Please enable JavaScript.
Coggle requires JavaScript to display documents.
Module 9: Firewall Technologies, image, image, image, image, image, image,…
Module 9: Firewall Technologies
9.0 Introduction
9.0.1 Why should i take this module?
The network security infrastructure defines the way in which devices are connected together to achieve end-to-end secure communications.
9.0.2 What will i learn in this module?
Explain how firewalls are implemented to provide network security.
9.1 Secure Networks with Firewalls
9.1.1 Firewalls
A firewall is a system, or group of systems, that enforces an access control policy between networks.
9.1.2 Types of Firewall
Packet Filtering (Stateless) Firewall
They are stateless firewalls that use a simple policy table look-up that filters traffic based on specific criteria.
Stateful Firewall
Stateful firewalls are the most versatile and the most common firewall technologies in use.
Application Gateway Firewall
Most of the firewall control and filtering is done in software. When a client needs to access a remote server, it connects to a proxy server.
Next Generation Firewall
Next-generation firewalls (NGFW) go beyond stateful firewalls by providing:
Integrated intrusion prevention
Application awareness and control to see and block risky apps
9.1.4 Packet Filtering Firewall Benefits and Limitations
Packet filtering firewalls are usually part of a router firewall, which permits or denies traffic based on Layer 3 and Layer 4 information
They are stateless firewalls that use a simple policy table look-up that filters traffic based on specific criteria, as shown in the figure
9.1.5 Steteful Firewall Benefits and Limitations
There are several benefits to using a stateful firewall in a network
Stateful firewalls are often used as a primary means of defense by filtering unwanted, unnecessary, or undesirable traffic.
Stateful firewalls strengthen packet filtering by providing more stringent control over security.
Stateful firewalls improve performance over packet filters or proxy servers.
Stateful firewalls defend against spoofing and DoS attacks by determining whether packets belong to an existing connection or are from an unauthorized source.
Stateful firewalls provide more log information than a packet filtering firewal
9.2 Firewalls In Networks Desing
9.2.1 Common Security Architectures
Private and Pubiic
As shown in the figure, the public network (or outside network) is untrusted, and the private network (or inside network) is trusted.
Demilitarized Zone
A demilitarized zone (DMZ) is a firewall design where there is typically one inside interface connected to the private network, one outside interface connected to the public network, and one DMZ interface, as shown in the figure
Zone-Based Policy Firewalls
Zone-based policy firewalls (ZPFs) use the concept of zones to provide additional flexibility. A zone is a group of one or more interfaces that have similar functions or features.
9.2.2 Layered Defense
A layered defense uses different types of firewalls that are combined in layers to add depth to the security of an organization. Policies can be enforced between the layers and inside the layers.
9.3. Firewall Technologies Summary
9.3.1 What did i learn in this module?
Secure Networks with Firewalls
There are several different types of firewalls. Packet filtering (stateless) firewalls provide Layer 3 and sometimes Layer 4 filtering.
A stateful inspection firewall allows or blocks traffic based on state, port, and protocol.
Firewalls in Network Designs
Common security architectures define the boundaries of traffic entering and leaving the network.
When looking at a topology that has access to outside or public networks, you should be able to determine the security architecture.
