Firewall

This post is an introduction to network firewalls (FW).

Firewalls should be complemented with other controls like antivirus scanners, data loss prevention (DLP) solutions and intrusion detection system (IDS) tools.

Types of Firewall

Firewall classification criteria:

  • Stateness
  • Approach

Types of Firewall by its Stateness

Types of firewall by its stateness:

  • Stateless
  • Stateful

Stateless

A stateless firewall evaluates packets individually based against the filtering access control list (ACL) or rules.

In this case, the context is not used to make an allow or deny decision of the current packet.

Stateful

A stateful firewall evaluates packets within in a context.

Types of Firewalls by its Approach

Types of firewall by its approach:

  • Static Packet-Filtering
  • Application-Level
    • Web application firewall (WAF)
    • XML firewall
  • Circuit-Level
  • Stateful Inspection
  • Internal Segmentation
  • Next-Generation

These types can be mixed to create hybrid or complex firewall solutions.

Static Packet-Filtering

A static packet-filtering firewall or screening router filters traffic by examining data from a message header.

The rules are concerned with source and destination IP address (layer 3) and port numbers (layer 4).

Application-Level

An application-level firewall operates at OSI layer 7.

It can be either stateless or stateful.

Examples of application-level firewall:

  • Web application firewall (WAF)
  • XML firewall
Web Application Firewall (WAF)

A web application firewall (WAF) is an appliance, server add-on, virtual service, or system filter that defines a strict set of communication rules for communications to and from a website. It is intended to prevent web application attacks.

It is a type of application-level firewall.

You can find web application firewall tools on this post.

XML Firewall

An XML firewall is designed to enforce security policies and protect XML-based web services and applications from various threats, such as XML-based attacks and injection vulnerabilities.

They analyze XML content within network traffic, allowing or blocking traffic based on defined rules and policies.

It can protect communications through SAML, because it is XML-based.

Secure Web Gateway

A secure web gateway (SWB) or next-generation secure web gateway (NGSWG or NG-SWG) is a cloud-based web gateway solution that is tied to a subscription service that provides ongoing updates to filters and detection database.

It combines ideas from WAF and NGFW.

SWB usually includes services like:

  • WAF functions
  • TLS decryption
  • Cloud access security broker (CASB)
  • Advanced treat protection (ATP), like sandboxing and ML-based threat detection
  • Data loss prevention (DLP)
  • rich metadata about traffic
  • Detailed logging and reporting

Circuit-Level

A circuit-level firewall or circuit proxy is

They operate at OSI level 5 (session), in practical they operatoin at OSI layer 4 (transport).

It is a type of stateless firewall.

They focus on the establishment of the circuit (or session), not the content of traffic, based on simple rules for IP and port, using captive portals, requiring port authentication via 802.1X, or more complex elements such as context- or attibute- based access control.

Socket Secure (SOCKS) is a common implementation of circuit-level firewall.

Stateful Inspection

A stateful inspection firewall or dynamic packet filtering firewall evaluates the context of the packets.

It operates at OSI layer 3 and up.

Next-Generation (NGFW)

Next-generation firewalls (NGFW) is a multifunction device or unified threat management (UTM) device integrates the functionality from multiple tools apart from firewall.

These tools could include:

  • Antivirus scanners
  • DLP
  • IPS
  • IPS
  • Application filtering
  • Domain name and URL filtering
  • Web content filtering
  • Quality of Service (QOS) management
  • Bandwith/throttling management
  • NAT
  • etc.

Internal Segmentation (ISFW)

Internal segmentation framework (ISFW) is a firewall deployed between internal network segments.

It prevents the further spread of malicious code within the private network.

ISFW allows to create network segments without resorting to air gaps, VLANs or subnet divisions.

Proxy Server

Firewall Architectures

You can read more about firewall architectures on this post.

Firewall Tools

You can read about software firewalls on this post.

You can read about web application firewalls tools on this post.

How to modify Windows Firewall Configuration from Command Prompt

Hardware Firewalls

Hardware firewall brands featured on this post:

  • Fortinet (FortiGate)
  • Check Point
  • SonicWall
  • Sophos

A recommended configuration is having a screened subnet with external firewall Fortinet and internal firewall Check Point.

You might also be interested in…

External references

  • Chapman; “CISSP Official Study Guide 9th Edition”; Wiley, 2021.

Leave a Reply

Your email address will not be published. Required fields are marked *