Chapter 7 - 03 - Understand Different Types of Firewalls and their Role - 06_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

OQ Next generation firewall (NGFW) firewall technology is third-generation
firewall technology that moves beyond port/protocol inspection ‘1

OQO In addition to traditional firewall capabilities, NGFW firewall technology
has the capability to inspect traffic based on packet content

O Typical NGFW capabilities:
Deep packet inspection (DPI)
N

Encrypted traffic inspection
N

QoS/bandwidth management
N

Threat intelligence integration
YT

Integrated intrusion prevention system
N

Advanced threat protection
N

Application control
N
AN

Antivirus inspection
A

Next Generation Firewall (NGFW)
An NGFW is a third-generation network security device that provides firewalling, intrusion
prevention, and application control. In addition to traditional firewall capabilities, NGFW
firewall technology has the capability to inspect traffic based on packet content. It offers
packet filtering and proxy-based decision making within layers 3 and 4. It also expands its
protection at the application layer (layer 7).
Features of NGFW
= Application awareness and control
= User-based authentication
= Malware protection

= Stateful inspection
= Integrated IPS
|Integrated
= |dentity awareness (user and group control)
= Bridged and routed modes
= Ability to utilize external intelligence sources
Typical NGFW capabilities
= Deep packet inspection (DPI)
= Encrypted traffic inspection
*= QoS/bandwidth management

Module 07 Page 785 Certified Cybersecurity Technician Copyright © by EC-Council
EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Threat intelligence integration
Integrated intrusion prevention system
Advanced threat protection
Application control
Antivirus inspection

Advantages
Application-level security: It provides application security functions such as IDS and IPS
for improved packet-content filtering.
Single console access: It can be accessed from a single console whereas traditional
firewalls require manual setup and configuration.
Multilayered protection: It provides multilayered protection by inspecting traffic from
layers 2-7.
Simplified infrastructure: It acts as the single authorized device for managing and
updating security protocol.
Optimal use of network speed: In traditional firewalls, the network speed decreases
with increase in security protocol and devices, whereas with NGFW the potential
throughput is consistently achieved irrespective of increase in the number of security
protocols and devices.

Antivirus, ransomware and spam protection, and endpoint security: NGFWs come as
complete packages with antivirus, ransomware and spam protection, and endpoint
security. Hence, there is no need for separate tools to monitor and control cyber
threats.

Capability to implement role-based access: NGFW detects user identity, which helps
the organization set role-based access to their data and content. It can also work with
different user roles and limit the scope of access for a user/group.

Module 07 Page 786 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Firewall Capabilities

—Prevent
Prevent network scanning

— Performs user authentication

~Filters
" Filters packets, services, and protocols

Performs traffic logging

—— Performs network address Translation (NAT)

Dreaventemalware attacke
Prevents malware attacks

Firewall Capabilities
Be aware of a firewall’s capabilities before planning for implementation. By knowing the
capabilities of different types of firewalls, you will be able to decide what type to implement or
whether a different security control or solution better suits your needs.

Prevent network scanning

Performs user authentication

Performs network address Translation (NAT)

revents malware attacks

Figure 7.52: Firewall capabilities

Module 07 Page 787 Certified Cybersecurity Technician Copyright © by EG-Council
EC-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Listed below are the typical capabilities of a firewall:
A firewall examines all the traffic flowing through it to see if it meets the firewall ruleset
criteria.

It only permits traffic that is explicitly allowed by rules; all other traffic is normally
denied by default.
It filters both inbound and outbound traffic.

It examines each packet passing through the network and decides whether to send the
packet to the destination or not.
It manages public access to private networked resources such as host applications.
It logs all attempts to enter the private network and triggers an alarm when hostile or
unauthorized entry is attempted.
Firewalls work as filters and help in preventing unsafe packet flow into the private
network.
The functions of the firewall include gateway defense, carrying out defined security
policies, hiding and protecting internal network addresses, reporting threats and
activity, and segregating activity between trusted networks.

Module 07 Page 788 Certified Cybersecurity Technician Copyright © by EG-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Firewall Limitations

1 2 3 4
A firewall does not A firewall does not A firewall cannot do A firewall is not an
prevent the network protect the network anything if the alternative to antivirus
from backdoor attacks from insider attacks network design and or antimalware
configuration is faulty

S 6 { 8
A firewall does not A firewall cannot A firewall does not A firewall does not
prevent new viruses prevent social prevent passwords block attacks from a
engineering threats misuse higher level of the
protocol stack

Copyright © by EC-{ IciL All Rights Reserved. Reproduction
is Strictly Prohibited.

Firewall Limitations

Never ignore a firewall’s limitations. Implementing a firewall without understanding its
limitations may give one a false sense of security. Deploying a firewall solution that is not
designed for a given task may fail to address the security risks the organization faces.
Understanding the different types of firewalls and analyzing the limitations of each type will
help in effectively balancing security with usability, performance, and cost.
Listed below are the typical limitations of firewalls:
A firewall does not protect the network from backdoor attacks. For example, a
disgruntled employee who cooperates with an external attacker.
A firewall does not protect the network from insider attacks
A firewall cannot do anything if the network design and configuration is faulty
A firewall is not an alternative to antivirus or antimalware. If external devices such as a
laptop, mobile phone, portable hard drive, etc. are already infected and connected to
the network, then firewalls cannot protect the network in such instances.
A firewall does not prevent new viruses. Firewalls are unable to fully protect the
network from all types of zero-day viruses that may try to bypass them.
A firewall cannot prevent social engineering threats. They cannot protect the network
from social engineering, insiders, and data-driven attacks where the attacker sends
malicious links and emails to employees inside the network.
A firewall does not prevent passwords misuse
A firewall does not block attacks from a higher level of the protocol stack

Module 07 Page 789 Certified Cybersecurity Technician Copyright © by EC-Gouncil
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls - Technical Controls

A firewall does not protect against attacks originating from common ports and
applications
A firewall does not protect against attacks from dial-in connections
A firewall is unable to understand tunneled traffic
Firewalls can restrict users from accessing valuable services such as FTP, Telnet, NIS, etc.
and sometimes restrict Internet access as well.
Firewalls concentrate security at one single point, which makes other systems within the
network prone to security attacks.
They can cause a bottleneck if all the connections pass through a firewall.
Sometimes, firewalls have less computing speed than their network interface. This can
create a problem when a host with a network interface is faster than the firewall’s
internal processor.

Module 07 Page 790 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.