| Firewalls are one of the most thoroughly | | | | basically operates through a special ACL |
| misunderstood concepts around in networking | | | | (access control list) in which both the white |
| and security today. It is your duty to dispel | | | | and black list of IP addresses and port |
| some of the most common misconceptions about | | | | numbers are listed. In essence, this firewall |
| firewalls not just for the purpose of passing | | | | operates at the Network and Transport layers |
| the Comptia Security+ exam but also for the | | | | of the OSI Model. This model is notable for |
| sake of the information security community! | | | | its simplicity, speed, and transparency ' |
| | | | however, traffic is not inspected for |
| What is a Firewall? | | | | malicious content. In addition, IP addresses |
| | | | and DNS addresses can be hidden or 'spoofed,' |
| A firewall is any hardware or software | | | | as discussed in the Attacks lesson. |
| designed to prevent unwanted network traffic. | | | | |
| Some firewalls are simplistic in nature; in | | | | Circuit-Level Gateway |
| fact, many people use NAT devices as | | | | |
| firewalls as they do effectively prevent | | | | A circuit-level gateway is a type of firewall |
| direct incoming connections to hosts behind | | | | that operates on the Session layer of the OSI |
| the NAT. Other firewalls are intricate | | | | model. Instead of inspecting packets by |
| operations, based on whitelists and | | | | header/source or port information, it instead |
| blacklists, rules, and alerts. What all | | | | maintains a connection between two hosts that |
| firewalls have in common, however, is an | | | | is approved to be safe. This is something |
| ability to block incoming traffic that may be | | | | akin to a parent who approves the people that |
| deemed harmful. | | | | their children can speak with on the phone |
| | | | once they trust those people. In this |
| Types of Firewalls | | | | scenario, the parent does not have to listen |
| | | | into the conversation because they know they |
| Because the definition of a firewall (at | | | | can trust the two communicating children. |
| least as given above) is somewhat | | | | Similarly, a circuit-level gateway |
| generalized, it is hard to define the general | | | | establishes a secure connection between two |
| actions and methods of firewalls. Instead, we | | | | hosts that have been authenticated and trust |
| look at the ways different types of firewalls | | | | each other. |
| work. Each type of firewall has abilities, | | | | |
| advantages, and drawbacks; to do well on the | | | | Application-Level Gateway |
| Security+ exam, you should understand these. | | | | |
| | | | As the name suggests, an application-level |
| Packet Filtering Firewall | | | | gateway operates in the Application layer of |
| | | | the OSI model and actively inspects the |
| A packet filtering firewall polices traffic | | | | contents of packets that are passed through |
| on the basis of packet headers. IP, UDP, TCP, | | | | to the gateway. It is for this reason that |
| and even ICMP have enough header information | | | | application-level gateways are considered the |
| for a packet filtering firewall to make an | | | | most secure as they can actively scan for |
| informed decision as to whether to accept or | | | | malformed packets or malicious content. Think |
| reject that packet. You can think of a packet | | | | of an application-level gateway as the |
| filtering firewall as a bouncer at a party. | | | | eavesdropping parent. An eavesdropping parent |
| The bouncer may have a list of people that | | | | has the most complete knowledge of his or her |
| are allowed to come in (a whitelist) or a | | | | child's activities because he or she can |
| list of people to specifically exclude (a | | | | listen into all of the child's conversations. |
| blacklist). The bouncer may even check a | | | | An application-level gateway does have |
| guest's identification to assure that the | | | | drawbacks, however, including speed and |
| guest is above 18. Similarly, a packet | | | | routing problems. Application-level gateways |
| filtering firewall simply inspects the source | | | | are notorious for the amount of time it can |
| and destination of traffic in making a | | | | take to inspect packets. |
| decision on whether to allow the packet to | | | | |
| pass through. For example, some traffic may | | | | A special kind of application-level gateway |
| be addressed to a sensitive recipient and | | | | is a proxy server, which is a server that |
| would therefore be blocked. | | | | serves as the 'middle man' between two hosts |
| | | | that wish to communicate. In the proxy server |
| A packet filtering firewall can also filter | | | | model, the host wishing to communicate sends |
| traffic on the basis of port numbers. For | | | | a packet to the application-level gateway |
| example, many companies now block traffic on | | | | (proxy server), which then makes the decision |
| port 27374 because it is well-known to be a | | | | whether to forward the packet to the intended |
| port used by the Trojan horse 'SubSeven.' | | | | recipient or to deny the request to send the |
| | | | packet. |
| Note that a packet filtering firewall | | | | |