Chapter 7 - 03 - Understand Different Types of Firewalls and their Role - 03_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls F...

Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Firewall Technologies Firewalls are designed and developed with the help of different firewall services Each firewall service provides security depending on their efficiency and sophistication Packet Circuit-Level Circuit-Level Application Filtering Gateway Proxy VPN Next Generation Firewall (NGFW) Stateful Multilayer Application-Level Network Address Inspection Gateway Translation Copyright © by EC All Rights Reserved. Prohibited. Reproductionis Strictly Prohibited Firewall Technologies (Cont’d) Firewall technologies operating at each OSI layer m Firewall Technology i Virtual Private Network (VPN) Application S BNBN Application Proxies Presentation Virtual Private Network (VPN) Virtual Private Network (VPN) BNBE Circuit-Level Gateways Virtual Private Network (VPN) S\ Transport Packet Filtering A\ Virtual Private Network (VPN) EESEE BRI Network Address Translation (NAT) Packet Filtering Stateful Multilayer Inspection Virtual Private Network (VPN) S NN\ patel Packet Filtering y Physical Not Applicable \V < Copyright Copyright ©© by by All Rights All Rights Reserved. Reserved. Reproductionisis Strictly Reproduction Strictly Prohibited Prohibited Firewall Technologies Firewalls are designed and developed with the help of different firewall services. Each firewall service provides security depending on its efficiency and sophistication. There are different types of firewall technologies depending on where the communication is taking place, where the traffic is intercepted in the network, the state that is traced, and so on. Considering the capabilities of different firewalls, it is easy to choose and place an appropriate firewall to meet the security requirements in the best possible way. Each type of firewall has its advantages. Module 07 Page 768 Certified Cybersecurity Technician Copyright © by EC-Council EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Several firewall technologies are available for organizations to implement their security measures. Sometimes, firewall technologies are combined with other technologies to build another firewall technology. For example, NAT is a routing technology; however, when it is combined with a firewall, it is considered a firewall technology. The various firewall technologies are listed below: = Packet Filtering = (Circuit-Level Gateways = Application-Level Gateways = Stateful Multilayer Inspection Firewall = Application Proxy = Network Address Translation (NAT) = Virtual Private Network (VPN) = Next Generation Firewall (NGFW) The table below summarizes technologies operating at each OSI layer: OSI Layer Firewall Technology o = Virtual Private Network (VPN) Application e. = Application Proxies Presentation = Virtual Private Network (VPN). = Virtual Private Network (VPN) Session - = (Circuit-Level Gateways = Virtual Private Network (VPN) Transport e = Packet Filtering = Virtual Private Network (VPN) * Network Address Translation (NAT) Network e = Packet Filtering = Stateful Multilayer Inspection = Virtual Private Network (VPN Data Link - ( ) = Packet Filtering Physical = Not Applicable Table 7.3: Firewall Technologies The security levels of these technologies vary according to their efficiency levels. A comparison of these technologies can be made by allowing them to pass through the OSI layer between the hosts. The data passes through the intermediate layers from a higher layer to a lower layer. Each layer adds additional information to the data packets. The lower layer now sends the obtained information through the physical network to the upper layers and then to its destination. Module 07 Page 769 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls - Technical Controls Packet Filtering Firewall ’ ].. Application ' Traffic is filtered based on I Packet filtering firewalls work at the P specified rules, including source L network level of the OSI model (or the | and destination IP address, IP layer of TCP/IP) m packet type, and port number 'J Unknown traffic is only allowed up to level 2 of the network stack I i 1 Internet Protocol (IP) %V X Disallowed They are usually part of a router. Most i 7 Allowed routers support packet filtering 5 Network Interface............................ > Incoming Traffic Allowed Outgoing Traffic I In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded Copyright © by | L All Rights Reserved. Reproduction is Strictly Prohibited Packet Filtering Firewall Packet filtering is the most basic feature of all modern firewalls. Packet filtering firewalls work at the network level of the OSI model (or the IP layer of TCP/IP). They are usually part of a router. Most routers support packet filtering. In a packet filtering firewall, each packet is compared to a set of criteria before it is forwarded. Depending on the packet and the criteria, the firewall can: = Drop the packet = Forward it or send a message to the originator They evaluate each packet based on the packet header information, including source IP address, destination IP address, source port, destination port, protocol, etc. If the packet header information does not match the ruleset, the firewall drops the packet; or else, it is forwarded. Rules can include source and destination IP address, source and destination port number, or the protocol used. When a data packet passes through the network, a packet filter checks the packet header and compares it with the connection bypass table that keeps a log of the connections passing through the network. The advantage of packet filtering firewalls is their low cost and low impact on network performance. Traffic is filtered based on specified rules including source and destination IP address, packet type, and port number. Unknown traffic is only allowed up to level 2 of the network stack. Module 07 Page 770 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls - Technical Controls Application TCP l. y ‘ Internet Protocol (IP) X+ A Network Interface : Incoming Traffic Allowed Outgoing Traffic Figure 7.45: Packet filtering firewall There are three methods available for configuring packet filters after determining the set of filtering rules: * Rule 1: This rule states that it accepts only those packets that are safe, thereby dropping the rest. = Rule 2: This rule states that the filter drops only those packets that are confirmed unsafe. * Rule 3: This rule states that, if there are no specific instructions provided for any particular packet, then the user is given the chance to decide on what to do with the packet. A network packet can pass through the network by entering the previously established connection. If a new packet enters the network, the firewall verifies the packets and checks if the new packet follows/meets the rules. It then forwards the packet to the network and enters the new data packet entry of the connection in the bypass table. A packet filtering firewall is not expensive and neither does it affect network performance. Basic packet-filtering firewalls are stateless and do not maintain any information on active sessions. Every packet entering the firewall is inspected independently without maintaining any record of previously processed packets. Most routers support packet filtering. Packet filtering is a relatively low-level security measure that can be bypassed by techniques such as packet spoofing, where the attacker crafts or replaces packet headers that are then unfiltered by the firewall. As can be judged from the name, packet filter-based firewalls concentrate on individual packets and analyze their header information as well as the directed path. Traditional packet filtering firewalls make their decisions based on the following information: = Source IP address: This allows the firewall to check if the packet is coming from a valid source or not. IP header stores the information about the source of the packet and the address refers to the source system IP address. Module 07 Page 771 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls = Destination IP address: This allows the firewall to check if the packet is heading toward the correct destination; the IP header of the packet stores the destination address of the packet. = Source TCP/UDP port: This allows the firewall to check the source port of the packet. = Destination TCP/UDP port: This allows the firewall to verify the destination port of a packet to allow or deny the services. = TCP code bits: This allows the firewall to check whether the packet has a SYN, ACK, or other bits set for connecting. = Protocol in use: Packets carry protocols, and this field checks the protocol used and decides to allow or deny associated packets. = Direction: This allows the firewall to check whether the packet is coming from a packet filter firewall or leaving it. = |Interface: This allows the firewall to check whether the packet is coming from an unreliable site. Module 07 Page 772 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser