Please enable JavaScript.

Coggle requires JavaScript to display documents.

Firewall technologies - Coggle Diagram

- - - - Part of router firewall that permits or denies traffic based on simply layer 3 and 4 information
    - - Packet filters implement simple permit or deny rule sets.
      - Packet filters have a low impact on network performance.
      - Packet filters are easy to implement, and are supported by most routers.
      - Packet filters provide an initial degree of security at the network layer.
      - Packet filters perform almost all the tasks of a high-end firewall at a much lower cost.
    - - Packet filters are susceptible to IP spoofing.
      - Packet filters do not reliably filter fragmented packets.
      - Packet filters use complex ACLs
      - Packet filters cannot dynamically filter certain services
  - - - Provide stateful packet filtering by using connection information maintained in a state table.
    - - Filtering unwanted, unnecessary, or undesirable traffic.
      - Strengthen packet filtering by providing more stringent control over security.
      - Improve performance over packet filters or proxy servers.
      - defend against spoofing and DoS attacks by determining if the packet belongs to connection
      - Provide more log information than a packet filtering firewall.
    - - They do not examine the actual contents of the HTTP connection.
      - Not all protocols are stateful or generate state table
      - It is difficult to track connections that use dynamic port negotiation
      - Do not support user authentication
- - - - Use the concept of zones to provide additional flexibility. traffic between zones is inspected, dropped or passed
    - - Concept
        
        A group of one or more interfaces that have similar functions or features. Cisco IOS firewall policies are applied to them
- - - - Bastion Host
        
        Hardened computer that is typically located in the DMZ
  - - - Protects against malicious software and traffic anomalies, enforces network policies, and ensures survivability
    - - Secures boundaries between zones
    - - Provides information assurance
    - - Provides identity and device security policy compliance