Firewall

Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on a set of pre-established rules.

It protects an organization’s computers or network from unauthorized access to or from the Internet or a private network. It does this by filtering data packets transferred over networks and blocking access to certain ports according to specific security configurations or requirements pre-recorded by the network administrator. 

Where is the firewall located and what is its role?

The firewall is usually located between the Internet and the internal network and it can be software or hardware. Its main function is to enforce access control between inbound-outbound traffic flows and between networks.

It provides, in effect, a barrier between an internal network and another external network, such as the Internet, to prevent unauthorized access to or from the internal network. It also protects against malicious software (malware) that may attempt to enter the private network.

What are the different types of firewalls?

There are two types of firewalls: software firewall and hardware firewall.

The software firewall is installed on a computer and consists of an operating system, a network interface card and a packet filter. It monitors the flow of information passing through the internal network of a computer. It listens for connections opened by remote computers and controls which connections are allowed to pass, based on rules defined by the administrator.

It is commonly used to control access to sensitive computer systems from the Internet and other networks. This is because the software firewall uses packet filtering to block incoming packets that do not meet certain criteria, such as destination IP address or port number. It can also block outgoing packets based on the same criteria. Packet filtering is accomplished by examining the header information of each packet and comparing it to the settings set by the firewall administrator.

The hardware firewall is a physical device. It can be either a device (an enclosure) or a device that is integrated into another device, such as a router or switch. It can be installed between two networks or at the point of interconnection of several networks. It is mainly used on large networks where software firewalls are not sufficient and would require too much processing power.

It has two interfaces: one for incoming traffic and one for outgoing traffic. It filters incoming traffic and allows only authorized outgoing traffic to pass through to its destination. The filter is configured by an administrator to allow or deny specific protocol and port types, such as HTTP (web browsing), SMTP (email), DNS (name resolution), etc.

What are the different categories of filtering (firewall)?

There are several categories of firewall filtering. We can count among others:

• Packet filtering: this type of filtering examines the data packets and decides whether or not to let them pass through the firewall.
• Stateful Packet Inspection (SPI) or Stateful Packet Inspection (SPI): This type of filtering checks for any changes to data packets, such as a change in source address, port number, or protocol. The packet is then either rejected or accepted based on these changes.
• The stateful firewall: It verifies the conformity of packets to a current connection and ensures that each packet of a connection represents the logical continuation of the previous packet. This is made possible thanks to the trace of previous network connection states that it memorizes and which allows it to distinguish between legitimate packets for different types of connections. Or allow only known active connections.

• The stateless firewall: it separately checks each packet by verifying that it meets the requirements preconfigured by the network administrator. These requirements may include, for example, source and destination IP address, source and destination port number, and other layer protocols. However, in practice, its application shows some limitations. It does not memorize previous packets, therefore previous connection states. Therefore, it is not able to know whether a given packet is part of an existing connection, or is attempting to establish a new connection.
• The identifier firewall: it identifies each user and IP address that interacts with your network. It tracks their activities on the computer network.
• The personal firewall: it is a firewall installed by default on a computer and protects the computer against harmful threats such as computer viruses.
• The application firewall: this is the latest generation of firewalls. It is essential in the protection against cyberattacks. It verifies the perfect conformity of the packet with an expected protocol.

Which firewall to choose?

When choosing a software firewall, it is important to consider the type of connection you will be using. Other criteria should be taken into account to better guide the choice of your firewall. These criteria concern, for example:

• The bandwidth required to provide a minimum of service to the company;
• The type of Internet access (fiber, adsl, vdsl, etc.);
• The number of users and servers connected to the company network;
• The number of external users to be connected to these networks;
• The need or not to restrict the downloading of a certain type of compromising files.

You can consult other definitions concerning: IoC (Indicators of Compromise), STIX, CTI, XDR, EDR, SIEM, SOC, CERT.

We are a cybersecurity software publisher. We provide SOC and MSSP teams with a turnkey operational security platform (SOC platform). Through our XDR platform, CTI tool and threat intelligence platform, we enable our users to neutralize cyber threats, regardless of the attack surface.