Chapter 7 - 03 - Understand Different Types of Firewalls and their Role - 02_ocred_fax_ocred.pdf

Full Transcript

oo rEEEeRRMbLy
== tec cian
cUnIly [EChNICnni
Networ~y~eia
k Securi ian
Network Security ty Contro — Technical Con
Controls ls
— Technical Controltro
s ls Exam 212-82
Exam 212-82

Types of Firewalls:
Hardware Firewalls
T "‘ WL eli i

A har re firewall is
A hardwdwa eithera adedica
are firewall is either dedica ted
ted
0 1 stand-alone hardware
0 1 stand-alone hardware device device ororit itcomes
com es
as part of router
as part of a arouter

0
0 22 The network traffic is
The network traffic is filtered
filtered usingthe
using the Public
Packet filtering techni o~ i MO..............""“’”"‘@
ic Publ.mmm@
b
packet filtering que
technique
Hardware Firewall
Hardware
Usually PartFirew
of aall
Usually Part of a
0 3 Itis use
TCP/IP Router

It is usedd toto filter
filter out the network TCP/IP Router
0 3 T
traffic
out the network traffic
——. seekebAILLARREEEEEE S 1 B R
for large busine.
ss networ A Secure Private Network
| e....... Public
for large business networks
ks Private Local Area Network
[
Network
Secure Private Network
J] }
------- Public Network
J

Copyright © © by EC All Rights
Copyright by EC IL All Rights Reserved. ReproductionIs
Reserved Reproductions Strictly Prohibited
Strictly Prohibited

Typ
Typeess of Fir
Fireewa
walls : Sof twa
lls: Soft ware
re
Fir
Fireewa lls
walls
Q Asoft
Aso ware
ftw firewal
are firewalll isis aa sof
softwa re progra
tware Program install on a
m installeedd on
comput
com er, just
puter, just like
like nor
normal softwa re a
mal sof tware
QQ Itis gen
itis genera lly use
erally usedd toto filt
filter traffic for individual home users
er traf fic for individual home users
QQ ito
1t only filters
nly filt traffic
ers traf for the
fic for the com
comput er on which it is installed,
puter on whi ch it is installed,
not for
not for the
the enti
entire
re netnetwor
workk

Computer with
g Computer with
Firewall
Firewall Software
Software

Computer with 3 h
Firewall Software

Computer
Compu with
ter with
Firewall
Firewal Software
l Softwa re H
:' : Public
é Network
: Public Network
E --------- ; m { -------
; fi Secure Private Network
( ------- Secure Private Network I
Computer with Comp'rle'wlm
Computer with ’ }.......
------- Public
PublicNetwork
Network
FirewallSoftware
Firewall Software Firewall Software
Software /
Flrewall
Note: It is recommended
Note: Itis recommended that
thatyouyouconfigure eboth
configur botha soft
a software
ware andanda hard
a hardwar
ware efirew
firewall
all forforbest
best protection
protection
Copyright
Copy right© by© by EC EC All Rights Reserved. Reproductionis Strictly Prohibited
All Rights Reser ved Reproductionis Strictly
Prohibited

Module 07 Page 760
Module 07 Page 760
CertCertifi
ified edCybCybers
ersecuecurit y hni
Techni
rity Tec ciancian Copyright © by EC-Council
Copyri ght © by EC-Cou - - l
All All
RighRights Reserve
ts Reserv Re Renradiirtinn ta comiosr ~ nci
ed. d.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Types of Firewalls: Host-based and
Network-based Firewalls
Host-based Firewalls Network-based Firewalls

O The host-based firewall is used to O The network-based firewall is used
filter inbound/outbound traffic of an to filter inbound/outbound traffic
individual computer on which it is ! from Internal LAN
installed i
QO Itis a hardware-based firewall
QO Itis a software-based firewall
0O Example: pfSense, Smoothwall, Cisco
QO This firewall software comes as part of SonicWall, Netgear, ProSafe, D-Link,
0S i etc.

0O Example: Windows Firewall, Iptables,
UFW etc.

Note: It is recommended to configure both a host and network-based firewall for best protection

Types of Firewalls: External and Internal Firewalls. N
Internal Firewalls. External Firewalls 7 Internal firewalls are used to protect one
network segment from other in the
internal network
External firewalls are used to
limit the access between the » Internal firewalls are placed in a situation
protected and public networks where different types of access is required
for specific services or information, and
> Itis placed to provide access for security
control and protection for the » Internal firewalls sit between two network
DMZ systems segments of the same organization or
between two organizations that share the
same network

Note: It is recommended to configure both an external and internal firewall whenever required

Types of Firewalls
There are two types of firewalls.
= Hardware Firewalls
A hardware firewall is a dedicated firewall device placed on the perimeter of the
network. It is an integral part of the network setup and is also built into broadband
routers or used as a standalone product. A hardware firewall helps to protect systems

Module 07 Page 761 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

on the local network and performs effectively with little or no configuration. It employs
the technique of packet filtering. It reads the header of a packet to find out the source
and destination addresses and compares them with a set of predefined and/or user-
created rules that determine whether it should forward or drop the packet. A hardware
firewall functions on an individual system or a particular network connected using a
single interface. Examples of hardware firewalls include Cisco ASA and FortiGate.
Hardware firewalls protect the private local area network.
However, hardware firewalls are expensive as well as difficult to implement and
upgrade.
Advantages:
o Security: A hardware firewall with its operating system (OS) is considered to reduce
security risks and increase the level of security controls.
o Speed: Hardware firewalls initiate faster responses and enable more traffic.
o Minimal Interference: Since a hardware firewall is a separate network component, it
enables better management and allows the firewall to shut down, move, or be
reconfigured without much interference in the network.
Disadvantages:
o More expensive than a software firewall.
o Difficult to implement and configure.
o Consumes more space and involves cabling.

(NN ° *. (NN * °. (NN °

P bl.
I...III.I‘: :

-. e O
m S Network
;n-----n-. SEsEsEEEEREES -------.-.---...
— — ---. ==

: Hardware Firewall. Usually Partof a
: TCP/IP Router

E' «ssssss Secure Private Network
Private Local Area Network s=====* Public Network

Figure 7.43: Hardware Firewall

= Software Firewalls
A software firewall is similar to a filter. It sits between a regular application and the
networking components of the OS. It is more useful for individual home users and it is
suitable for mobile users who need digital security when working outside the corporate

Module 07 Page 762 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

network. Further, it is easy to install on an individual’s PC, notebook, or workgroup
server. It helps protect your system from outside attempts at unauthorized access and
provides protection against everyday Trojans and email worms. It includes privacy
controls, web filtering, and more. A software firewall implants itself in the critical area of
the application/network path. It analyzes the data flow against the rule set.
The configuration of a software firewall is simple compared to that of a hardware
firewall. A software firewall intercepts all requests from a network to the computer to
determine if they are valid and protects the computer from attacks and unauthorized
access. It incorporates user-defined controls, privacy controls, web filtering, content
filtering, etc., to restrict unsafe applications from running on an individual system.
Software firewalls use more resources than hardware firewalls, which reduces the speed
of the system. Examples of software firewalls include those produced by Norton,
McAfee, and Kaspersky.

Advantages:

o Less expensive than hardware firewalls.
o Ideal for personal or home use.
o Easier to configure and reconfigure.
Disadvantages:
o Consumes system resources.

o Difficult to uninstall.
o Not appropriate for environments requiring faster response times.

Computer with

o
Firewall Software
D

(=]
o
{llllll.llllll

Computer with
Firewall Software

L3
)

=4
0

Computer with
Firewall Software Public Network

)
-

«ssssss SecurePrivate Network

Computer with ==sssss Public Network
Computer with
Firewall Software
Firewall Software
Figure 7.44: Software Firewall

Note: It is recommended that you configure both a software and a hardware firewall for
best protection.

Module 07 Page 763 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

= Host-based Firewalls

A host-based firewall is a software-based firewall that can filter inbound/outbound
traffic of an individual computer on which it is installed and checks for any malicious
activity throughout the network. It comes as part of the system’s OS. For example,
Microsoft Firewall that is part of Windows system, Iptables, Uncomplicated Firewall
(UFW), etc. The different levels of traffic analysis of these firewalls include packet
analysis at the network and transport layers of the OSI model. These firewalls check the
MAC address, IP address, packet source, and destination port before allowing a packet
to pass. Then, a stateful filter validates the packets. In the end, the packet is validated at
the application layer.
Advantages

o Provides security for devices irrespective of change in location
o Provides internal security and avoids internal attacks by allowing only authorized
users
o Setup requires basic hardware/software installation
o Useful for individuals and small businesses with fewer devices as they provide
customized protection
o Provide flexibility by allowing applications and virtual machines (VMs) to take their
host-based firewalls along with them when they are moved between cloud
environments

o Allows configuring a single device for an individual’s requirements using custom
firewall rules
Disadvantages
o Not suitable for larger networks
o Provide less security because if an attacker can access a host, they can turn off the
firewall or install malicious code undetected by the organization
o Must be replaced if bandwidth exceeds firewall throughput or, otherwise, more
effort are needed to scale up every device if the number of hosts increase
o Costly, as they require individual installation and maintenance on every server for
big organizations

o Dedicated IT staff is needed for maintaining each device
= Network-based Firewalls
A network-based firewall is a hardware-based firewall that can be used to filter
inbound/outbound traffic on internal LAN. For example, pfSense, Smoothwall, CISCO
SonicWall, Netgear, ProSafe, D-Link, etc. Such a firewall functions on the network level
and filters data that traverses through the network, forming a network perimeter as the

Module 07 Page 764 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

first line of defense. It functions by routing traffic to proxy servers, which manage data
transmission in the network.
Advantages

o Network-based firewalls do not require individual installation and maintenance on
every server.
o As any malicious traffic would exist at the network barrier, they can provide greater
security than what host-based firewalls can provide a host.
o They allow scalability when a client’s bandwidth demands increase.
o They offer high availability (uptime) and their security can be extended beyond a
single service provider network.
o They require a limited workforce that may be needed to manage one or two sets of
network firewalls.
o They are appropriate for SMEs or organizations with large networks.
Disadvantages

o They do not consider applications and vulnerabilities on a system/VM.
o They do not provide protection for host-to-host communication in the same VLAN.

o Their setup requires highly skilled resources.
o Their cost is lower in the case of big organizations.
o Incorrect maintenance of network firewalls that function as proxy servers may
decrease network performance.
Note: It is recommended to configure both a host and network-based firewall for best
protection

In the real environment, a combination of host-based and network-based firewalls
provides greater security. For example, if an attacker were able to breach the network-
level security, it would still be difficult to breach each host-based firewall. This
combination is suitable for big organizations with complex networks, which have higher
threat levels to their sensitive data and need to meet the strong compliance standards.
= External Firewalls

External firewalls are used to limit access between the protected network and the public
network. They validate the inbound and outbound traffic of the internal network and
translate addresses between the internal and public IP addresses. These firewalls are
placed to provide access control and protection for the DMZ systems in which new
connections are disallowed from the external to the internal network.
They provide security for legacy devices that do not have firewalls. They also provide
security to systems that have issues preventing them from having protection
capabilities. The implementation of external firewalls is done by placing the external

Module 07 Page 765 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls - Technical Controls

firewall between the legacy device and the LAN. Even if the legacy device is
compromised, the external firewall device can detect the malicious device and prevent
it from spreading the attack to the remaining devices in the network and also prevent it
from contacting applications on the Internet. Examples include Floodgate Defender by
Icon Labs, Firebox M440 by WatchGuard (switch-oriented firewall), etc.

Advantages

o Operate independent of legacy devices
o Can be updated independently of legacy devices
o Ability to control systems with more open connections such as a web browser
o Allow quick installation and are easy to configure
o Useful for replacing the connection of a legacy device to a switch with a connection
to the firewall device by combining the external firewall with a switch (this is
applicable if an organization’s legacy devices cannot be updated for security and
replacing the system may not be feasible)
= |Internal Firewalls

Internal firewalls/internal network segmentation firewalls are used to protect one
network segment from others in the internal network and ensure the application of
stateful inspection and policies for the traffic that traverses through the internal
network. These firewalls allow restricting the malicious activity in one segment of the
network from spreading to other internal network segments.
These are placed in a situation where different types of access are required for specific
services or information. Internal firewalls sit between two network segments of the
same organization or between two organizations that share the same network. Instead
of using switches, internal firewalls allow segmenting the network as well as monitoring
its traffic by implementing stateful policies.
Advantages
o They isolate and secure critical servers and systems from internal users and external
users accessing public servers while restricting the to access the network and will be
under monitoring always.
o They block communication between two hosts and isolate the segment where
malicious activity is identified
o They provide visibility into the internal network
o They allow segmentation and monitoring of even large L2 networks (but the internal
firewalls need to be placed between two stacks of L2 aggregation switches)
o Traffic handling capacity is higher compared to placing the firewalls at the edge of
the network

o They restrict remote users to a few network segments

Module 07 Page 766 Certified Cybersecurity Technician Copyright © by EC-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

o They allow containment and monitoring of VPN traffic
Disadvantages
o Internal firewalls need the creation of additional subnets
o Problematic for systems that move among different networks
o Expensive devices
Note: It is recommended to configure both an external and internal firewall whenever
required.

Module 07 Page 767 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.