Computer Networks and Firewall Systems

Firewall Types

• Stateful Inspection Firewall: Creates a directory of outbound TCP connections, allowing incoming traffic to high-numbered ports only for packets that fit the profile of one of the entries in the directory.
• Application-Level Gateway (Proxy): Acts as a relay of application-level traffic, asking users for the name of the remote host to be accessed and relaying TCP segments.
• Circuit-Level Gateway (Proxy): Does not permit an end-to-end TCP connection, setting up two connections: one between the gateway and a TCP user on an inner host, and one between the gateway and a TCP user on an outside host.

Firewall Basing and Locations

• Firewall Basing: Can be implemented on a stand-alone machine running a common operating system, such as UNIX or Linux, or as a software module in a router or LAN switch.
• Bastion Host: A system identified by the firewall administrator as a critical strong point in the network's security, typically serving as a platform for an application-level or circuit-level gateway.
• Firewall Location: Positioned to provide a protective barrier between an external (potentially untrusted) source of traffic and an internal network.

Firewall Techniques and Configurations

• Firewall Techniques: Service control, direction control, user control, and behavior control are used to restrict access to services.
• Firewall Configurations: Can include a DMZ (demilitarized zone) network, which is an external network that separates the enterprise network from the Internet.
• Virtual Private Networks (VPN): A set of computers that interconnect by unsecure network and make use of encryption and special protocols for security.

Other

• RBAC (Role-Based Access Control) Models: Define a role as a job function within an organization, assigning access rights to roles instead of individual users.
• Packet Filtering Firewall: Applies a set of rules to each incoming and outgoing IP packet and then forwards or discards it.