.. include:: global.rst
    
**********************************************
Chapter 8: Configuring Firewalls
**********************************************

Overview
========
- Firewalls are critical security controls that regulate network traffic.
- They enforce rules and policies to protect systems and data.
- Core concept: controlling *what is allowed vs. denied* in a network.

Firewall Rules & Policies
=========================
- Firewall rules define how traffic is handled (allow, deny, log).
- Policies are collections of rules aligned with security objectives.
- Rules are typically based on:
  - IP addresses
  - Ports
  - Protocols
  - Direction (inbound/outbound)

Default Security Philosophies
=============================
- **Default Deny (Implicit Deny)**
  - Blocks all traffic unless explicitly allowed.
  - Most secure approach.
  - Ideal for high-security environments (e.g., financial systems).

- **Default Allow**
  - Allows all traffic unless explicitly blocked.
  - Easier to manage but less secure.
  - Higher risk of unauthorized access.

Defense in Depth
================
- Layered security approach using multiple protections.
- Firewalls enhanced with:
  - IDS (Intrusion Detection Systems)
  - IPS (Intrusion Prevention Systems)
  - Load balancing for availability and resilience
  - N-tier architecture (separating layers like web, app, database)

DMZ (Demilitarized Zone)
========================
- A segmented network zone between internal and external networks.
- Hosts public-facing services (e.g., web servers).
- Adds an extra layer of isolation and protection.

Diversity of Defense
====================
- Uses multiple, varied security tools to reduce single points of failure.
- Unified Threat Management (UTM):
  - Combines firewall, antivirus, IDS/IPS, and more into one system.
  - Simplifies management while improving coverage.

Firewall Limitations
====================
- Cannot stop all attacks (e.g., insider threats).
- Limited visibility into encrypted traffic.
- Must be combined with other security measures.

Encryption Challenges
=====================
- Encrypted traffic can bypass inspection.
- Firewalls may require decryption capabilities to analyze traffic.
- Balancing privacy and security is a key concern.

Key Takeaways
=============
- Default deny is the most secure and recommended approach.
- Defense in depth strengthens overall security posture.
- DMZs and N-tier designs improve isolation and protection.
- UTM systems support diverse and layered defenses.
- Firewalls alone are not sufficient—must be part of a broader strategy.