Firewall
■ Common network security device that acts as a barrier to networks
■ Uses a set of rules to define permitted or denied traffic
■ Types
● Software/Hardware Based
● Virtual/Physical devices
● Host/Network Based
■ Functions
● Performs Network Address Translation (NAT) or Port Address Translation (PAT)
● Can use one public IP and many private IPs
Types of Firewalls: Packet Filtering Firewall
■ Packet Filtering Firewall
● Permits or denies traffic based on packet headers
● Uses Access Control Lists (ACLs) for decision-making
● Limited by rules and may not enable two-way communication effectively
Types of Firewalls: Stateful Firewall
● Inspects traffic as part of a session
● Allows incoming traffic that corresponds to outgoing requests
● Can be exploited in phishing attacks due to session-based nature
○ Combine Packet Filtering and Stateful Firewalls for good security
■ Modern firewalls often support both packet filtering and stateful capabilities
Types of Firewalls: Next-Generation Firewall (NGFW)
● Conducts deep packet inspection (DPI) for detailed traffic analysis
● Operates at layers 5, 6, and 7 of the OSI model
● Can be specific to web servers (web application firewall) or for entire networks
Access Control Lists (ACLs)
■ Sets of rules assigned to routers or firewalls
■ Permit or deny traffic based on IP/MAC address or port depending on device
● Switch – MAC address
● Router – IP address
● Firewall – IP address or port
■ Criteria
● Source/destination IP
● Source/destination port
● Source/destination MAC
○ Exam Tip
■ Study how to read ACLs
Unified Threat Management (UTM) System
■ Combines firewall, router, intrusion detection/prevention, malware solutions, and other security devices
■ Generally considered a border device with next-generation firewall capabilities
■ Available as physical, virtual, or cloud solutions
