what does a firewall do?
-ensures that all communication between a business’ network and the internet conforms to its’ security policy
reference for security controls best practices
-iso 27002
principle of least privilege
-giving as little access as possible to users, applications, and systems
firewall best practices
- principle of least privilege
- regular risk assessments
- change management
- rule cleanup
- troubleshooting cleanup
- logging
- alerting
- patches, updates, and vulnerabilities
- secure remote management
- defer to company policy
change management best practices
- changes are evaluated by stakeholders
- test before implementing
- have a backout plan
- document changes
static packet filtering
-traditional firewall which controls traffic entering or exiting network interfaces
static packet filtering implementations
- single host
- at a network gateway
static packet filtering evaluates what header information?
- protocol
- source ip
- destination ip
- source tcp/udp port
- destination tcp/udp port
static packet filtering pros and cons
- high performance
- low security as it cannot operate above the network layer (3)
stateful packet inspection summary
- introduced by check point in 1994
- looks at a series of packets traveling in or out of a network by tracking the state and characteristics of network connections
stateful packet inspection breakdown
- packets belonging to active connections are automatically allowed out of the network
- can use connection and protocol information to provide security above the networking layer (3)
- connections are tracked in a state table
stateful packet inspection pros and cons
- better security
- requires more resources
next generation firewall
- third generation of firewalls
- usually act as a network gateway
- can operate at the application layer (7)
unified threat management (utm)
-the concept of having a single gateway device with a multitude of security controls
utm features
- intrusion detection system (ids)
- intrusion prevention system (ips)
- inline antivirus
- data loss prevention (dlp)
- web proxy/web content filtering
- email filtering
web application firewall (waf)
- used to protect web applications
- inspect http traffic
- can be considered a reverse proxy
- prevents: buffer overflows, cross site scripting (xss), sql injection (sqli)
zero trust model
- removes the assumption of trust
- local traffic is monitored and secured the same as external traffic
- protects against lateral attacks
