Lecture on Firewalls

Introduction to Firewalls

• Firewalls are used in homes, offices, and built into operating systems.
• Control traffic flow between two points.
• Important for managing network traffic in large environments.
• Control website access and provide security controls such as antivirus and anti-malware.

Types of Firewalls

Network-Based Firewalls

• Control traffic using a purpose-built appliance.
• Traditional firewalls operate at OSI layer 4 (TCP/UDP ports).
• Next Generation Firewalls (NGFW) operate at OSI layer 7 (application layer).
  • Make forwarding decisions based on applications.

Unified Threat Management (UTM)

• Older firewalls with multiple features in one device.
• Provide URL filtering, content inspection, spam filtering, and malware identification.
• Can include VPN concentrator functionality and bandwidth shaping.
• Performance issues when multiple capabilities are enabled.

Next Generation Firewalls (NGFW)

• Operate at OSI layer 7, allowing application-based forwarding decisions.
• Can perform deep packet inspection and recognize application types.
• Include intrusion prevention capabilities and URL categorization.
• Allow specific rules for application use (e.g., allow viewing but not posting on social media).

Web Application Firewall (WAF)

• Designed to analyze input to web applications.
• Commonly used with HTTP/HTTPS traffic.
• Can identify and block attacks like SQL injections and cross-site scripting.
• Often mandated for use with credit card applications.

Example of Web Application Firewall

• Logs attacks against web applications.
• Example of SQL injection attack blocked by the WAF.
• Provides details such as time, date, IP addresses, and attack name.