Practical Network Scanning
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Firewalls

A firewall is a network security appliance that accepts or rejects traffic flow based on configured rules and preconfigured policies. Placement of a firewall totally depends on the network architecture, which includes protection for network perimeters, subnets, and zones. Perimeter firewalls are always placed on a network's edge to filter packets entering the network. Perimeter firewalls are the first layer of security, and if malicious traffic has managed to bypass, host-based firewalls provide another layer of protection by allowing or denying packets coming into the end host device. This is called the multilayer security approach. Multiple firewalls can be set up to design a highly secure environment.

Firewalls are often deployed in other parts of the network to provide proper segmentation and data protection within enterprise infrastructure, on access layers and also in data centers.

Firewalls can be further classified as the following:

  • Simple packet filtering
  • Application proxy
  • Stateful inspection firewalls
  • Next-Generation Firewall

A traditional firewall provides functions such as Packet Address Translation (PAT), Network Address Translation (NAT), and Virtual Private Network (VPN). The basic characteristic of a traditional firewall is that it works according to the rules. For example, a user from subnet (10.10.10.0/24) wants to access Google DNS 8.8.8.8 on a UDP port 53.

A typical firewall rule will look like this:

However, Next-Generation Firewall works based on application and user-aware policies. Application-level control allows you to set policies depending on the user and the application.

For example, you can block peer-to-peer (P2P) downloads completely or disable Facebook chat without even blocking Facebook.

We will discuss firewalls in detail in upcoming chapters. The following diagram reflects zones and connectivity, which shows how firewall zones connect to multiple businesses:

  • Demilitarized zone (DMZ): Internet-facing applications are located in DMZ. Other services on other zones remain inaccessible to the internet. The most common services placed in DMZ include email services, FTP servers, and web servers.
  • Inside zone: The inside zone is known as the trusted zone to users. Applications in that area are considered highly secure. In the trusted area, security is maintained by denying all traffic from less trusted zones in any given firewall by default.
  • Cloud and internet zone: Let's not focus on naming these. They are standard segments we see on an enterprise network. These zones are considered to be below security zones.
上一章目录下一章