Write a response for the following reading:
A firewall is a network security system which monitors and takes actions on the basis of policies defined explicitly. It can be performed by a single device or by group of devices or by running a software on a single device like server.
Few methodologies through which firewall can be implemented are Static packet filtering, Stateful Packet Filtering, Proxy Firewalls, Application Inspection, Transparent Firewall, Network Address Translation and Next-Generation Firewalls.
In Static packet filtering this control access on the basis of source IP address, destination IP address, Source Port number and destination port number. It works on layer 3 and 4 of OSI model. Also an ACL doesn’t maintain the state of session. A router with ACL applied on it is an example of static packet filtering. If administrator has good knowledge its easy to implement, but large amount of ACLs are difficult to maintain.
In Stateful packet filtering the state of the sessions are maintained when a session is initiated within a trusted network, its source and destination IP address, source and destination ports and other layer information are recorded. The replies of this session will be allowed only when the IP addresses(source and destination IP address) and port numbers(source and destination) are swapped. It can be implemented on routers but it might be able to prevent application layer attack.
Proxy firewalls are also known as application layer firewalls. Proxy firewall acts as an intermediary between the original client and the server. No direct connection takes place between the original client and the server. The client who has to establish a connection directly to the server to communicate with it, now have to establish a connection with proxy server. It is difficult to attack server as proxy server is the intermediate between the client and the server and it also has single point of network failure.
Application Inspection can analyze the packet upto layer 7 but can’t act as a proxy server. These can deeply analyze conversation between a client and a server even when the server is assigning a dynamic port to the client therefore it doesn’t fail in these cases. It can analyze deeper into the conversation between the server and the client.
Transparent firewall operates at layer 3 but the benefit of using transparent firewall is that it can operate at layer 2. It has 2 interfaces which will act like a bridge so can be configured through a single management IP address.
NAT is implemented on a router or a firewall. It is used to translate private IP address into a public IP address through which we can hide our source IP address.
Next Generation Firewalls are 3rd generation firewall that is implemented in either in software or device. It combines basic firewall properties like static packet filtering, application inspection with advanced security features like integrated intrusion prevention system.
References:
https://windows.tips.net/T010109_Understanding_Windows_Firewall.html