Understanding Firewalls and Network Security

May 26, 2025

Lecture Notes: Firewalls and Network Security

Introduction to Firewalls

  • Purpose of Firewalls:
    • Control flow of traffic between two points
    • Manage traffic going in and out of networks
    • Important for environments with many users accessing the internet
    • Can control website access (corporate and parental controls)
    • Security controls for antivirus and antimalware

Types of Firewalls

Network-Based Firewalls

  • Traditional Firewalls:
    • Operate at OSI Layer 4 (TCP/UDP port numbers)
  • Next Generation Firewalls (NGFW):
    • Operate at OSI Layer 7 (Application layer)
    • Allow/disallow based on applications, not just ports
    • Integrate services like VPN
    • Can function as routers (Layer 3 devices)
    • Network Address Translation (NAT)
    • Provide additional routing protocols

Unified Threat Management (UTM) Devices

  • Features:
    • Bundled in single device
    • URL filtering, content inspection, malware identification
    • Spam filtering
    • WAN connectivity options
    • Firewall and IDS/IPS capabilities
    • Bandwidth shaping and VPN endpoint
  • Challenges:
    • Often operate at Layer 4
    • Performance drawbacks due to multiple services

Next Generation Firewalls (NGFW)

  • Functionality:
    • Application layer gateways
    • Stateful multi-layer inspection
    • Deep packet inspection
    • Full packet decode for traffic analysis
    • Application-based forwarding decisions
    • Recognize applications regardless of port
    • Intrusion prevention system capabilities
    • URL categorization and blocking

Web Application Firewalls (WAF)

  • Purpose:
    • Analyze input into web-based applications
    • Allow/disallow based on input types
    • Common for HTTP/HTTPS traffic
  • Functions:
    • Identify and block SQL injections, cross-site scripting
  • Use Cases:
    • Often used alongside NGFWs
    • Mandated by standards like PCI DSS for certain applications

Example: Web Application Firewall Log

  • Details:
    • Logs attacks against web apps (e.g., SQL injections)
    • Includes time, date, URL visited, service IP, port number
    • Attack recognition and policy-based blocking

These notes summarize key points about firewalls and their evolution, focusing on traditional, next generation, UTM, and web application firewalls, as well as their roles in network security and traffic management.

Full transcript