Firewalls: Protecting Your Network from Cyber Attacks

A firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. Here's a more detailed breakdown of its role and functions:
Functions of a Firewall

1. Traffic Filtering: Firewalls filter network traffic to allow or block specific data packets based on predetermined security rules. These rules can be based on various criteria, such as IP addresses, port numbers, protocols, and specific content.
2. Access Control: Firewalls control access to network resources by allowing or denying traffic from different networks or hosts. This ensures that only authorized users and devices can access certain parts of the network.
3. Monitoring and Logging: Firewalls monitor network traffic in real-time and keep logs of traffic patterns, suspicious activities, and security incidents. These logs are essential for diagnosing problems, auditing network security, and compliance purposes.
4. Intrusion Prevention: Advanced firewalls can detect and block potential threats and intrusions by analyzing the data packets for signs of malicious activity. They can also prevent the spread of malware and other threats within the network.
5. Application Layer Filtering: Some firewalls operate at the application layer, allowing them to inspect and filter traffic based on specific applications or services. This helps in preventing attacks that exploit vulnerabilities in specific applications.

Types of Firewalls

1. Packet-Filtering Firewalls: The most basic type of firewall that examines each packet transferred between computers on the Internet. It allows or blocks packets based on source and destination IP addresses, protocols, and ports.
2. Stateful Inspection Firewalls: These firewalls monitor the state of active connections and make decisions based on the context of the traffic. They keep track of the state of network connections, such as TCP streams, and use this information to determine whether to allow or block traffic.
3. Proxy Firewalls: These act as intermediaries between end users and the internet. They can inspect the entire content of traffic and make more informed decisions about whether to allow or block it. They can also hide the internal network from the outside world, adding an extra layer of security.
4. Next-Generation Firewalls (NGFW): These include all the capabilities of traditional firewalls along with additional features like deep packet inspection, intrusion prevention systems (IPS), and application awareness. NGFWs can identify and control applications regardless of port, protocol, or IP address used.

Importance of Firewalls

• Protection Against Cyber Attacks: Firewalls are a critical defense mechanism against cyber threats such as hackers, malware, and viruses. They help protect sensitive data and maintain the integrity of the network.
• Regulatory Compliance: Many industries have regulations that require the use of firewalls to protect sensitive information. Firewalls help organizations comply with these legal requirements.
• Network Performance Management: By controlling the flow of traffic and preventing unauthorized access, firewalls can help improve overall network performance and reliability.

In summary, firewalls are a fundamental component of network security, providing a first line of defense against external and internal threats. They ensure that network traffic adheres to an organization's security policies, protecting both data and infrastructure.

A(Firewall)-->B(Network Security);
A-->C(Cyber Attacks);
A-->D(Network Performance);
A-->E(Regulatory Compliance);

In computer networking, a network firewall^[1] acts as a barrier against potential malicious activity, while still allowing a "door" for people to communicate between your secured network and an open, unsecured network. Originally, a firewall consisted of a single machine or "box," now referred to as a bastion host^[2], that sat between a private network and the Internet.

The firewall should provide the following goals:

1. Create Choke Point^[3] used to monitor, filter, and verify all inbound and outbound traffic.
2. Implement a company's security policy. For example, a security policy may state that only the Internet mail server will transmit SMTP traffic. You would enforce this policy feature directly at the firewall.
3. Log Internet activity. By placing logging services at the firewalls, security administrators can monitor all access to and from the external network or Internet.
4. Limit network exposure. A firewall can also enhance privacy by "hiding" your internal systems and information from the public.

• Gateways: A gateway is a system that provides relay services between two devices. Gateways can range from an Internet application such as a Common Gateway Interface (CGI)^[4] to a firewall gateway that processes traffic between two hosts.
• Demilitarized Zones: Demilitarized zones (DMZ) are networks that are between a company's internal network and the external network. A DMZ is used as an additional buffer to further separate the public network from your internal private network. Routers generally begin and end the DMZ.

Click the Exercise link below to complete a short matching exercise reviewing firewall terminology.
Describe Firewall - Exercise

[1]Firewall: A security system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both.

[2]Bastion host: Strongly secured devices that have a direct network connection to a public network such as the Internet. It can operate as any of the three types of firewalls.

[3]Choke point: An intersection between a company's private and a public network used to monitor, filter, and verify all inbound and outbound traffic.

[4] (CGI)Common Gateway Interface: A protocol that allows a Web server to pass control to a software application, based on a user request. It also allows that program to receive and organize that information, then return it to the user in a consistent format. A CGI script resides on a Web server, enabling the CGI process.