Ever wondered how the attacks on the organizations are stopped? Who Tracks the incoming or outgoing traffic? What is Network Firewall?
How the security of the organization is to build up to eliminate the threats?
In this post, we will be discussing What is Network Firewall? Why do we Need Network Firewall ? Types of Firewall, Features and Advantages.
So let’s start with a Big Question? What is a Network Firewall?
With the rapid increase of Internet users day by day and faster changes in the technology, the size of the networks is also growing up at a very fast rate.
Networks are becoming more complex as compared to early days and scaling of networks is a critical task. Organizations need there network up 24*7*365 and it is mission critical job for the network engineers.
With the advancement in the technology data, voice & video etc. are all getting served from the same network and they are also bringing up the risks to the network security of the organization.
About Network Firewall
Network Firewalls act as a strong defense system with in the networks to protect the network from the threats.
Firewall has two important roles in the networks:
1.It is used as a security device which prevents unauthorized access in our network.
2.A firewall does the logical segments of our network i.e. Trust, Untrust & DMZ.
So in Layman language, if I would say what is a firewall?–— You can compare the firewall with the Security Guard sitting outside your office, house, ATM’s etc.
What that Security Guard does outside your house?– It prevents the outsiders, thieves etc. to enter your house. Same work is done by the firewall in the organizations.
Before understanding how the firewall works, we need to understand the few terms i.e.
- Trust Network/Inside Network/LAN Network: Whatever you call them Trust, LAN, Inside etc. all are the same.All the devices with in this network can be controlled by the network administrator. You can control all the PC’s, IP Phones, Printers etc. in the network.
This type of network is never exposed to the outside world directly. Our Firewall sits between the Trust Network and the outside world.
So firewall main function is to prevent unauthorized access to Trust network.
- Untrust Network (Outside World/Internet): This is a type of network on which you do not have any control. You don’t know who is trying to access your network. Which IP belongs to whom?
You cannot control many aspects of this Network. This is the main source of attacks in the organization.
- DMZ: DMZ is the Demilitarized zone that can be physical or logical sub-network which contains the servers like Active Directory, Web-server, File Server, DNS etc. and are directly exposed to the outside world/Untrust network.
Why you need DMZ? Should I separate DMZ from Trust Network?
- If someone attacks on my Trust network/LAN network & my trust zone gets compromised, all of my production will come down but if I have separate the DMZ and Trust zone than the servers placed in the trust zone will not be affected by the attack .My servers will be up and fully functional and be able to provide the services to the outside world for which they are meant for.
- The second Scenario is just reverse— If my DMZ zone gets compromised. So all the traffic coming to my DMZ zone will not access my Trust zone where all my developers & source code reside.
So It is best practice to separate the DMZ from the Trust network to avoid the inconvenience in the future.
How does Firewall work?
So we know the main function of the Firewall is to stop the unauthorized access in our network. This is achieved through network traffic filtering on the basis of IP Address, Protocol, Port Number & Action.
- IP Address: Internet Protocol address is the logical & unique way of addressing assigned to the computers and hosts. It has two versions IPv4 & IPv6.
IPv4: It is the 32-bit address scheme allowing for a total of 2^32 address (just over 4 billion addresses). Ex of IPv4 Address– 192.168.1.212
IPv6: It is the 128-bit scheme written in a hexadecimal format and separated colons. Ex of IPv6 address–2001:0db8:85a3:0000:0000:8a2e:0370:7334
- Protocol: It is a set of rules by which computers communicate with each other. Protocols provide the services to communicate. Some useful are-
a. HTTP: Hypertext Transfer Protocol– used for receiving and accessing HTML files on the internet.
b. SMTP: Simple Mail Transfer Protocol – transferring emails between computers.
c. FTP: File Transfer Protocol—is used for showing files to be copied between the devices. - Port Number: Port numbers are the logical addresses of applications or services or process that uses the Internet or network to communicate. Port no. ranges from 1 to 65535 and are broadly divided in to TCP and UDP.
- Action: Action is to allow or deny the packet into the network or outside the network. If the rule is permitting the Packet to allow for specific destination, than the packet will be processed.If the rule is not permitting or we do not have the rule for a specific packet that packet is dropped without any argument.
So Now You have learned How does the Firewalls work? What is the function or primary goal of the Firewall?
So Next we move on to –
What is the Limitation of Firewall?
The only limitation of the firewall is that it does not scan the entire packet. It only scans IP Address, Protocol, Port No. & Action. Which means that firewall do scanning of only Layer 3 & Layer 4 of OSI Model.
EX- I have allowed computer A to communicate with computer B. So now when the packet comes to the firewall from computer A to communicate with B. It will only scan the IP address of computer A & B and will check the action allow(in this case) and will allow the packet.
This will allow the communication between computer A and computer B but what will happen if computer A tries to do an attack on computer B or tries to steal some confidential information or try to insert the virus in computer B.
If the rule is there to permit the traffic between both the computers, this cannot be stopped through the firewall.
So how to avoid that ?— Don’t worry we will be discussing all this in the next articles.
Types of Network Firewall —-
1.Packet Filter Firewall: Packet Filter Firewall is the 1st Generation of firewalls. They can filter the packet on the basis of IP address, Services and Protocol. The firewall features were intoroduce in the Routers to prevent the unauthorized access.
Also, check How Packet Filtering is done in Juniper Firewalls?
2. How does the Packet Filter Firewall work?
It filters the packet on basis of the Source IP, Destination IP, Source Port, Destination Port, Protocol. This is the only and simple method followed for the Packet Filter Firewall.
If we have 100 clients(having Network Address 172.16.1.0/24) in our organization (Trust Zone) that needs to communicate with the outside world (Untrust Zone).
So we need to Add the rule in the Firewall Rule Table like this :
Source IP Destination IP Protocol Action
172.16.1.0/24 ANY TCP HTTP/HTTPS Allow
After adding this rule, all the hosts in our network will be able to reach the internet successfully but it brings up one issue with it. Let’s check out below what is that?
When the packet will come back from the Internet to the firewall. The firewall will check its rule base and no Rule entry for the incoming packets from the outside world will be there. The reason behind this is Packet filter firewall do not maintain the session state.
Now the network administrator has two options to overcome this issue:
- He/She should sit whole day and keep updating the firewall rule table according to the requests, which is not feasible in the large organizations even in the smaller organization because you never know who is going to access what in next moment.
- The second option is to allow all the packets from the Internet to Trust zone but that will breach the security because anyone can attack now.
Advantages:
They are very fast. They scan the packets at a very fast rate when compare to other firewalls.
- Stateful Firewall: Stateful firewall is a network firewall which monitors & maintains the connection table/state table for the traffic initiated from Trust zone to Untrust Zone & vice-versa.
How does the stateful firewall work?
1– When any packet request comes to the Stateful firewall. It will first check its connection table/state table.
2– The connection table/state table will be empty (will not have any entry) for the first packet.
3– If no connection details are their in connection table, it will verify the rule table.
Step4–If the rule match in the rule base, the new entry in the connection table is made. If it does not match or not found in the connection table, the packet has dropped.
Step5– After the entry is made in the connection table. The packet will go from the Trust zone to the destination network. The same mechanism will follow for the reverse packets.
Note: After the connection table has maintained for the specific rule now firewall no longer needs to check the rule base again and again. It will simply check the entry in connection table & session will maintain.
Advantages of Stateful Firewall:
- No need to add the bi-directional rule.
- It maintains the connection table/state table for traffic initiated from Trust zone to Un-trust zone & vice-versa.
- Provides more security features as compared to a packet filter firewall.
The Stateful Firewall: Checkpoint. For basic overview of checkpoint firewall do visit official checkpoint blog Official Checkpoint Website
Stateful technology of the firewall is Checkpoint patent technology. The checkpoint was the first organization to launch the stateful firewall and now other vendors like PALO, Cisco, Cyberoam, Fortigate uses them but still the patent is with the Checkpoint.
Note: Packet Filter Network Firewall & Stateful Network Firewall works on Layer 3 & Layer 4 of the OSI model.
- Application Layer Gateway: It act as an intermediate system between the Trust zone and the Untrust zone. All the request from the Trust zone comes to the Application Layer Gateway. The Application Layer gateway scans the request and decides according to rules whether to allow access or not.
Features & Advantages:
1. It works on layer 7 of the OSI model.
2. It is use to control applications like youtube, facebook etc.
3. It acts as an intermediate system between the Trust zone & the Untrust zone.
4. This gives services of Web Cache, URL & Web Filtering.
Check out our latest posts below to learn more:
Top OSI Model Interview Questions and Answers [CCNA] 2019
Keep Sharing and Keep Learning!!