Question

what is the function of firewall

Answer 1

firewall in layman language is bodyguard for your windows operating system. It protects your OS from wrong usage and defend your system from unauthorised use.

Answer 2

Firewalls can be an effective means of protecting a local system or network of systems from network-based security threats while at the same time affording access to the outside world via wide area networks and the Internet.

Now Here’s the Catch It not only define rules to prevent certain set of Ip addresses/protocols or ports but also define rules to access different type of Service

Firewall provides four type of controls:

• Service control: Determines the types of Internet services that can be accessed, inbound(packets which are coming inside the network) or outbound(packets which are going outside the network).

For Example: In many companies services like Gmail and Facebook are not accessible if you use company’s wifi network because firewall is keeping a check on outbound network(This may vary from company to company).

• Direction control: Determines the direction in which particular service requests may be initiated and allowed to flow through the firewall.

• User control: Controls access to a service according to which user is attempting to access it.This feature is typically applied to users inside the firewall perimeter (local users).It may also be applied to incoming traffic from external users.

For Example: Many companies have inbuilt policies of Web content filtering based on the position of an Employee/or a particular department.

Mr X(Manager ) might have access to Quora but a trainee might not have for the same.

• Behavior control: Controls how particular services are used.For example,the firewall may filter e-mail to eliminate spam,or it may enable external access to only a portion of the information on a local Web server.

According to the National Institute of Standards and Technology (NIST) 800-10 firewall can be of three types:

Packet FilterStateful InspectionsProxy

Note: These three categories of firewall may or may not be mutually exclusive. In real world scenario we use mix of firewalls.

Packet Filter firewall: In Packet filter firewall each packet(incoming or outgoing) is compared to certain set of rules(As defined by the administrator) before it is forwarded.

If the packet seems to follow the rule/criteria, packet is forwarded and if it does not then packet gets dropped.

Rules may include:

Source Ip address or destination Ip addressSource port and the destination portProtocol or services allowed

These rules differ from company to company and there’s no set criteria or an ideal model to follow.

Packet filter firewalls are generally susceptible to attacks which takes advantage of vulnerabilities within TCP IP specifications.

For Example: If an intruder spoofs source ip address most packet layer firewalls are unable to detect it. Packet layer firewalls are unable to check whether the packet header is spoofed or not ,henceforth used by many attackers to bypass security of an organisation.Because of this many firewalls maintain state information of every packet that is traversed through the firewall.

2. Stateful Inspections:

It is a Packet filter firewall with an additional functionality of maintaining state of connections(for each packet) and blocking packets which deviates from their ideal state.

Three major states exist for TCP traffic

1. Connection establishment,

2. Usage

3. Termination

For example, an attacker could generate a packet with a header indicating it is part of an established connection(Let’s say the attacker spoofed an ip of internal connection), in hopes it will pass through a firewall. If the firewall uses stateful inspection, it will first verify that the packet is part of an established connection listed in the state table.

If it is already a part of established connection that means someone is trying to gain unauthorized access and packet will be dropped.

3. Application-Level Proxy:

These firewalls contain a proxy agent that acts as an intermediary between two hosts that wish to communicate with each other, and never allows a direct connection between them. Each successful connection attempt actually results in the creation of two separate connections—one between the client and the proxy server, and another between the proxy server and the true destination.

The proxy is meant to be transparent to the two hosts—from their perspectives there is a direct connection. Because external hosts only communicate with the proxy agent, internal IP addresses are not visible to the outside world.

The proxy agent interfaces directly with the firewall ruleset to determine whether a given instance of network traffic should be allowed to transit the firewall

hope this will help u