Skip to main content

Basics of Firewall





A firewall is a software-defined product. Which is also installed into a physical device with necessary peripherals like a cooling fan, power console, Physical Ethernet interfaces (I/O).

A firewall is a network security device and gateway level device. Basically, it is used to deny unauthorized access or unauthorized TCP/UDP packets.

TECHNICAL ABSTRACT 


A firewall is used to inspect the incoming and outgoing TCP/UPD packets with service Ports by User-defined rules called Access Control Rules (ACL).

All firewall has a pre-defined policy called 'Implicit policy' to deny all inbound and outbound traffic.
To access the internet or different network through firewalls, we have to write an ACL with Source IP address, Destination IP Address and service number (ports, ex: HTTP, SSH).

In the above picture, each brick is a user-defined ACL to access/allow specific network traffic. 

Firewall packet inspection methods: Stateless and Stateful

Stateless inspection 


In this method firewall only check the source and destination IP address with ACL.

    [+] If packet details match with ACL - The firewall will pass the packet.
    [-]  If the packet does meet the ACL -The firewall will Deny the packet.

It's also called Packet Filtering.

But in this method network services were unable to restrict. To overcome this security impact Stateful inspection method used in the Firewall in earlier days.


Stateful inspection 


Stateful packet inspection provides services beyond simple packet filtering, by additionally tracking TCP or UDP sessions between devices.

For example, the stateful inspection can track connections that originate from the trusted network. This session information is kept in a state session table, which allows temporary holes to be opened in the firewall for the return traffic, which might otherwise be denied. 

Connections from the untrusted network to the trusted network are also monitored, to prevent Denial of Service (DoS) attacks. If a high number of half-open sessions are detected, the firewall can be configured to drop the session (and even block the source) or send an alert message indicating an attack is occurring.

 A half-open TCP session indicates that the three-way handshake has not yet completed. A half-open UDP session indicates that no return UDP traffic has been detected. A large number of half-opened sessions will chew up resources while preventing legitimate connections from being established.



Currently, we are using  NGFW Firewalls to protect our network.

Labels:

Comments

Post a Comment

Popular posts from this blog

KARMA - Search for leaked Emails and Passwords

Hi Everyone, In this article we going to introduce the tool is KARMA.Its used to collect pwned Email address and passwords from pwndb. The tool is written in python3. So, you must need Python3 inside your machine . INSTALL sudo apt install tor python3 python3-pip git clone https :// github . com / decoxviii / karma . git ; cd karma sudo -H pip3 install -r requirements.txt python3 bin/karma.py --help TEST All the tests were done in  Debian/Ubuntu . Search emails with the password:  123456789 python3 bin/karma.py search '123456789' --password -o test1 Search emails with the local-part:  johndoe python3 bin/karma.py search 'johndoe' --local-part -o test2 Search emails with the domain:  hotmail . com python3 bin/karma.py search ' hotmail . com ' --domain -o test3 Search email password:  johndoe@unknown.com python3 bin/karma.py target 'johndoe@unknown.com' -o test4 DEMO VIDEO
Post a Comment
Read more