Understanding Firewalls

To help SMEs understand the value of security, the topic of firewalls is the starting point. Microsoft defines a firewall as:

"A firewall is software or hardware that checks information coming from the Internet or a network, and then either blocks it or allows it to pass through to your computer, depending on your firewall settings.

A firewall can help prevent hackers or malicious software (such as worms) from gaining access to your computer through a network or the Internet. A firewall can also help stop your computer from sending malicious software to other computers."

What is a firewall ?

A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.

firewall-support
firewall-support

What are the different types of firewalls?

  • Packet Filtering Firewall: This type of Firewall detects packets and block unnecessary packets.
  • Screening Router Firewalls: It's a software base firewall available in Router provides only light filtering.
  • Computer based Firewall: It's a firewall stored in server with an existing Operating System like Windows and UNIX.
  • Hardware base Firewall: Its device like box allows strong security from public network. Mostly used by big networks.
  • Proxy Server: Proxy server allows all clients to access Internet with different access limits. Proxy server has its own firewall which filters the all packet from web server.

Can you explain packet filtering firewall?

A packet filtering firewall analyses packets (small chunks of data) against a set of filters (defined in your firewall policy). Packets that make it through the filters are sent to the requesting system and all others are discarded.

Can you explain stateful inspection?

Stateful inspection is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) traveling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known active connection will be allowed by the firewall; others will be rejected. Stateful inspection doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded. Stateful inspection, also referred to as Dynamic Packet Filtering

Can you explain circuit level gateway?

A circuit level gateway is an application which represents the second-generation of firewall technology, monitor TCP handshaking between packets to make sure a session is legitimate. Traffic is filtered based on specified session rules
and may be restricted to recognized computers only. Circuit level firewalls hide the network itself from the outside, which is useful for denying access to intruders. But they don't filter individual packets.

What is Application Gateway (aka Proxy)?

Application level firewalls (sometimes called proxies) look more deeply into the application data going through their filters. By considering the context of client requests and application responses, these firewalls attempt to enforce correct application behavior, block malicious activity and help organizations ensure the safety of sensitive information and systems. They can log user activity too. Application level filtering may include protection against spam and viruses as well, and be able to block undesirable Web sites based on content rather than just their IP address.

Is NAT a firewall?

Technically, yes. A NAT box is a special case of a stateful firewall. Hosts inside the firewall can send packets out and establish connections. Once a connection is initiated from inside the network, data can flow freely until that connection is closed. Hosts outside the firewall, however, are unable to initiate connections to hosts inside unless a tunnel is specifically provided by the NAT box's administrator.

As such, it's important to note that you get almost no security from NAT that you can't get with a halfway decent stateful firewall. Setting up such a firewall to give you identical protection without the address translation would take all of sixty seconds. The only benefit you get is that because NAT'd internal addresses come from the no routable IP address space, the Internet might protect you from some obscure, creative exploitation of a bug in your firewall. But it probably won't.

On the other hand, NAT is very inflexible. It is possible to allow services within the network to be accessed from the outside by creating a tunnel so that when somebody connects to, say, port 80 of the NAT gateway, they are silently redirected to a webserver on an internal address. However, because this completely uses up port 80 on the gateway, you can't just add a second webserver later. Similarly, if you have 20 people in the private network all of whom want to use a network client that listens connections on port 3324, all but one of them will be out of luck.

Are personal firewall actually firewalls?

A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically, it works as an application layer firewall.
A personal firewall differs from a conventional firewall in terms of scale. A personal firewall will usually protect only the computer on which it is installed, as compared to a conventional firewall which is normally installed on a designated interface between two or more networks, such as a router or proxy server. Hence, personal firewalls allow a security policy to be defined for individual computers, whereas a conventional firewall controls the policy between the networks that it connects. The per computer scope of personal firewalls is useful to protect machines that are moved across different networks. For example, a laptop computer may be used on a trusted intranet at a workplace where minimal protection is needed as a conventional firewall is already in place, and services that require open ports such as file and printer sharing are useful. The same laptop could be used at public Wi-Fi hotspots such as provided at cafés, airports or hotels, where stricter security is required to protect from malicious activity. Most personal firewalls will prompt the user when a new network is connected for the first time to decide the level of trust, and can set individual security policies for each network. Many personal firewalls are able to control network traffic by prompting the user each time an application attempts a connection and will adapt the security policy accordingly. Personal firewalls may also provide some level of intrusion detection, allowing the software to terminate or block connectivity where it suspects an intrusion is being attempted.

BantuTech Recommendation 

Bantu Tech recommends the Watch Guard Firebox series as a Firewall for an SME. Various options are available on their website.

detail-product-utm-firebox-m400-1.jpg

Review available at - http://www.itpro.co.uk/unified-threat-management/25376/watchguard-firebox-m300-review