|
|
|
# What is a Firewall?
|
|
|
|
|
|
|
|
Firewalls are a key component of a secure network. At a basic level, a firewall serves as a “filter” between a network and the Internet other other external networks. Just like an air or water filter keeps unsafe particles from polluting an environment, a firewall keeps potentially malicious activity from entering or exiting a network. In an environment with several devices connecting to the internet, a firewall should be placed at every Internet connection.
|
|
|
|
Firewalls are a key component of a secure network. At a basic level, a firewall serves as a filter between a network and the Internet other other external networks. Just like an air or water filter keeps unsafe particles from polluting an environment, a firewall keeps potentially malicious activity from entering or exiting a network. In an environment with several devices connecting to the internet, a firewall should be placed at every Internet connection.
|
|
|
|
|
|
|
|
When configuring a firewall for a network, the administrator will set a variety of *rules*, or policies that determine what traffic should be permitted into or blocked from the network. There are multiple ways that firewall rules can help filter traffic, and the following three methods are the most common: packet filtering firewalls, application-level firewalls, and stateful inspection firewalls. Other types of firewalls include unified threat management firewalls, next-generation firewalls, and virtual firewalls.
|
|
|
|
|
| ... | ... | @@ -10,17 +10,23 @@ When configuring a firewall for a network, the administrator will set a variety |
|
|
|
|
|
|
|
*Packet filtering* involves checking incoming traffic against a series of filters. This traffic enters the network as a collection of packets, or segments of data. Based on the filtering rules, acceptable packets will be permitted to enter the system, and all other packets will be rejected.
|
|
|
|
|
|
|
|
A benefit of this type of firewall is that it is simple. It is easy for new firewall users to understand and works well in environments that are not very complex. However, this type of firewall can be limiting in certain environments where there may be exceptions to firewall rules in certain situations.
|
|
|
|
|
|
|
|
## Application-Layer Firewalls
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*Proxy service* is when the firewall acts as an in-between for a client server and the Internet. In this configuration, the firewall requests and retrieves the information from the Internet and processes it before it enters the protected network. This places the majority of the risk on the remote proxy device, rather than the device inside the network.
|
|
|
|
In an *application-layer firewall,* the firewall acts as an in-between for a client server and the Internet. In this configuration, the firewall requests and retrieves the information from the Internet and processes it before it enters the protected network. It splits Internet communications into two separate conversations, as shown in the above diagram, so the network doesn't need to interact directly with the Internet. This places the majority of the risk on the remote proxy device, rather than the device inside the network.
|
|
|
|
|
|
|
|
Application-layer firewalls increase security because they are able to check for malicious behavior or code in-depth. They also tend to be able to "comprehend" the intricacies of specific protocols more than a general firewall would. The weakness of this firewall comes in it's processing needs; these firewalls tend to be slower and require more resources.
|
|
|
|
|
|
|
|
## Stateful Inspection Firewalls
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*Stateful inspection* is an up-and-coming innovation in firewall technology. It builds upon the concept of packet filtering in hopes of making it more efficient. Rather than checking the entire packet contents, the firewall only inspects specific parts of a packet against a collection of trusted data. Additionally, stateful inspection also monitors outgoing traffic, or information moving from the network to the Internet. The dynamic nature of stateful firewalls allows for certain filtering rules to be changed or ignored in specific circumstances.
|
|
|
|
*Stateful inspection* is an up-and-coming innovation in firewall technology. It builds upon the concept of packet filtering in hopes of making it more efficient. Rather than checking the entire packet contents, the firewall only inspects specific parts of a packet against a collection of trusted data. Additionally, stateful inspection relies on both the content of the code and the context in which it is being executed. The dynamic nature of stateful firewalls allows for certain filtering rules to be changed or ignored in specific circumstances.
|
|
|
|
|
|
|
|
This configuration of firewall is very helpful when administrators need to create complex policies. It provides advanced security and is more secure due to its various levels of testing and validation. However, much like the application-layer firewalls, stateful inspection firewalls tend to consume a large amount of processing resources and can be slow.
|
|
|
|
|
|
|
|
## Why do we Use Firewalls?
|
|
|
|
Network security is a key component of overall device security. Since a network is a series of interconnected devices, it is clear that if even one device is at-risk, all of the devices on the network are in jeopardy as well. A firewall makes it more difficult for external attackers to inject malware into a system remotely. Additionally, having a secure firewall will prevent insider threats from communicating with external actors or performing rogue actions on a system. The risk of not using a firewall can be astronomical.
|
| ... | ... | @@ -31,4 +37,85 @@ Fortunately, there are a wide variety of solutions to network security provided |
|
|
|
|
|
|
|
## Best Practices for Firewall Configuration
|
|
|
|
|
|
|
|
Properly configuring the firewall is the obvious first step to achieving a secure network. It is important to note that firewall configuration is extremely dependent on the circumstances, functions, and needs of the person or organization who owns the network. However, there are a few tried-and-true best practices for a secure firewall.
|
|
|
|
|
|
|
|
### Define User Privileges
|
|
|
|
|
|
|
|
When you first access your firewall, disable any automatic user accounts and secure all the default passwords. Then, establish accounts for the firewall based on each administrator and user specifically, particularly if more than one individual needs access to firewall management. Use strong passwords limit user access to the areas in which they need access.
|
|
|
|
|
|
|
|
### Segment Your Firewall
|
|
|
|
|
|
|
|
As you set rules for your firewall, segment your network into multiple zones. For each part of your network, define the services, protocols, and external access needed for proper network functionality. Identify sources of risk in the event of a breach within each zone.
|
|
|
|
|
|
|
|
Once these zones have been established, determine what types of traffic need to be able to flow in and out of each part of your network. Create access control lists (ACLs) for each zone specifically.
|
|
|
|
|
|
|
|
### Block Traffic by Default
|
|
|
|
|
|
|
|
Only allow services and ports to be available when they are needed, and never by default. When first configuring a firewall, you may be tempted to allow certain services to remain open, thinking, "I can add restrictions once I know how I'm going to use this service in the future." This mentality can be damaging. Instead, block all services and only open those services as they are specifically needed.
|
|
|
|
|
|
|
|
There are times when specific instances arise where a blocked service may need to be used. This is a benefit of a dynamic firewall configuration, like the stateful inspection model. You should only allow users and external agents to use the services they need based on the context of the request, and a dynamic configuration allows for this flexibility if needed. Regardless of your firewall configuration, ensure there are very clear procedures for changing the firewall configuration, as described in the next section.
|
|
|
|
|
|
|
|
### Regularly Test and Manage Your Firewall
|
|
|
|
|
|
|
|
Once you’ve completed firewall configuration, your work isn’t done. As time passes, it's important to check back on your firewall and ensure it is still properly securing your network. Here is a list of maintenance activities that should be regularly undertaken by your IT team to manage your firewall.
|
|
|
|
|
|
|
|
* Document all firewall rules as they are made in your system. Include historical information (date/time), the reasoning behind the rule, affected services, and the name of the person who established the rule. This will create consistency and help future professionals.
|
|
|
|
* Run penetration tests on your firewall to check for holes in your defenses.
|
|
|
|
* Revisit your policies regularly and make changes as needed.
|
|
|
|
* Keep up to date with industry standards and regulations. Follow the news to be aware of any new vulnerabilities that may impact your firewall.
|
|
|
|
* Automate software and firmware updates for your firewall.
|
|
|
|
* Regularly monitor logs for suspicious activities.
|
|
|
|
* Create a clear procedure for changing the firewall configuration. This helps avoid miscommunication and eliminates loopholes people can use to get around firewall policies.
|
|
|
|
|
|
|
|
## Common Firewall Vulnerabilities
|
|
|
|
|
|
|
|
Just as there are fool-proof best practices to protect your network using a firewall, there are also fool-proof ways to misconfigure a firewall and potentially cause harm.
|
|
|
|
|
|
|
|
Take for example the Capital One data breach, which occurred in the summer of 2019. The hacker was able to gain access to one of Capital One's servers using a firewall misconfiguration, leading to the acquisition and exposure of millions of their customer's personal data.
|
|
|
|
|
|
|
|
Here are some common issues with firewall configurations and how to avoid them.
|
|
|
|
|
|
|
|
### Broad Firewall Rules
|
|
|
|
|
|
|
|
When first configuring a firewall, it can be difficult to define the needs of the system. Therefore, some IT teams will keep very loose rules with plans to refine them as time passes. However, the more time passes, the less of a priority it is to work on these configurations, which can leave certain services on your network exposed.
|
|
|
|
|
|
|
|
To avoid this problem, block services by default. Only permit those services which users need to use, and regularly revisit your security policies to ensure this information is still accurate.
|
|
|
|
|
|
|
|
### Using Outdated or Vulnerable Technologies
|
|
|
|
|
|
|
|
Even if you have a rock-hard firewall, allowing vulnerable software or hardware to access your network can get rid of all of your hard work. Avoid using software that is known to be old and easy to exploit, like telnet. Check that all your devices are secure themselves before allowing them to be incorporated into your network.
|
|
|
|
|
|
|
|
Similarly, ensure that all technology being used on your system is consistent across your organization and up to industry standards. This is especially important in areas like authentication and data encryption.
|
|
|
|
|
|
|
|
### Poor Configurations for Remote Access
|
|
|
|
|
|
|
|
One of the easiest ways to set up remote access into a network is using port forwarding. However, this is also an extremely vulnerable way to set up remote access. It doesn't allow for proper restriction of source IP addresses or ports. If the device permitted to connect remotely is compromised, the entire network is at-risk.
|
|
|
|
|
|
|
|
### Disregarding Outgoing Traffic
|
|
|
|
|
|
|
|
It is pretty clear that firewalls can protect a network from malware coming from the Internet. With this understanding, it can be hard to remember to restrict outgoing traffic from the internal network to the Internet. Without proper egress traffic filtering, users from inside the network are able to make connections anywhere online. This makes it easier for attackers to take advantage of internal actors and insider threats.
|
|
|
|
|
|
|
|
### Ignoring Logs
|
|
|
|
|
|
|
|
If your network is under attack, there is a good chance that evidence of the attack will show in the firewall's logs. However, many administrators do not take the proper amount of time to read and analyze their logs. This can make it easier for an attacker to sneak through a hole in the firewall's defenses without being noticed.
|
|
|
|
|
|
|
|
# Sources
|
|
|
|
* General Firewall Information
|
|
|
|
* How Firewalls Work: https://computer.howstuffworks.com/firewall1.htm
|
|
|
|
* What Are Firewall Rules: https://www.algosec.com/what-are-firewall-rules/
|
|
|
|
* Packet Filtering Firewalls
|
|
|
|
* Image Source: https://content.iospress.com/articles/argument-and-computation/aac008
|
|
|
|
* Application-Layer Firewalls
|
|
|
|
* Image Source: https://networkencyclopedia.com/application-layer-proxy/
|
|
|
|
* What is Application Layer Filtering: http://www.internet-computer-security.com/Firewall/Application-Layer-Filtering.html
|
|
|
|
* Stateful Inspection Firewall
|
|
|
|
* Image Source: https://www.illumio.com/blog/firewall-stateful-inspection
|
|
|
|
* Firewall Configuration Best Practices
|
|
|
|
* https://blog.eccouncil.org/6-best-practices-for-secure-network-firewall-configuration/
|
|
|
|
* https://insights.sei.cmu.edu/blog/best-practices-for-network-border-protection/
|
|
|
|
* https://www.esecurityplanet.com/networks/fine-tuning-firewall-rules-best-practices/
|
|
|
|
* Common Firewall Configuration Mistakes
|
|
|
|
* https://www.darkreading.com/operations/5-most-common-firewall-configuration-mistakes-/a/d-id/1322225
|
|
|
|
* https://www.networkcomputing.com/network-security/five-firewall-configuration-mistakes-you-need-avoid
|
|
|
|
* Firewall-Related Cyber Attacks
|
|
|
|
* Capital One Data Breach: https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html |
|
|
\ No newline at end of file |
