Practical:7

AIM:Study of Firewall in providing network security.

What is Firewall?

A firewall is a network security device, either hardware or software-based, which

monitors all incoming and outgoing traffic and based on a defined set of security
rules accepts, rejects, or drops that specific traffic.
Accept: allow the traffic
Reject: block the traffic but reply with an “unreachable error”
Drop : block the traffic with no reply
A firewall is a type of network security device that filters incoming and outgoing
network traffic with security policies that have previously been set up inside an
organization. A firewall is essentially the wall that separates a private internal
network from the open Internet at its very basic level.
Working of Firewall

Firewall match the network traffic against the rule set defined in its table. Once the
rule is matched, associate action is applied to the network traffic. For example,
Rules are defined as any employee from Human Resources department cannot
access the data from code server and at the same time another rule is defined like
system administrator can access the data from both Human Resource and technical
department. Rules can be defined on the firewall based on the necessity and
security policies of the organization. From the perspective of a server, network
traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing
traffic, originated from the server itself, allowed to pass. Still, setting a rule on
outgoing traffic is always better in order to achieve more security and prevent
unwanted communication. Incoming traffic is treated differently. Most traffic
which reaches on the firewall is one of these three major Transport Layer
protocols- TCP, UDP or ICMP. All these types have a source address and
destination address. Also, TCP and UDP have port numbers. ICMP uses type code
instead of port number which identifies purpose of that packet.

Types of Firewall

1) Packet Filtering Firewall

Packet filtering firewall is used to control network access by monitoring outgoing

and incoming packets and allowing them to pass or stop based on source and
destination IP address, protocols, and ports. It analyses traffic at the transport
protocol layer (but mainly uses first 3 layers). Packet firewalls treat each packet in
isolation. They have no ability to tell whether a packet is part of an existing stream
of traffic. Only It can allow or deny the packets based on unique packet headers.
2) Proxy Service Firewall

This kind of firewall filters communications at the application layer, and protects
the network. A proxy firewall acts as a gateway between two networks for a
particular application.

Advantages of Using Firewall

• Protection From Unauthorized Access: Firewalls can be set up to restrict

incoming traffic from particular IP addresses or networks, preventing hackers or
other malicious actors from easily accessing a network or system. Protection
from unwanted access.
• Prevention of Malware and Other Threats: Malware and other threat
prevention: Firewalls can be set up to block traffic linked to known malware or
other security concerns, assisting in the defense against these kinds of attacks.
• Control of Network Access: By limiting access to specified individuals or
groups for particular servers or applications, firewalls can be used to restrict
access to particular network resources or services.
• Monitoring of Network Activity: Firewalls can be set up to record and keep
track of all network activity.
• Regulation Compliance: Many industries are bound by rules that demand the
usage of firewalls or other security measures.
• Network Segmentation: By using firewalls to split up a bigger network into
smaller subnets, the attack surface is reduced and the security level is raised.

Disadvantages of Using Firewall

• Complexity: Setting up and keeping up a firewall can be time-consuming and

difficult, especially for bigger networks or companies with a wide variety of
users and devices.
• Limited Visibility: Firewalls may not be able to identify or stop security risks
that operate at other levels, such as the application or endpoint level, because
they can only observe and manage traffic at the network level.
• False Sense of Security: Some businesses may place an excessive amount of
reliance on their firewall and disregard other crucial security measures like
endpoint security or intrusion detection systems.

• Limited adaptability: Because firewalls are frequently rule-based, they might

not be able to respond to fresh security threats.
• Performance Impact: Network performance can be significantly impacted by
firewalls, particularly if they are set up to analyze or manage a lot of traffic.
• Limited Scalability: Because firewalls are only able to secure one network,
businesses that have several networks must deploy many firewalls, which can
be expensive.
• Limited VPN support: Some firewalls might not allow complex VPN features
like split tunneling, which could restrict the experience of a remote worker.
• Cost: Purchasing many devices or add-on features for a firewall system can be
expensive, especially for businesses.