ccna, CompTIA A+, NETWORK+, SECURITY +, Uncategorized

CRASH COURSE: WHAT IS A FIREWALL AND WHY YOU NEED ONE

The internet was born on January 1, 1983, and ever since, folks have found a way to make the internet messy. Especially hackers committing cyber crimes.

The reality is that cyber crimes are always happening with or without us really knowing.

And one tool of defense against threat actors is a firewall.

WHAT IS A FIREWALL

Firewalls control inbound and outbound traffic, especially on private networks and internet applications. They help to keep sensitive information safe, can prohibit traffic, and create gateways to how your information is accessed online.

Firewalls can be applications that comes standard on your home computer software, like Windows Defender, or they can be software you can download, like pfSense. Firewalls can also be a physical device that serves multiple roles, like a UTM (Unified Threat Management device).

WHY WE NEED FIREWALLS

Everyone wants to keep their homes safe, and the same idea would extend to the internet.

This is why firewalls are useful tools for host devices. A host is a device that can send a receive traffic. A host on a network is the same thing on the internet – they can send a receive traffic to other users. But some users are low down, and you may not want them to send you their malicious traffic, especially if you are working on a network host that accepts secured payments (like debit cards). You would want to keep that information private.

The internet is made up of networks and subnetworks, and in order use a firewall, you would probably want to know the type of network or subnetwork you’re using.

On a basic level, there are:

  • Public networks – a network which anyone can connect to, especially if you’re connecting to the internet.
  • Private networks – this is a network where access is restricted (like a network at a business, bank, or organization).
PUBLIC NETWORK EXAMPLEPRIVATE NETWORK EXAMPLE
Devices at your local public libraryYour home computer
Your college computer labDevices at your bank job
Internet caféGovernment computers and other devices

Firewalls can also:

  • Restrict access to unauthorized users in a different department at a business.
  • Block unsafe or unwanted content.
  • It can help stop hacking before it starts.
  • Protect your network when multiple users are on logged in.

TYPES OF FIREWALLS

Here are the ones that keep popping up on my Network+ practice exams. 

SCREENED SUBNET

One huge change from the N10-007 exam to the N10-008 exam was the word “screened subnet”. A screened subnet is a network security architecture that delivers extra protection to a network. It places public resources (like your web, FTP, or mail server) inside of two firewalls, and private resources (like your personnel records, your database, or anything else you don’t want the public to see) behind the subnet. 

Sounds like a Demilitarized Zone, right? 

That’s because it is. Even the angry technicians on Reddit agree. 

So here are the things you need to know about screened subnets for the test: 

  1. They serve as a buffer between a private network and a public, untrusted network. The internet is an untrusted public network. 
  2. The screened subnet is placed between two network-based firewalls. 
  3. Mission critical systems (like anything that will bankrupt a company if it gets out) should never be placed inside of a screened subnet. But an unclassified mail server or certain things that are authorized by your business can be placed inside of a screened subnet. 

CLOUD-BASED FIREWALLS

These kinds of firewalls are often called Firewall-as-a-service (FWaaS), and according to phoenixnap.com, they can run as either IaaS or PaaS.

Source

Third parties typically manage FWaaS, which means that they handle the deployment , troubleshooting, patches, and other needs for the firewall. (Click here to see some FWaaS vendors if you want to go further down this rabbit hole.)

The pros are:

  • Install and go about your adult life. You can use their default permissions and still have time to install your lacefront wig or makeup for a night out on the town.
  • You don’t need to buy any special devices, and maybe a monthly membership is involved.
  • You use them for one host or many hosts, and even scale them based on your inbound/outbound traffic.
  • The service provider does all the heavy lifting as far as troubleshooting. You really don’t need to do much.

But the cons can be a headache:

  • Your traffic is going through a third party. This may cause latency and privacy concerns.
  • Your default permissions may not serve you. So now you have to go set your permissions, and if you mess them up it’s going to consume your time.
  • What if you hate your firewall service provider? It’s going to be a headache migrating those permission to another company.
  • What if you have to call their customer care team for assistance, and you get bad service? Ugh!

STATEFUL AND STATELESS FIREWALLS

A stateful firewall inspects everything inside of a data packet including: 

  1. The packet’s behavior (are there too many TCP flags, for example?) 
  2. The packet’s channel of communication (which port? Which IP address?)
  3. It tracks the behavior of the packet and where it’s going. 
  4. It examines suspicious packets and catalogs its behavior. 
  5. It also filters suspicious data. 

Basically, if a stateful firewall were a person, it would be the Kevin Costner to Whitney Houston’s bodyguard. 

A stateful firewall will give you the works – packet sequencing, and it only allows valid packets within approved sessions.

In comparison, a stateless firewall doesn’t catalog the behavior of the packet. It instead looks at each packet individually to determine if it is malicious or safe based on the data it contains. 

It’s like a nightclub bouncer at the door – you can’t get in the network if you’re not on the list (of authorized users). 

HOST-BASED FIREWALL VS NETWORK-BASED FIREWALL

This one takes a little bit of thinking but the questions become easier once you know the differences. 

Host-based firewalls are installed directly on individual devices. This can be the firewall software issued by your ISP or by Windows, and it protects the individual device versus a whole network. 

On the other hand, the network-based firewall inspects traffic as it flows through a network, and is often used for screened subnets. That’s part of the reason why it’s located on what is called the “edge” of a network. 

CIRCUIT-LEVEL FIREWALL 

It’s often called a CIRCUIT LEVEL GATEWAY (all caps because the test is known for scaring you with aliases). It’s a type of firewall that makes forwarding decisions based on session information. According to Enterprise Networking Planet, it does three things when a client seeks to initiate a TCP connection with a destination server: 

  1. The circuit-level gateway receives the request sent by a client to establish a TCP connection.
  2. It then handles authentication and sometimes authorization of the client. 
  3. If validated, it sets up a second TCP connection to a destination server on behalf of the client. Otherwise, it rejects the connection.

These firewalls operate at Layers 4 and 5 of the OSI model, and can create virtual circuit connections to make internal users anonymous. 

APPLICATION LAYER FIREWALL

This is also called an application level gateway or a proxy server, and this firewall operates a Layer 7 of the OSI model. Its characteristics includes: 

  1. Stopping each packet at the firewall for inspection (no IP forwarding)
  2. Inspecting encrypted packets (SSL inspection)
  3. Examining all sent content (not just individual packets)
  4. Understanding or interfacing with Application layer protocols
  5. It can filter based on user, group, and data (such as URLs within an HTTP request)
  6. It is the slowest form of firewall protection because entire messages are reassembled at the Application layer

The benefit is that it stops users from accessing certain web pages and network applications, improves network performance, and increases network security. But don’t get it twisted, because there are definitely ways to bypass these kinds of firewalls too. We will one day talk about locking up your command prompt to unauthorized users, but not during this lesson.  

NEXT GENERATION FIREWALL

This is the Cadillac of firewalls, baby. 

 A Next Generation Firewall operates at layer 7 of the OSI model, and it does it all (depending on the vendor): 

  1. Packet filtering
  2. Stateful inspection
  3. It has an Intrusion Prevention System (IPS) that monitors and stops malicious traffic. 
  4. And also depending on the vendor, it will stay up to date with the latest threat intelligence issues. 

PACKET FILTERING FIREWALL

This is the type of firewall that filters a network based on its traffic patterns, and blocks malicious traffic. 

According to datamation.com, 

Packet-filtering firewalls are responsible for regulating the flow of data entering and exiting the network, all while keeping network security, integrity, and privacy in mind. Most packet-filtering firewalls work by scanning the IP addresses and ports of the packets’ sources and destinations to determine whether they come from a trusted source.

What the firewall considers safe communication depends on pre-set rules and configurations. In some instances, filtering may also include the packet’s communication protocols and contents. 

I should mention that the preset rules could be based on your access control list or protocols. So if your ACL or protocols aren’t in harmony with your firewall, you could do more harm than good. Just saying. 

There are several kinds of packet filtering firewalls, but the test doesn’t seem to delve that deeply into the subject. It basically wants to know that you know about the idea of a packet filtering firewall. 

Leave a comment