Firewalls and Their Functions

Introduction

• Firewalls are essential for controlling traffic between two points on a network.
• Used in homes, offices, and built into operating systems.
• Important for managing large environments with many users accessing the internet.
• Can control access to websites and content, useful for corporate control and parental controls.
• Provide security through antivirus and anti-malware.

Types of Firewalls

Network-Based Firewalls

• Utilize purpose-built appliances.
• Traditional firewalls manage traffic at OSI layer 4 (TCP/UDP ports).
• Modern next-generation firewalls manage traffic at OSI layer 7 (application layer).

Unified Threat Management (UTM) Devices

• Older devices that bundle multiple features.
• Known as web security gateways or all-in-one security appliances.
• Provide URL filtering, content inspection, spam filtering, and malware blocking.
• Can act as VPN concentrators and offer WAN connectivity.
• Operate mainly at layer 4, impacting performance if all features are enabled.

Next Generation Firewalls (NGFW)

• Operate at OSI layer 7, making decisions based on applications, not just port numbers.
• Also known as application layer gateways, stateful multi-layer, and deep packet inspection devices.
• Can recognize traffic details and decide on forwarding.
• Ability to block known vulnerabilities, acting as an intrusion prevention system.
• Include URL categorization for blocking specific types of sites or URLs.

Web Application Firewalls (WAF)

• Analyze web-based application input to allow or disallow traffic.
• Common with HTTP/HTTPS conversations.
• Can block attacks like SQL injections and cross-site scripting.
• Often used alongside NGFWs, mandated by standards like PCI DSS.

Example: Web Application Firewall Log

• Logs attacks against web applications, e.g., SQL injections.
• Shows timestamps, attack IDs, URLs, IP addresses, and types of attacks.
• Provides insight into security policies in place.