Firewall charateristics:

• i. All traffic from inside to outside and vice versa must pass through the firewall. This is achieved
by physically blocking all access to the local network except via the firewall.
ii. Only authorized traffic as defined by the local security policy will be allowed to pass. Various types
of firewalls that can be used are Packet-Filters, Stateful Filters and Application Proxy Filters.
iii. The firewall itself is immune to penetration. This implies that use of a trusted system with a
secure operating system.
• The basic subnet segments are as follows:
• External public networks typically refer to the public/global internet or various extranets.
• Internal private network defines a home network, corporate intranets, and other ‘closed’
networks.
• Perimeter networks detail border networks made of bastion hosts — computer hosts dedicated
with hardened security that are ready to endure an external attack. As a secured buffer between
internal and external networks, these can also be used to house any external-facing services
provided by the internal network (i.e., servers for web, mail, FTP, VoIP, etc.). These are more
secure than external networks but less secure than internal. These are not always present in
simpler networks like home networks but may often be used in organizational or national
intranets.
• Packet protocols: What ‘language’ an attempted connection is speaking to
carry its message. Among the networking protocols that hosts use to ‘talk’
with each other, TCP/IP protocols are primarily used to communicate across
the internet and within intranet/sub-networks.
• Application protocols: Common protocols include HTTP, Telnet, FTP, DNS,
and SSH.
• Source and destination are communicated by internet protocol (IP)
addresses and ports. IP addresses are unique device names for each
host. Ports are a sub-level of any given source and destination host device,
similar to office rooms within a larger building. Ports are typically assigned
specific purposes, so certain protocols and IP addresses using uncommon
ports or disabled ports can be a concern.
• By using these identifiers, a firewall can decide if a data packet attempting a
connection is to be discarded—silently or with an error reply to the sender
—or forwarded.
Techniques for Control:
Four general techniques that firewalls use to control access and
enforce security policy are as follows
i. Service Control- This determines the types of internet services
that can be accessed inbound or outbound.
ii. Direction Control: This determines the direction in which
particular service requests may be initiated and allowed to flow
through the firewall.
iii. User Control: Control access to a service according to which user
is attempting to access it. This feature is typically applied to users
inside the firewall perimeter.
iv. Behaviour Control: Controls how particular services are used.
 Firewalls
A firewall is a network security device that monitors and controls incoming and outgoing
network traffic to prevent unauthorized access. It works by inspecting data packets and
deciding whether to allow or block them based on a set of security rules.
• Firewall rules can be based on:
• IP addresses (e.g. Packet from IP address X is allowed to pass while packet from IP address Y
is denied to pass through firewall.)
• Domain name
• Ports
• Programs
• Keywords
• Protocols
 Two types of Firewalls
1. Host based firewall:-
• Software firewall that is installed on a computer.
• Protects that computer only.
• Software firewalls
• Software firewalls are installed on the devices being protected. Windows Defender is the most
common example, but there are many alternative providers. Software firewalls require
installation and updating and protect a single device. But users can easily customize their
filtering settings with a software firewall, making them a more precise solution.

A lot of antivirus programs come with a host based firewall.

2. Network based firewall:-
• It is a combination of hardware and software and operate in a network level. It is placed
between a private network and public internet. It scans the whole network.
Protects an entire network. So, any harmful activities can be stopped before reaching the computers.
• Network based firewall can be a stand alone firewall which is mainly used by large organisation.
if we talk company or network based will have a dedicated hardware on top of that dedicated
hardware Firewall software, will run, but if there is no such mandate again,
first it can blocks an IP address
means we can block an IP address...

It can be said that if any packet is coming from this IP address,

it will not enter,
we can also block the full network, e.g. 40:55:0:0
Firewall access rule are controlled by port number. A port number is a way to identify a
specific process to which an internet or other network message is to be forwarded when it
arrives at a server. Ports are represented by 16-bit numbers. An IP address identifies a
machine in an IP network and is used to determine the destination of a data packet. Port
numbers identify a particular application or service on a system.
• Firewalls work by:
• Establishing a barrier: Firewalls create a barrier between trusted
internal networks and untrusted external networks, like the
internet
• Monitoring traffic: Firewalls monitor all network traffic, looking
for anything suspicious
• Applying security rules: Firewalls use a set of security rules to
determine whether to allow or block traffic
• Examining data packets: Firewalls inspect each data packet,
looking at where it's coming from and where it's going to
• Denying or dropping packets: Firewalls deny or drop packets that
don't meet the security rules
Types of Network Firewalls:
1. Packet Filters –
It works in the network layer of the OSI Model. Also works in layer 4( till
transport layer). It applies a set of rules (based on the contents of IP and
transport header fields) on each packet and based on the outcome,
decides to either forward or discard the packet. For example, a rule could
specify to block all incoming traffic from a certain IP address or disallow all
traffic that uses UDP protocol. If there is no match with any predefined
rules, it will take default action. The default action can be to ‘discard all
packets’ or to ‘accept all packets’.
2. Packet filtering firewalls are fast, cheap and effective. But the security they provide is very
basic. Since these firewalls cannot examine the content of the data packets, they are
incapable of protecting against malicious data packets coming from trusted source IPs.
Being stateless, they are also vulnerable to source routing attacks and tiny fragment
attacks. But despite their minimal functionality, packet filtering firewalls paved the way for
modern firewalls that offer stronger and deeper security.
• Packet filtering
• Packet filtering firewalls are the oldest and simplest types of firewalls. A packet filtering firewall can be hardware or
software-based, and will usually be installed at switches or network routers.
• Packet filtering assesses the surface of data packets. Packets are segments of data created by transfer protocols when
they dismantle files and reassemble them at destination devices. Every data packet has a header. This header includes
various pieces of information that packet-filtering firewalls can use to allow or deny access.
• Data inspected by packet filtering firewalls include:
• Internet Protocol (IP) address information
• Source and destination ports of incoming data
• Transfer protocols being used in the transfer
• When incoming traffic arrives at a packet-filtering firewall, the appliance gathers as much header information as possible.
It then compares this information against pre-established security rules (or Access Control Lists). Any data packet that
satisfies these security rules is admitted. If not, the packet filter firewall will deny access and the transmission is canceled.
• Packet filter firewalls carry out relatively superficial inspection processes. However, this can still protect the internal
network. For instance, filtering IP addresses can admit approved devices. This could include remote workers or third-
party maintenance teams. If managers screen out unknown IP addresses, they can dramatically limit the threat surface.
• Alongside IP address filtering, packet filters can also limit accessible ports if required. This can minimize the risks of port
scanning - a common preparation for cyber attacks.
• On the other hand, packet filters do not open packets and inspect the payload inside. This can limit their effectiveness.
Firewalls will also forward approved traffic automatically to available ports. So limiting open ports may not be sufficient.
• The limitations of packet filtering can also be strengths. This type of firewall is less resource-intensive. Packet filters are
also faster. Both are useful traits in situations where security is not paramount.
2. Application Gateways –
It is also known as Proxy server or Proxy firewall. It works in the application layer (layer 7) of the OSI Model. It
works as follows:
– Step-1: User contacts the application gateway using a TCP/IP application such as HTTP.
– Step-2: The application gateway(proxy firewall) asks about the remote host with which the user wants to
establish a connection. It also asks for the user id and password that is required to access the services of the
application gateway.
– Step-3: After verifying the authenticity of the user, the application gateway accesses the remote host on
behalf of the user to deliver the packets.
• 3. Stateful Inspection Firewalls – also called dynamic packet-filtering firewalls, are unique from static
filtering in their ability to monitor ongoing connections and remember past ones. These began by
operating on the transport layer (layer 4) . State table
Stateful packet inspection is a technology used by stateful firewalls to determine which packets to allow
through the firewall. It works by examining the contents of a data packet and then comparing them
against data pertaining to packets that have previously passed through the firewall.
• Stateful packet filtering keeps track of all connections on the network, making sure they are all legitimate..
Proxy firewall rules
4. Circuit-Level Gateways –
It works at the session layer (layer 5) of the OSI Model. It is the advanced variation of Application Gateway. It acts
as a virtual connection between the remote host and the internal users by creating a new connection between
itself and the remote host. It also changes the source IP address in the packet and puts its own address at the
place of source IP address of the packet from end users.( This way, the IP addresses of the internal users are
hidden and secured from the outside world.)
Four Types of Network Firewalls
Firewalls are also categorized based on how they operate, and each type can be set up either as software or a physical
device. Based on their method of operation, there are four different types of firewalls.
1. Packet filtering firewalls
Packet filtering firewalls are the oldest, most basic type of firewalls. Operating at the network layer, they simply check a
data packet for its source IP and destination IP, the protocol, source port and destination port against predefined rules to
determine whether to pass or discard the packet. Packet filtering firewalls are essentially stateless or static, monitoring each
packet independently without any track of the established connection or the packets that have passed through that
connection previously. This makes these firewalls very limited in their capacity to protect against advanced threats and
attacks.
Packet filtering firewalls are fast, cheap and effective. But the security they provide is very basic. Since these firewalls
cannot examine the content of the data packets, they are incapable of protecting against malicious data packets coming
from trusted source IPs. Being stateless, they are also vulnerable to source routing attacks and tiny fragment attacks. But
despite their minimal functionality, packet filtering firewalls paved the way for modern firewalls that offer stronger and
deeper security.
2. Circuit-level gateways
Working at the session layer, circuit-level gateways verify established Transmission Control Protocol (TCP) connections and
keep track of the active sessions. They are quite similar to packet filtering firewalls in that they perform a single check and
utilize minimal resources. However, they function at a higher layer of the Open Systems Interconnection (OSI) model.
Primarily, they determine the security of an established connection. When an internal device initiates a connection with a
remote host, circuit-level gateways establish a virtual connection on behalf of the internal device to keep the identity and
IP address of the internal user hidden.
3. Stateful inspection firewalls
It is worked at session layer. It is used to control how data packets move through a firewall. It is also called dynamic
packet filtering. These firewalls can inspect that if the packet belongs to a particular session or not. It only permits
communication if and only if, the session is perfectly established between two endpoints else it will block the
communication.
4. Application-level gateways (proxy firewalls)
Application-level gateways, also known as proxy firewalls, are implemented at the application layer via a proxy
device. Instead of an outsider accessing your internal network directly, the connection is established through the
proxy firewall. The external client sends a request to the proxy firewall. After verifying the authenticity of the
request, the proxy firewall forwards it to one of the internal devices or servers on the client’s behalf. Alternatively,
an internal device may request access to a webpage, and the proxy device will forward the request while hiding the
identity and location of the internal devices and network.
These firewalls can examine application layer (of OSI model) information like an HTTP request. If finds some
suspicious application that can be responsible for harming our network or that is not safe for our network then it
gets blocked right away.
Limitations of Firewalls:
• i. The firewall cannot protect against attacks that bypass(a secondary
channel, pipe, or connection to allow a flow when the main one is closed
or blocked.) the firewall. A firewall cannot prevent users or attackers
with modems from dialing in to or out of the internal network, thus
bypassing the firewall and its protection completely. Firewalls cannot
enforce your password policy or prevent misuse of passwords.
• ii. The firewall does not protect against internal threats, such as a
disgruntled employee or an employee who unwittingly cooperates with
an external attacker.
• iii. The firewall cannot protect against the transfer of virus-infected
programs or files. Because of the variety of operating systems and
applications supported inside the perimeter it would be impractical and
impossible for the firewall to scan all incoming files for viruses.
A proxy or proxy server is brideor gateway
between you and the rest of the internet.
Normally, when you use your browser to surf
the internet, you connect directly to the
website you're visiting. Proxies communicate
with websites on your behalf.
A proxy server is a computer system or router
that functions as a relay between client and
server. ... The word proxy means "to act on
behalf of another," and a proxy server acts on
behalf of the user. All requests to the Internet
go to the proxy server first, which evaluates
the request and forwards it to the Internet.
A Proxy or Proxy Server is an intermediary
server, either software or hardware, the sits
between an end user and a website or other