Chapter 7 - 03 - Understand Different Types of Firewalls and their Role - 03_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Firewall Technologies
Firewalls are designed and developed with the help of different firewall services

Each firewall service provides security depending on their efficiency and sophistication

Packet Circuit-Level
Circuit-Level Application
Filtering Gateway Proxy VPN

Next Generation
Firewall (NGFW)

Stateful Multilayer Application-Level Network Address
Inspection Gateway Translation

Copyright © by EC All Rights Reserved. Prohibited.
Reproductionis Strictly Prohibited

Firewall Technologies (Cont’d)
Firewall technologies operating at each OSI layer

m Firewall Technology
i

Virtual Private Network (VPN)
Application
S BNBN

Application Proxies
Presentation Virtual Private Network (VPN)
Virtual Private Network (VPN)
BNBE

Circuit-Level Gateways
Virtual Private Network (VPN)
S\

Transport
Packet Filtering
A\

Virtual Private Network (VPN)
EESEE
BRI

Network Address Translation (NAT)
Packet Filtering
Stateful Multilayer Inspection

Virtual Private Network (VPN)
S NN\

patel Packet Filtering y

Physical Not Applicable \V
<

Copyright
Copyright ©© by
by All Rights
All Rights Reserved.
Reserved. Reproductionisis Strictly
Reproduction Strictly Prohibited
Prohibited

Firewall Technologies
Firewalls are designed and developed with the help of different firewall services. Each firewall
service provides security depending on its efficiency and sophistication. There are different
types of firewall technologies depending on where the communication is taking place, where
the traffic is intercepted in the network, the state that is traced, and so on. Considering the
capabilities of different firewalls, it is easy to choose and place an appropriate firewall to meet
the security requirements in the best possible way. Each type of firewall has its advantages.

Module 07 Page 768 Certified Cybersecurity Technician Copyright © by EC-Council
EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Several firewall technologies are available for organizations to implement their security
measures. Sometimes, firewall technologies are combined with other technologies to build
another firewall technology. For example, NAT is a routing technology; however, when it is
combined with a firewall, it is considered a firewall technology.
The various firewall technologies are listed below:
= Packet Filtering
= (Circuit-Level Gateways
= Application-Level Gateways
= Stateful Multilayer Inspection Firewall
= Application Proxy
= Network Address Translation (NAT)

= Virtual Private Network (VPN)

= Next Generation Firewall (NGFW)
The table below summarizes technologies operating at each OSI layer:

OSI Layer Firewall Technology
o = Virtual Private Network (VPN)
Application e.
= Application Proxies
Presentation = Virtual Private Network (VPN). = Virtual Private Network (VPN)
Session -
= (Circuit-Level Gateways
= Virtual Private Network (VPN)
Transport e
= Packet Filtering
= Virtual Private Network (VPN)
* Network Address Translation (NAT)
Network e
= Packet Filtering
= Stateful Multilayer Inspection
= Virtual Private Network (VPN
Data Link - ( )
= Packet Filtering
Physical = Not Applicable
Table 7.3: Firewall Technologies

The security levels of these technologies vary according to their efficiency levels. A comparison
of these technologies can be made by allowing them to pass through the OSI layer between the
hosts. The data passes through the intermediate layers from a higher layer to a lower layer.
Each layer adds additional information to the data packets. The lower layer now sends the
obtained information through the physical network to the upper layers and then to its
destination.

Module 07 Page 769 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls - Technical Controls

Packet Filtering Firewall
’
].. Application ' Traffic is filtered based on
I Packet filtering firewalls work at the P specified rules, including source
L
network level of the OSI model (or the | and destination IP address,
IP layer of TCP/IP) m packet type, and port number
'J Unknown traffic is only allowed
up to level 2 of the network stack
I i 1
Internet Protocol (IP) %V
X Disallowed
They are usually part of a router. Most i 7 Allowed
routers support packet filtering 5 Network Interface............................ >
Incoming Traffic Allowed Outgoing Traffic
I In a packet filtering firewall, each packet
is compared to a set of criteria before it
is forwarded

Copyright © by | L All Rights Reserved. Reproduction
is Strictly Prohibited

Packet Filtering Firewall
Packet filtering is the most basic feature of all modern firewalls. Packet filtering firewalls work
at the network level of the OSI model (or the IP layer of TCP/IP). They are usually part of a
router. Most routers support packet filtering. In a packet filtering firewall, each packet is
compared to a set of criteria before it is forwarded. Depending on the packet and the criteria,
the firewall can:
= Drop the packet
= Forward it or send a message to the originator
They evaluate each packet based on the packet header information, including source IP
address, destination IP address, source port, destination port, protocol, etc. If the packet
header information does not match the ruleset, the firewall drops the packet; or else, it is
forwarded. Rules can include source and destination IP address, source and destination port
number, or the protocol used. When a data packet passes through the network, a packet filter
checks the packet header and compares it with the connection bypass table that keeps a log of
the connections passing through the network. The advantage of packet filtering firewalls is
their low cost and low impact on network performance.
Traffic is filtered based on specified rules including source and destination IP address, packet
type, and port number. Unknown traffic is only allowed up to level 2 of the network stack.

Module 07 Page 770 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls - Technical Controls

Application

TCP

l. y ‘

Internet Protocol (IP) X+
A

Network Interface :

Incoming Traffic Allowed Outgoing Traffic

Figure 7.45: Packet filtering firewall

There are three methods available for configuring packet filters after determining the set of
filtering rules:
* Rule 1: This rule states that it accepts only those packets that are safe, thereby dropping
the rest.
= Rule 2: This rule states that the filter drops only those packets that are confirmed
unsafe.
* Rule 3: This rule states that, if there are no specific instructions provided for any
particular packet, then the user is given the chance to decide on what to do with the
packet.

A network packet can pass through the network by entering the previously established
connection. If a new packet enters the network, the firewall verifies the packets and checks if
the new packet follows/meets the rules. It then forwards the packet to the network and enters
the new data packet entry of the connection in the bypass table. A packet filtering firewall is
not expensive and neither does it affect network performance. Basic packet-filtering firewalls
are stateless and do not maintain any information on active sessions. Every packet entering the
firewall is inspected independently without maintaining any record of previously processed
packets. Most routers support packet filtering. Packet filtering is a relatively low-level security
measure that can be bypassed by techniques such as packet spoofing, where the attacker crafts
or replaces packet headers that are then unfiltered by the firewall.
As can be judged from the name, packet filter-based firewalls concentrate on individual packets
and analyze their header information as well as the directed path. Traditional packet filtering
firewalls make their decisions based on the following information:
= Source IP address: This allows the firewall to check if the packet is coming from a valid
source or not. IP header stores the information about the source of the packet and the
address refers to the source system IP address.

Module 07 Page 771 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

= Destination IP address: This allows the firewall to check if the packet is heading toward
the correct destination; the IP header of the packet stores the destination address of the
packet.

= Source TCP/UDP port: This allows the firewall to check the source port of the packet.
= Destination TCP/UDP port: This allows the firewall to verify the destination port of a
packet to allow or deny the services.
= TCP code bits: This allows the firewall to check whether the packet has a SYN, ACK, or
other bits set for connecting.
= Protocol in use: Packets carry protocols, and this field checks the protocol used and
decides to allow or deny associated packets.
= Direction: This allows the firewall to check whether the packet is coming from a packet
filter firewall or leaving it.
= |Interface: This allows the firewall to check whether the packet is coming from an
unreliable site.

Module 07 Page 772 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.