Methodologies for building a firewall -Dev.nil

 A firewall is a network security system that analyzes traffic and takes actions (permit or reject) based on specific regulations. A single device, a set of devices, or software operating on a single device, such as a server, may all execute this function.

Cisco ASA has the most market share, however there are other firewall companies such as Checkpoint, Juniper, and others.

Methodologies for Implementing Firewalls - Firewalls may be built in a variety of ways. The following are some of them:

Packet filtering based on source IP address, destination IP address, source port number, and destination port number is a firewall method used to limit access based on source IP address, destination IP address, source port number, and destination port number. It operates on the OSI model's layers 3 and 4. Furthermore, an ACL does not keep track of the current status of the session. Static packet filtering is shown by a router with an ACL applied to it.

Added benefits –

It is simple to install if the administrator has a thorough understanding of the network.

It can be set up on almost all routers.

It has a negligible impact on the network's performance.

The enormous number of ACLs makes it difficult to keep track of them all.

The IP address is used to filter ACLs. When someone spoofs the same source IP address, the ACL will accept it.

The status of the sessions is kept in stateful packet filtering, which means that when a session is begun inside a trusted network, the source and destination IP addresses, source and destination ports, and other layer information are stored. All traffic from an untrusted network is blocked by default.

Only when the IP addresses (source and destination IP addresses) and port numbers (source and destination) are exchanged will this session's answers be permitted.

Added benefits –

In comparison to static packet filtering, dynamic packet filtering is more dynamic.

IP spoofing is not possible.

It is possible to implement on routers.

It's possible that application-layer assaults won't be prevented.

Some apps expose dynamic ports on the server side, which might cause application failure if the firewall analyzes them. Application inspection is used in this situation.

Application-layer firewalls are sometimes known as proxy firewalls. Between the original client and the server, a proxy firewall functions as a middleman. Between the initial client and the server, there is no direct link.

The client, who previously had to connect directly to the server in order to interact with it, now needs to connect via the proxy server. After that, the proxy server creates a connection with the server on the client's behalf. The data is now sent from the client to the proxy server, which then relays it to the server. A proxy server may work up to layer 7 of the OSI model (application layer).

Benefits –

It's difficult to hack a proxy server since it acts as a middleman between the client and the server.

Detailed logging is possible.

It is possible to implement on ordinary hardware.

Processing power is high.

Memory and disk use are high.

In network security, a single point of failure exists.

Application inspection may examine packets up to layer 7 (deep inspection), but they cannot operate as a proxy server. These can evaluate communications between a client and a server in depth, even when the server assigns a dynamic port to the client, so it doesn't fail in these situations (which can occur in a stateful firewall).

Added benefits –

Can investigate the dialogue between the server and the client in more depth.

It may refuse packets if there is a protocol abnormality that is not standard.

Transparent firewall — By default, the firewall functions at layer 3, but a transparent firewall has the advantage of being able to operate at layer 2. It includes two bridge interfaces that may be set using a single management IP address. Furthermore, users that connect to the network will be unaware that a firewall is in place.

The key benefit of employing a transparent firewall is that it eliminates the need to re-address our networks when installing a firewall. It can also execute operations like constructing a stateful database, application inspection, and so on while functioning at layer 2.

NAT (Network Address Translation) is a feature of a router or firewall. NAT converts a private IP address to a public IP address, allowing us to conceal our source IP address.

An attacker will not be able to tell which devices are dynamically allocated which IP address from the pool if we use dynamic NAT or PAT. This makes connecting to our private network from the outside world challenging.

Next-Generation Firewalls (NGFWs) are a kind of third-generation security firewall that may be implemented in software or hardware. Basic firewall functions such as static packet filtering and application inspection are combined with sophisticated security features such as an integrated intrusion prevention system. A Next-Generation firewall is an example of Cisco ASA with firePOWER services.