Page 59 - CITS - Computer Software Application -TT
P. 59

COMPUTER SOFTWARE APPLICATION - CITS




           Firewalls
           A firewall is a network security device or software application that monitors and controls incoming and outgoing
           network traffic based on predetermined security rules. Its main purpose is to establish a barrier between a trusted
           internal  network  and  untrusted  external  networks,  such  as  the  internet,  to  prevent  unauthorized  access  and
           protect sensitive data.
           Firewalls work by examining network packets and applying rules to determine whether to allow or block the traffic.
           There are several types of firewalls, each with its own approach to filtering traffic:
           1  Packet Filtering Firewall: This type of firewall examines packets of data and compares their attributes, such
              as source and destination IP addresses, port numbers, and protocol types, against a set of predefined rules.
              It then decides whether to allow or deny the packet based on these rules.
           2  Stateful Inspection Firewall: Also known as dynamic packet filtering, this firewall not only considers individual
              packets  but  also  keeps  track  of  the  state  of  active  connections.  It  monitors  the  state  of  connections  and
              ensures that only legitimate traffic associated with an established connection is allowed through.
           3  Proxy Firewall: A proxy firewall acts as an intermediary between internal and external networks. It receives
              and forwards traffic on behalf of the internal network, effectively hiding internal network details. This adds an
              extra layer of security by preventing direct connections between external entities and the internal network.
           4  Application-layer Firewall: This type of firewall operates at the application layer of the OSI model. It can
              understand specific application protocols and make decisions based on the actual content of the traffic. This
              allows for more granular control and the ability to block or allow specific application functions or commands.
           5  Next-Generation Firewall (NGFW): NGFWs combine traditional firewall functionality with additional features
              such as intrusion detection and prevention, deep packet inspection, and application awareness. They aim to
              provide more advanced threat detection and prevention capabilities.
           6  Unified Threat Management (UTM): UTM appliances integrate multiple security features into a single device.
              These features can include firewalling, antivirus, intrusion detection/prevention, content filtering, and more.

           Firewalls can be deployed at various points within a network architecture, including:
           •  Perimeter/Front-end  Firewalls:  These  protect  the  network  from  external  threats,  typically  placed  at  the
              boundary between an internal network and the internet.
           •  Internal Firewalls: Placed within the internal network, these segment different parts of the network to contain
              potential breaches and limit the spread of threats.
           •  Host-based Firewalls: Installed on individual devices (such as computers or servers), these firewalls control
              traffic at the device level and can be customized for specific security needs.
           The  classification  of  a  firewall  as  either  hardware  or  software  can  be  a  source  of  confusion. As  previously
           mentioned, firewalls exist in both forms: as network security devices and as software applications on computers.
           Thus, the distinction between the two isn’t absolute, and having both can be beneficial.
           While  hardware  and  software  firewalls  share  the  same  goal,  they  function  differently  due  to  their  respective
           formats. A hardware firewall is a tangible device situated between a computer network and a gateway, like a
           broadband router. Conversely, a software firewall is a program installed on a computer, operating through port
           numbers and interactions with installed software.
           Additionally, there are cloud-based firewalls often referred to as Firewall-as-a-Service (FaaS). One key advantage
           of these cloud-based solutions is their centralized management. Similar to hardware firewalls, cloud-based options
           excel at delivering perimeter security.
           In essence, the distinction between hardware and software firewalls isn’t always clear-cut, as both forms contribute
           to network security, albeit through varying mechanisms.












                                                           46

                              CITS : IT&ITES - Computer Software Application - Lesson 01-17
   54   55   56   57   58   59   60   61   62   63   64