What is Firewall…?

Firewall is a device or software that acts as a filter and analyses the incoming and outgoing traffic (packets).

Why Firewall..?

Firewall is used to block the malicious traffic which is coming into the network; actually firewall is to safeguard the internal network from external malicious traffic.
It helps to screen out malicious users, viruses and worms. It can also log the incoming and outgoing traffic.

Where to implement Firewall..?

Basically firewall is used to block the malicious and unwanted traffic which may cause bad impact on the internal network or to the system, So that we are implementing the firewall in between the internal and external network and that point is called “Demarcation Point”.

Architectures of Firewall

Single Homed Firewall:

In this architecture,we are using only one centralised firewall to take action of the incoming and outgoing traffic.

Here only one firewall is dealing with the both side traffic. If someone from external is purposefully sending continuous request to some services at the same time someone in the internal is requesting to access the same service, at this time the firewall is not able to serve to the internal request so that it fails and this failure is called Single-Point of Failure (SPOF).

Multi-Homed Firewall:
In this architecture, we are using two or more firewall to share the work load and for the effectiveness protection.

Fw1 firewall will deals with the traffic between internal network and DMZ. Same as like Fw1 firewall, Fw2 firewall will deals with the traffic between internet and DMZ. So we will get more effective security for the network. Since the work load will be shared between those two firewalls.

DMZ (Demilitarized Zone),it is also known as Perimeter Network

Basically is meant for outside users, it gives an additional security to an organization’s network. Any services which are being provided to the users on the external network can be placed in the DMZ Host.Such as Web Services, Mail Services, FTP Services etc..,

External users can directly access the services which are available in the DMZ not from the internal network; they cannot have the permission to access any other systems or services other than the DMZ

Basic types of firewall..?

Hardware Firewall: It is hardware implementation of the firewall so that it requires a dedicated hardware to monitor and perform filtering of the malicious traffic.
Software Firewall: It is a software implementation of the firewall so that it doesn’t require any dedicated hardware just we have to install this in the systems itself so that no need of dedicated hardware.

Further classifications of Firewall depending on the filtering methods

Packet Filtering Firewall: It will do the filtering depending on the packets type and by the specified rules it includes source and destination ip address and port etc..,

It works in the Network layer of the OSI model or the Internet Protocol (IP) layer in the TCP/IP model

Statefull Packet filtering: It will remember the information about the packets which are passing through it. It will detect and prevents the DOS attack
Stateless Packet filtering: It will not remember the information about the packets which are passing through it and takes it to the account while filtering the packets.
Circuit level Gateway: It will do the filtering depending on the session rules, i.e when the session is initiated and by which recognized system. It monitors the TCP handshaking between the packets to determine whether the requested session is legitimate or not.

The data or the information passed through the circuit level gateway to the remote system appears to be originated from the gateway. It will hide the information about the network.
It is working in the Session Layer of the OSI model, or the TCP layer of TCP/IP.

Application Level Gateway: It also called as proxies;it is working in the Application Layer of the OSI model.

Network-based Application Firewall: It is also called as a proxy-based or reverse-proxy firewall. It is restricted to a specific type of the network traffic.
We can use this as a proxy to intercept the traffic and to block specified contents such as Viruses, Websites etc.., because it acts on the application layer
Host-based Application Firewall: It is used to monitor the application input, outputand/or system service calls made from, to, or by an application.
Stateful Multilayer Inspection Firewall: It combines the aspects of the other three types of firewalls. They filter packets at the network layer, determine whether session packets are legitimate and evaluate contents of packets at the application layer.

Detecting firewall:

By using nmap we can identify whether the firewall is present or not
nmap –sA

Output 1:

If it is showing unfiltered means the firewall is off or it means that the firewall is allowing the ports to send back its RST to the nmap.

Output 2:

If it is showing filtered means there is an active firewall is present.