewall is a firewall that allows traffic to and from a private IP address range to pass through the firewall, but only when the destination IP address matches the source IP address of an allowed outgoing connection. In other words, it’s a firewall that allows connections from one internal network to another internal network, but not from one external or external-facing network to another external or external-facing network. In this configuration, a single IP address can be used for multiple computers on each side of the firewall. This type of configuration can be useful in environments where there are multiple subnets with different administrative constraints and security requirements. For example:
An organization may want to segment its internal networks based on organizational units (OUs). A given OU may have different requirements for access control than another OU within the same organization. For example: A marketing department may have different requirements than an R&D department when it comes to access control. The routing infrastructure between subnets within an organization may change frequently as new applications are deployed into production and old applications decommissioned from production environments
Cloud Firewalls:
Cloud Firewalls provides high-performance, secure and reliable firewall services. Our cloud-based solutions offer a flexible, scalable and secure solution for organizations of all sizes. Cloud Firewalls provides a comprehensive suite of managed services designed to meet your business needs. Our managed services are designed to reduce your IT infrastructure costs while also providing you with more flexibility, scalability, and security than you could achieve on your own.
Unified Threat Management (UTM) Firewall:
Unified Threat Management (UTM) Firewall is a next-generation firewall that provides comprehensive security for your network and the applications it hosts. UTMs offer you the ability to easily manage, monitor and secure your network from all types of threats. UTMs are capable of blocking traffic based on malicious behavior, not just IP address or port number. By using a single traffic filtering engine, Unified Threat Management allows you to speed up decision making when it comes to blocking malicious traffic. The direct correlation between specific malware and its source IP addresses allows for quicker identification and more accurate remediation. The unified threat management firewall has been designed to provide an easy way for administrators to protect their networks from all types of threats without having to install multiple firewalls or use expensive solutions.
How’s everything going