EC-Council: Computer Hacking Forensic Investigator(CHFI-V10) |
||||
Module 8 : Network Forensics |
||||
| Notes available : 7 |
You are not logged in. Please Login for track your learning progress |
|||
Types of firewalls
There are five key types of firewalls that use different mechanisms to identify and filter out malicious traffic, but the exact number of options is not nearly as important as the idea that different kinds of firewall products do rather different things. In addition, enterprises may need more than one of the five firewalls to better secure their systems. Or one single firewall may provide more than one of these firewall types.
Five types of firewall based on method of operation are the following:
1. packet filtering firewall
2. circuit-level gateway
3. application-level gateway (proxy firewall)
4. Stateful inspection firewall
5. next-generation firewall (NGFW)
1. Packet-filtering firewalls
Packet-filtering firewalls assess data packets passing across network boundaries. Each packet must be compared to a set of pre-defined rules. If the packets meet these rules, the firewall allows traffic to pass. If not, packets are blocked and alerts may be issued. However, these firewalls don‘t route packets; rather they compare each packet received to a set of established criteria, such as the allowed IP addresses, packet type, port number and other aspects of the packet protocol headers. Packets that are flagged as troublesome are, generally speaking, unceremoniously dropped -- that is, they are not forwarded and, thus, cease to exist.
Advantages of packet-filtering firewalls:
· Low data requirements make them relatively fast and efficient.
· Can cover the whole network with ease.
· Affordable to install and maintain.
· Low data overheads, minimal impact on network performance.
Disadvantages of packet filtering firewalls:
· PFIs do not catch all security threats and only analyzes limited amounts of information. Payload spoofing can compromise firewall protection.
· Managing access control ledgers can be problematic.
2. Circuit-level gateways
Circuit level gateways operate at the session level. They assess traffic when local and remote hosts establish a connection. If this connection is deemed insecure, circuit level gateways will close and prevent communication between the two devices.
Circuit-level gateway advantages
· Only processes requested transactions; all other traffic is rejected
· Easy to set up and manage
· Low cost and minimal impact on end-user experience
Circuit-level gateway disadvantages
· If they aren‘t used in conjunction with other security technology, circuit-level gateways offer no protection against data leakage from devices within the firewall
· No application layer monitoring
· Requires ongoing updates to keep rules current
3. application-level gateway (proxy firewall)
Proxy firewalls also known as web application or application layer firewalls, proxy firewalls route data packets through separate proxy servers.Proxy firewalls operate at the application layer. They filter by destination port, but also assess data packets using application data. Application layer or proxy firewalls arewell-suited to protecting services that are vulnerable to web threats. For example, they provide extra protection against phishing attacks via malicious links.
Application-level gateway advantages
· Examines all communications between outside sources and devices behind the firewall, checking not just address, port and TCP header information, but the content itself before it lets any traffic pass through the proxy
· Provides fine-grained security controls that can, for example, allow access to a website but restrict which pages on that site the user can open
· Protects user anonymity
Application-level gateway disadvantages
· Can inhibit network performance
· Costlier than some other firewall options
· Requires a high degree of effort to derive the maximum benefit from the gateway
· Doesn‘t work with all network protocols
4 . Stateful inspection firewalls
Stateful inspection firewalls add another level of sophistication to firewall protection. Standard firewalls are stateless. They make decisions based on inputs, with no further requests for information. Stateful firewalls take inputs and interrogate them. State-aware devices not only examine each packet, but also keep track of whether or not that packet is part of an established TCP or other network session. This offers more security than either packet filtering or circuit monitoring alone but exacts a greater toll on network performance. Most organizations benefit from the use of a stateful inspection firewall. These devices serve as a more thorough gateway between computers and other assets within the firewall and resources beyond the enterprise. They also can be highly effective in defending network devices against particular attacks, such as DoS
Advantages of using stateful inspection firewalls:
· Combine contextual data with packet inspection and IP checking. This delivers robust security compared with other firewall variants.
· Users can collect data logs to use in threat analysis.
· Users enjoy extended control over network traffic with more options to customize their firewall settings.
Disadvantages of stateful inspection firewalls:
· High data requirements. Stateful inspection firewalls can compromise network speeds due to resource overheads.
· Expensive to implement and complex to maintain.
5. Next-generation firewall
A typical NGFW combines packet inspection with stateful inspection and also includes some variety of deep packet inspection (DPI), as well as other network security systems, such as an IDS/IPS, malware filtering and antivirus. Generally, an NGFW will blend packet inspection with the contextual controls offered by stateful firewalls. NGFWs are an essential safeguard for organizations in heavily regulated industries, such as healthcare or finance
NGFW advantages
· Combines DPI with malware filtering and other controls to provide an optimal level of filtering
· Tracks all traffic from Layer 2 to the application layer for more accurate insights than other methods
· Can be automatically updated to provide current context
NGFW disadvantages
· In order to derive the biggest benefit, organizations need to integrate NGFWs with other security systems, which can be a complex process
· Costlier than other firewall types
 |
Go to notes |  |