Introduction to Firewalls -
Traditionally, a firewall is defined as any device (or software) used to filter or control the flow of traffic. Firewalls are typically implemented on the network perimeter, and function by defining trusted and untrusted zones
Most firewalls will permit traffic from the trusted zone to the untrusted zone, without any explicit configuration. However, traffic from the untrusted zone to the trusted zone must be explicitly permitted. Thus, any traffic that is not explicitly permitted from the untrusted to trusted zone will be implicitly denied (by default on most firewall systems). A firewall is not limited to only two zones, but can contain multiple ‘less trusted’ zones, often referred to as Demilitarized Zones (DMZ’s).
To control the trust value of each zone, each firewall interface is assigned a security level, which is often represented as a numerical value or even color. For example, in the above diagram, the Trusted Zone could be assigned a security value of 100, the Less Trusted Zone a value of 75, and the Untrusted Zone a value of 0. As stated previously, traffic from a higher security to lower security zone is (generally) allowed by default, while traffic from a lower security to higher security zone requires explicit permission.
Firewalls perform the following services:
Stateful Packet Inspection • Proxying
• Network Address Translation (NAT)
Each will be covered in some detail in this guide.
Packet Filtering is one of the core services provided by firewalls. Packets can be filtered (permitted or denied) based on a wide range of criteria: Source address
Protocol Type (IP, TCP, UDP, ICMP, ESP, etc.)
The order of the rule-list is a critical consideration. The rule-list is always parsed from top-to-bottom. Thus, more specific rules should always be placed near the top of the...
Please join StudyMode to read the full document