FIREWALL

Firewalls are hardware application software or device use in controlling the flow of network such that it can be strictly monitored for security purposes and block any malicious or unwanted network flow.

Evolution of Firewalls

* Packet Filter/Stateless firewall (First Generation)

* Stateful firewall

* Third-Generation Firewall

* Next-Generation firewall (NGFW)

Firewall Policies are categorized into two namely; Implicit and Explicit Policies. These policies are associated with Packet Filter/Stateless firewall(First Generation Firewall)

1. Implicit Policy: An Implicit firewall policy is a policy applied if no other match is found in the firewall policy list.

2. Explicit Policy: An explicit firewall policy is a policy created to specify if the traffic is allowed or denied.

5-tuple: These refers to the source IP address and port number, destination IP address and port number, and the protocol in use.

It characterizes and allows tracking of a TCP/IP connection. This is associated with Stateful Firewall(Second-Generation Firewall).

Intrusion Prevention System (IPS): An IPS continuously monitors the traffic to detect malicious threats and take the necessary actions to prevent attacks.

Virtual Private Network (VPN): A VPN is used to establish an encrypted connection with a remote network.

Top Capabilities of Firewall

1. Security

2. Reliability

3. Network performance

Next-Generation Firewall (NGFW) operates like airport security, with both having multiple security check points. Just as a security agent looks at your boarding pass as a first line of defense, The Next-Generation Firewall (NGFW) looks at packet and makes role-base decisions whether to allow or drop the traffic.

Next-Generation Firewall(NGFW) performs Deep Packet Inspection(DPI)

Deep Packet Inspection (DPI): DPls check for malicious code and network usage. DPls also ensure that the data format is correct. Depending on the inspection, actions can be alerting, blocking, rerouting, or logging.

Next-Generation Firewall sends malicious content to a Sandbox for further analysis.

Sandbox: A sandbox runs programs in a confined system, and separate from the network. The isolation from the network prevents the spread of malware or other malevolent actions.

Benefits of Next-Generation Firewall (NGFW)

1. Controls applications by classification or users: Helps protect web browsing clients from attacks and threats.

2. Adopts various segmentation approaches: Segregates users, devices, and applications that are aligned to business needs. Also eliminates a single point of entry.

3. Has moved from reactive to proactive: Uses artificial intelligence to enforce security policies.