Firewalls
TryHackMe Room - Red Team Learning Path Update: 2022
In simple words, a firewall is a security device aiming at protecting our network from undesirable traffic. It acts like a doorman allowing or restricting inbound and outbound traffic.
Different types of firewalls exist. The most basics firewalls focus on layer 2 (data link), 3 (network) and 4 (transport) of the OSI model. The most sophisticated types of firewall are named the Next Generation Firewalls (NGFW) and can filter from layer 2 (data link) to 7 (applicative).
Packet-Filtering Firewall (1st generation)
This most basic type of firewall works at the layer 4 of the OSI model (transport layer). Packets will be filtered and verified upon some criteria that has been established. Only the header of the packets are analyzed and not the content of the packet. For example, a firewall might allow or restrict only inbound/outbound packets from a specific IP, type or port number. This type of firewall is stateless, meaning that the firewall analyzes each packet independently without considering the packet that came before (ex: if it's part of an existing TCP session).
Pros:
Very easy to implement
Fast
Inexpensive
Cons:
The least secure solution
Only deny or permit packets.
Some applications may use random ports or dynamic port numbers.
May be vulnerable to IP spoofing attacks.
Circuit-Level Gateway
This type of firewall operates at the session level and monitors TCP handshakes. It will allow or restrict traffic for a specific session that is established.
Stateful inspection firewall
This type of firewall inspects the data packets. It also verifies that each packet come from an established TCP session. It keeps in memory established TCP session in a session table ("state table"). Stateful firewall permits hosts from the internal network to start a conversation with external hosts, but an external host could not start a conversation with internal hosts.
Pros:
A way more flexible than packets filtering firewall
Cons:
Have a cost on performance.
Does not protect the application layer.
Application Gateways
This type of firewall is specific to web application and are also named "proxy firewalls". The client request will get sent to the proxy which will verify if the destination is allowed, then the proxy will connect to the destination (application) on the behalf of the client, get the information requested and returns that information to the client.
Pros:
Protect the applicative layer (7).
Cons:
A lot of workload on the server
Next-Generation Firewall
Offers the better protection. Can analyze packets from layer 2 to 7. Juniper SRX and Cisco FirePower.
Cloud firewalls
Cloud firewall are comparable to NGFW, but benefits from the scalability of the cloud as these firewalls are deployed on the cloud. Ex: Juniper vSRX, Cloudflare Magic Firewall, AWS WAF and AWS Shield.
Last updated