Page 59 - CITS - Computer Software Application -TT
P. 59
COMPUTER SOFTWARE APPLICATION - CITS
Firewalls
A firewall is a network security device or software application that monitors and controls incoming and outgoing
network traffic based on predetermined security rules. Its main purpose is to establish a barrier between a trusted
internal network and untrusted external networks, such as the internet, to prevent unauthorized access and
protect sensitive data.
Firewalls work by examining network packets and applying rules to determine whether to allow or block the traffic.
There are several types of firewalls, each with its own approach to filtering traffic:
1 Packet Filtering Firewall: This type of firewall examines packets of data and compares their attributes, such
as source and destination IP addresses, port numbers, and protocol types, against a set of predefined rules.
It then decides whether to allow or deny the packet based on these rules.
2 Stateful Inspection Firewall: Also known as dynamic packet filtering, this firewall not only considers individual
packets but also keeps track of the state of active connections. It monitors the state of connections and
ensures that only legitimate traffic associated with an established connection is allowed through.
3 Proxy Firewall: A proxy firewall acts as an intermediary between internal and external networks. It receives
and forwards traffic on behalf of the internal network, effectively hiding internal network details. This adds an
extra layer of security by preventing direct connections between external entities and the internal network.
4 Application-layer Firewall: This type of firewall operates at the application layer of the OSI model. It can
understand specific application protocols and make decisions based on the actual content of the traffic. This
allows for more granular control and the ability to block or allow specific application functions or commands.
5 Next-Generation Firewall (NGFW): NGFWs combine traditional firewall functionality with additional features
such as intrusion detection and prevention, deep packet inspection, and application awareness. They aim to
provide more advanced threat detection and prevention capabilities.
6 Unified Threat Management (UTM): UTM appliances integrate multiple security features into a single device.
These features can include firewalling, antivirus, intrusion detection/prevention, content filtering, and more.
Firewalls can be deployed at various points within a network architecture, including:
• Perimeter/Front-end Firewalls: These protect the network from external threats, typically placed at the
boundary between an internal network and the internet.
• Internal Firewalls: Placed within the internal network, these segment different parts of the network to contain
potential breaches and limit the spread of threats.
• Host-based Firewalls: Installed on individual devices (such as computers or servers), these firewalls control
traffic at the device level and can be customized for specific security needs.
The classification of a firewall as either hardware or software can be a source of confusion. As previously
mentioned, firewalls exist in both forms: as network security devices and as software applications on computers.
Thus, the distinction between the two isn’t absolute, and having both can be beneficial.
While hardware and software firewalls share the same goal, they function differently due to their respective
formats. A hardware firewall is a tangible device situated between a computer network and a gateway, like a
broadband router. Conversely, a software firewall is a program installed on a computer, operating through port
numbers and interactions with installed software.
Additionally, there are cloud-based firewalls often referred to as Firewall-as-a-Service (FaaS). One key advantage
of these cloud-based solutions is their centralized management. Similar to hardware firewalls, cloud-based options
excel at delivering perimeter security.
In essence, the distinction between hardware and software firewalls isn’t always clear-cut, as both forms contribute
to network security, albeit through varying mechanisms.
46
CITS : IT&ITES - Computer Software Application - Lesson 01-17