Firewalls are the foundation of security in computer networks and IT in general. We’ve talked a lot about Fortigate firewalls, Cisco ASA, SonicWall… this is a good example of a hard firewall.
Several other types of firewalls are used in large enterprises, SMBs, or even home networks. Some types of firewalls are very common and some are rarely encountered by professionals.
The main reason to deploy a firewall appliance or firewall software in a network is to control traffic flow, allow or block traffic between hosts, restrict access to applications, inspect packets for find malicious samples, etc
The above can be done in different Layers of the OSI model, starting from Layer 3 to Layer 7(application layer).
Let’s look at the different architectures and types of firewalls you’ll commonly encounter
1) Hardware Firewall (Hardware Firewall)
This is the most common type of firewall. It is widely used in modern networks either as an edge device (i.e. to isolate and protect internal LANs from the Internet or other untrusted networks) or to segment and protect internal networks. departments in large enterprises.
Hardware firewalls typically have multiple physical network interfaces that can be used to create different “security zones,” essentially different Layer 3 subnets. Each physical interface can be further divided into “subinterfaces” that can further extend the protection zones.
Because the firewall is running on its own dedicated hardware device, it can handle large volumes of packets, thousands or millions of connections, and they are generally high-performance devices.
Some popular brands of hardware firewalls include Cisco ASA, Fortigate, Juniper, Checkpoint, Palo Alto, SonicWall, etc.
2) Software Firewall
An example of a software firewall is the Windows Firewall which is installed by default on all Microsoft Windows operating systems. It is a host-based firewall and controls traffic and applications on end-user workstations or servers.
Some other examples of software firewalls are those found on Linux machines like IPTABLES, CSF, etc.
Software firewalls are not just server-based. There are several Open Source Software firewalls (such as pfSense, OPNSense, ClearOS, etc.) that can be installed on dedicated hardware (servers, Linux boxes, etc.) and thus create a firewall appliance. specialized hardware.
The first two types mentioned above are the two major types of firewalls. Now let’s look at some other types based on their architecture, how they handle traffic, and which Layers of the OSI model they operate on.
3) Stateful Inspection Firewalls
Almost all modern network firewalls incorporate a “stateful inspection” architecture. Describe exactly what that means using the sample communication below:
In TCP communication between a client and a server (for example, a user with a web browser communicating with a web server as shown above), the client browser initiates HTTP communication at port 80 with the Internet web server.
Let’s assume that the Stateful Inspection Firewall in the middle allows this outbound HTTP traffic to pass through. As a result, the packets will reach the Web Server, which will reply back to the client (as happens with all TCP communication).
Now, the underlying Stateful Inspection Firewall will store the details of the connection initiated from the client to the server in a “state table”. This table will include details like source IP and source port, destination IP and destination port, TCP flags, TCP sequence number, etc.
Therefore, any reply packet coming from the external web server that matches the initial connection that started from the client, will pass through the firewall and reach the client without any additional configuration.
This makes configuration easier because the administrator does not need to configure any rules on the firewall to allow return/reply packets from the outside to the inside. These packets will be allowed automatically if they belong to an established connection from the client to the server.
Stateful firewall (stateful firewall) is effective for three reasons.
- It works both on packets and on connections.
- It operates at a higher level of performance than packet filtering or using a proxy server.
- It records data in a table for every connected and disconnected transaction. This table serves as a reference point to determine whether packets belong to an existing connection or come from an unauthorized source.
4) Packet Filtering Firewall
Packet filtering firewalls operate at Layers 3 and 4 of the OSI model (i.e., Internet IP Layer and Transport Layer).
Having said that, this type of firewall only filters static traffic by IP address and port number. There is no state kept by the firewall about each connection (like the stateful firewall we described in part 3).
The packet filter only checks the following:
- Source IP and port
- Destination IP and port
Packet filtering is also known as “stateless firewall”. In Cisco devices, for example, an Access Control List (ACL) configured on a router acts as a packet filtering firewall.
One major disadvantage of packet filtering firewalls is that you need to configure rules to allow reply packets returning from the destination host. This is because the firewall does not keep a “state table” like the stateful firewalls we discussed above.
Packet filtering is largely done above Router or Layer 3 switches and is a “fast and effective” way to block some traffic from an untrusted network to a protected/trusted network.
5) Application Firewall
Firewalls of this type operate at Layer 7 (application) of the OSI model. It inspects and controls packages at the application level.
This firewall has knowledge about what is safe or normal application traffic and what is malicious application traffic.
For example, application firewalls protect web servers, know about web-related HTTP attacks (e.g. SQL injection, Cross Site scripting, etc.) and protect applications from these attacks by Consider HTTP application traffic.
Some examples of application firewalls (application firewalls) include:
- WAF (Web Application Firewall -Web application firewall): Protects websites/web servers
- DB Firewall (Database – Database): Protects databases such as Oracle, MSSQL, etc
- Proxy Firewall: Check and protect traffic from users to the Internet. It can also provide URL/Domain web filtering. Users gain access to the network by going through a process of establishing session state, user authentication, and authorization policies.
6) Next Generation Firewall (NGFW)
This is primarily a marketing term that has recently become popular among firewall manufacturers. Essentially, an NGFW combines almost all the types we discussed above into one box. It is a stateful hardware firewall, providing application-level protection and inspection.
This type provides deep packet inspection and is capable of identifying malicious traffic in all Layers of the OSI model (up to the application layer).
An NGFW typically provides advanced intrusion detection/prevention, anti-virus, application control, etc. They are usually licensed separately and customers have to pay an additional fee to enable some/all of the measures. protection law.
Some NGFWs communicate with the manufacturer’s cloud security service (e.g. Cisco Talos, Fortinet FortiGuard, etc.) to receive threat intelligence from the cloud.
7) Telephony Related Firewalls
There is a rare type of firewall that is not usually found in common enterprise networks except in some specialized cases.
These are special firewalls related to telephone and VoIP services and are used to protect systems from telephone communication attacks.
Some examples include:
- SIP firewalls – SIP firewalls (to protect VoIP phone systems).
- SMS firewalls (for GSM mobile networks to protect subscribers from SMS fraud attacks).
- SS7 firewalls- SS7 firewalls (to protect mobile phone operators).
What is firewall technology?
Firewalls are used to protect computer networks from unwanted intrusions. Hardware firewalls separate trusted internal networks (e.g., internal corporate LAN) from untrusted external networks (e.g., untrusted Internet or WAN).
Main goal of firewall is to examine all inbound and outbound traffic to see whether it meets specific criteria (firewall policy rules). If the traffic complies with the firewall policy it is allowed, otherwise it is dropped.
Hope you have chosen the right Firewall!
Xem tiếp...
