#firewall #cybersecurity #networking

What is a firewall?

A firewall can be a physical device or software application that sits between a network and the internet.

It monitors and controls network traffic based on a set of security rules.

Firewalls usually sits between a trusted network and an entrusted network, often times this would be the internet.

The need for a firewall in any environment that requires security seems obvious.

Types of Firewalls.

Proxy based firewalls

A proxy is a device/computer that acts as a gateway between a local network and a larger network, like the internet.

• These types of firewalls acts as the middleman between a client and a server. Like how a bouncer stops and inspects guests at a club or bar before allowing them to enter, provided they meet the entry requirements.
• Clients will connect to this firewall, which will inspect the outgoing packets after which it will establish the connection to the intended recipient(The server)

Stateful Firewalls

Stateful means that is saves data from previous events or interactions.

• Stateful firewalls rely on context when making decision
• Requires incoming or outgoing connection attempts to meet certain criteria before allowing it through.
• Can protect ports by keeping them closed unless incoming packets require access to a specific port, mitigating attacks such as port scanning.
• Known vulnerabilities for these kinds of firewalls are that they can be manipulated by tricking a client into requesting a certain kind of information. Once the client request said info, the attack can then send malicious packets that match the required criteria through the firewall.
• For example, unsecure websites can use Javascript to create forged requests from a web browser.
• Here is a quick reference of the most commonly known and used ports Networking Ports Cheat Sheet
• For more information about what ports are check this out.

Next Generation Firewalls (NGFW):

NGFW are firewalls that have the capabilities of traditional firewalls but with a number of added features such as:

• Deep Packet Inspects(DPI): These firewalls can perform deeper inspection of network packets, such as payloads and which application is being accessed by the packets, allowing for better fine tuning of security rules.
• Application Awareness: Enables the firewall to be aware of applications that are running and the ports they are using. This can better protect against malware aiming to stop processes to take over it's port.
• Identity Awareness: This lets a firewall enforce rules based on Identity, for example which computer is being used and which user is logged in.
• Sandboxing: Sandboxing creates an isolated environment to allow certain pieces of code associated with incoming packets to run, which it then executes in a sandbox. This ensures they do not behave maliciously. The results of running the code in this isolated environment is used to determine whether or not this packet is allowed to enter the network. Similar to running an application in a virtual machine.

WAF(Web Application Firewalls)

While Traditional firewalls help protect private trusted network from public untrusted networks such as the internet, a WAF helps protect web applications from malicious users.

A WAF does so by filtering and monitoring http traffic between a web application and the internet.

• Helps mitigate attacks such as CCRF(Crosssite request forgery), XSS(Cross Site Scripting), file inclusion and SQL injection, etc.

Electric Meatball's Digital Garden Home
Firewall🔥🧱 management
Networking Ports Cheat Sheet