NIS

Prof.K.D.Dongare
NIS

SHREE KRUSHNA ENGG CLASSES

Introduction of Firewall in Computer Network

Last Updated : 04 Feb, 2025



A firewall is a network security device either hardware or software-based which monitors all
incoming and outgoing traffic and based on a defined set of security rules it accepts, rejects,
or drops that specific traffic. It acts like a security guard that helps keep your digital world
safe from unwanted visitors and potential threats.
 Accept: allow the traffic
 Reject: block the traffic but reply with an “unreachable error”
 Drop: block the traffic with no reply
A firewall is a type of network security device that filters incoming and outgoing network
traffic with security policies that have previously been set up inside an organization. A
firewall is essentially the wall that separates a private internal network from the open Internet
at its very basic level.

Need For Firewall

Before Firewalls, network security was performed by Access control Lists (ACLs) residing
on routers. ACLs are rules that determine whether network access should be granted or
denied to specific IP address. But ACLs cannot determine the nature of the packet it is
blocking. Also, ACL alone does not have the capacity to keep threats out of the network.
Hence, the Firewall was introduced. Connectivity to the Internet is no longer optional for
organizations. However, accessing the Internet provides benefits to the organization; it also
enables the outside world to interact with the internal network of the organization. This
creates a threat to the organization. In order to secure the internal network from unauthorized
traffic, we need a Firewall.

Prof.K.D.Dongare
NIS

Working of Firewall
 Firewall match the network traffic against the rule set defined in its table. Once the
rule is matched, associate action is applied to the network traffic. For example, Rules
are defined as any employee from Human Resources department cannot access the
data from code server and at the same time another rule is defined like system
administrator can access the data from both Human Resource and technical
department.
 Rules can be defined on the firewall based on the necessity and security policies of the
organization.
 From the perspective of a server, network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic,
originated from the server itself, allowed to pass. Still, setting a rule on outgoing
traffic is always better in order to achieve more security and prevent unwanted
communication. Incoming traffic is treated differently.
 Most traffic which reaches on the firewall is one of these three major Transport Layer
protocols- TCP, UDP or ICMP. All these types have a source address and destination
address. Also, TCP and UDP have port numbers. ICMP uses type code instead of port
number which identifies purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For
this reason, the firewall must always have a default policy. Default policy only consists of
action (accept, reject or drop). Suppose no rule is defined about SSH connection to the server
on the firewall. So, it will follow the default policy. If default policy on the firewall is set
to accept, then any computer outside of your office can establish an SSH connection to the
server. Therefore, setting default policy as drop (or reject) is always a good practice.

Types of Firewall
Firewalls can be categorized based on their generation.

Prof.K.D.Dongare
NIS

1. Packet Filtering Firewall

Packet filtering firewall is used to control network access by monitoring outgoing and
incoming packets and allowing them to pass or stop based on source and destination IP
address, protocols, and ports. It analyses traffic at the transport protocol layer (but mainly
uses first 3 layers). Packet firewalls treat each packet in isolation. They have no ability to tell
whether a packet is part of an existing stream of traffic. Only It can allow or deny the packets
based on unique packet headers. Packet filtering firewall maintains a filtering table that
decides whether the packet will be forwarded or discarded. From the given filtering table, the
packets will be filtered according to the following rules:

 Incoming packets from network 192.168.21.0 are blocked.

 Incoming packets destined for the internal TELNET server (port 23) are blocked.
 Incoming packets destined for host 192.168.21.3 are blocked.
 All well-known services to the network 192.168.21.0 are allowed.

Prof.K.D.Dongare
NIS

2. Stateful Inspection Firewall

Stateful firewalls (performs Stateful Packet Inspection) are able to determine the connection
state of packet, unlike Packet filtering firewall, which makes it more efficient. It keeps track
of the state of networks connection travelling across it, such as TCP streams. So the filtering
decisions would not only be based on defined rules, but also on packet’s history in the state
table.

3. Application Layer Firewall

Application layer firewall can inspect and filter the packets on any OSI layer, up to the
application layer.
It has the ability to block specific content, also recognize when certain application and
protocols (like HTTP , FTP) are being misused.
In other words, Application layer firewalls are hosts that run proxy servers.
A proxy firewall prevents the direct connection between either side of the firewall, each
packet has to pass through the proxy.
The application level gateway is more secure than packet filtering here it is very easy to
audit all incoming traffics

Advantage

1. Direct connections between internal and external hosts are disallowed.

2. User-level authentication is supported.
3. It has high security than packet filtering
4. It only need to scrutinize a few allowable application
5. It is easy to audit every incoming traffic
6. The application commands are analyzed inside the payload portion of the data packets.

Prof.K.D.Dongare
NIS

5. Circuit Level Gateway Firewall

It can be specialised function that perform an application level gateway for certain
applications

It will not allow end to end TCP connection but it will set up a two TCP connection
One TCP connection between inner host and gateway and One TCP connection between
gateway and outside host

After establishing a two connection the gateway transmit the TCP segment from one
connection to another without examine the content, the security function will check the
connection is allowed

This works as the Sessions layer of the OSI models..It can effortlessly allow data packets to
flow without using quite a lot of computing power. These firewalls are ineffective because
they do not inspect data packets; if malware is found in a data packet, they will permit it to
pass provided that TCP connections are established properly.
Prof.K.D.Dongare
NIS

What Can Firewalls Protect Against?

 Infiltration by Malicious Actors: Firewalls can block suspicious connections,
preventing eavesdropping and advanced persistent threats (APTs).
 Parental Controls: Parents can use firewalls to block their children from accessing
explicit web content.
 Workplace Web Browsing Restrictions: Employers can restrict employees from
using the company network to access certain services and websites, like social media.
 Nationally Controlled Intranet: Governments can block access to certain web
content and services that conflict with national policies or values.

Advantages of Using Firewall

 Protection From Unauthorized Access: Firewalls can be set up to restrict incoming
traffic from particular IP Addresses or networks, preventing hackers or other malicious
actors from easily accessing a network or system. Protection from unwanted access.
 Prevention of Malware and Other Threats: Malware and other threat prevention:
Firewalls can be set up to block traffic linked to known malware or other security
concerns, assisting in the defense against these kinds of attacks.
 Control of Network Access: By limiting access to specified individuals or groups for
particular servers or applications, firewalls can be used to restrict access to particular
network resources or services.
 Monitoring of Network Activity: Firewalls can be set up to record and keep track of
all network activity.
 Regulation Compliance: Many industries are bound by rules that demand the usage
of firewalls or other security measures.
 Network Segmentation: By using firewalls to split up a bigger network into smaller
subnets, the attack surface is reduced and the security level is raised.

Disadvantages of Using Firewall

 Complexity: Setting up and keeping up a firewall can be time-consuming and
difficult, especially for bigger networks or companies with a wide variety of users and
devices.
 Limited Visibility: Firewalls may not be able to identify or stop security risks that
operate at other levels, such as the application or endpoint level, because they can only
observe and manage traffic at the network level.
 Limited adaptability: Because firewalls are frequently rule-based, they might not be
able to respond to fresh security threats.
 Performance Impact: Network performance can be significantly impacted by
firewalls, particularly if they are set up to analyze or manage a lot of traffic.
 Limited Scalability: Because firewalls are only able to secure one network,
businesses that have several networks must deploy many firewalls, which can be
expensive.
 Limited VPN support: Some firewalls might not allow complex VPN features like
split tunneling, which could restrict the experience of a remote worker.
 Cost: Purchasing many devices or add-on features for a firewall system can be
expensive, especially for businesses.
Prof.K.D.Dongare
NIS

Firewall Policies

Policy allow all type of traffic but block some services like tailnet /snmp and port number
those are use by attacker

Restrictive policy block all the traffics passing through firewall and allow only traffic which
are useful such as http p o o P3 SMTP or ssh

If network administrator forgot to block something then it might be explode after sometime
without your knowledge

The most secure option is block everything that is suspecious and after complaining by
someone you can allow the protocols

Following are the typical firewall rule set

Firewall allow http FTP ssh DNS protocol to communicate from internal network to internet

Firewall allow SMTP protocol to communicate to mail server from anywhere

Firewall allow SMTP and DNS protocol to communicate for male server to internet

firewall allow SMTP and poo3 protocols to communicate from inside to male server

firewall allow only reply packets

Firewall can block everything else

Prof.K.D.Dongare
NIS

Firewall configurations

There are 3 common firewall configurations.

1. Screened host firewall, single-homed basiton configuration
2. Screened host firewall, dual homed basiton configuration
3. Screened subnet firewall configuration

1. Screened host firewall, single-homed basiton configuration

In this configuration, the firewall consists of two systems: a packet filtering router and a
bastion host or application level getway. Typically, the router is configured so that

o For traffic from the internet, only IP packets destined for the basiton host are allowed in.

o For traffic from the internal network, only IP packets from the basiton host are llowed out.

Packet filter router will ensure that the incoming traffic is allowed only if it intended for the
application gateway by examine the destination address field of each its coming packet

It will also ensure that the outgoing traffic is allow only if the organised from application
level gateway by examining the source address field of every outgoing IP packets

The basiton host performs authentication and proxy functions. This configuration has greater
security than simply a packet filtering router or an application level gateway alone, for two
reasons:
· This configuration implements both packet level and application level filtering,
allowing for considerable flexibility in defining security policy.

· An intruder must generally penetrate two separate systems before the security of the
internal network is compromised.

Prof.K.D.Dongare
NIS
Advantage

1. It improve security of the network by performing cheque at both level packet and
application level

2. It provide flexibility to the network administrator to define more security policies

Disadvantages:-
internal user are connected to the application gateway as well as the packet filter router so if
anyhow the packet filter is attacked then the whole internal network is expose to the tracker

2. Screened host firewall, dual homed basiton configuration

In the previous configuration, if the packet filtering router is compromised, traffic could flow
directly through the router between the internet and the other hosts on the private network.
This configuration physically prevents such a security break.

Prof.K.D.Dongare
NIS

3. Screened subnet firewall configuration

In this configuration, two packet filtering routers are used, one between the basiton host and
internet and one between the basiton host and the internal network.
This configuration creates an isolated subnetwork, which may consist of simply the basiton
host but may also include one or more information servers and modems for dial-in capability.
Typically both the internet and the internal network have access to hosts on the screened
subnet, but traffic across the screened subnet is blocked. This configuration offers several
advantages:
· There are now three levels of defence to intruders.

· The outside router advertises only the existence of the screened subnet to the internet;
therefore the internal network is invisible to the internet.

This type of configuration of a highest security among the possible configuration

In this type two packets filters are used one between the internet and application gateway and
other in between application gateway and internet network

Prof.K.D.Dongare
NIS
Limitations of firewall

· The firewall cannot protect against attacks that bypass the firewall. Internal systems
may have dial-out capability to connect to an ISP. An internal LAN may support a modem
pool that provides dial-in capability for traveling employees and telecommuters.

· The firewall does not protect against internal threats. The firewall does not protect
against internal threats, such as a disgruntled employee or an employee who unwittingly
cooperates with an external attacker.

· The firewall cannot protect against the transfer of virus-infected programs or files.
Because of the variety of operating systems and applications supported inside the perimeter,
it would be impractical and perhaps impossible for the firewall to scan all incoming files, e-
mail, and messages for viruses.

DMZ Demilitarized zone

Prof.K.D.Dongare
NIS

Packet filtering firewall

https://www.youtube.com/watch?v=o_vyfo3Hw0Y

Prof.K.D.Dongare