Chapter 5: Firewall Fundamentals

Overview

Firewalls are security devices that enforce network security policies by filtering incoming and outgoing traffic.

Core Concept

  • Operate under the model:

    “Deny by default, allow by exception”

  • Only explicitly permitted traffic is allowed.

  • All other traffic is blocked.

Traditional Firewalls

  • Filter traffic based on: - IP addresses - Ports - Protocols

  • Limited visibility into application-layer traffic.

  • Cannot deeply inspect content.

Types of Firewalls

Software Firewalls

  • Installed on individual systems.

  • Protect a single device.

Hardware Firewalls

  • Physical appliances.

  • Protect entire networks.

SOHO / Individual Firewalls

  • Designed for small office/home office environments.

  • Often integrated into routers.

Next-Generation Firewalls (NGFWs)

Definition

NGFWs combine traditional firewall capabilities with advanced security features.

Key Features

  • Intrusion Prevention System (IPS)

  • Application awareness and control

  • Deep packet inspection

  • VPN support

  • Integrated security services

Advantages

  • Consolidated security functions

  • Improved visibility into traffic

  • Better protection against modern threats

Disadvantages

  • Increased complexity

  • Higher cost

  • Potential single point of failure

Firewall Configuration Concepts

Port Forwarding

  • Redirects traffic from one port to another internal system.

Filtering Strategies

Ingress Filtering

  • Filters incoming traffic.

Egress Filtering

  • Filters outgoing traffic.

Decision-Making Considerations

When evaluating firewall options, consider: - Organization size - Security needs - Budget - Management complexity - Risk tolerance

NGFWs are often better for larger organizations with advanced security needs, while traditional firewalls may be sufficient for smaller, less complex environments.