What Is A Firewall and How Its Work?
Today Firewall is depicted as the main component of the security and networks. Firewalls provide a lot of different operations and features. In the old days, the firewall was simply used to block or allow some ports and management of the NAT. In these days there are a lot of different threats where the firewall is used to detect and stop these threats.
Today modern firewall’s provides a lot of different features mainly related to security. Currently, a typical enterprise firewall will have or can provide at least the following features.
- Packet Filtering
- Port Management
- Network Address Translation (NAT)
- Application Gateway
- Web Application Firewall (WAF)
- Intrusion Prevention System (IPS)
- Deep Packet Inspection (DPI)
- SSL/TLS Termination
A typical firewall can filter packets according to different values of the package. This can be very useful for performance and security reasons. A packet can be filtered according to the following properties.
- TCP Source Port
- TCP Destination Port
- IP Source Address
- IP Destination Address
- UDP Source Port
- UDP Destination Port
- TCP Flag
- IP Packet Size
From the start, all firewalls are mainly used to allow or block different ports and network interfaces. A Firewall can operate as an intermediate controller between LAN and Internet. A firewall can also be used between different LAN segments for different security levels. We can enable access for a given port like 80 or 443 HTTP and HTTPS ports which is used by our web application or service. We will also disable all access from the Internet to our LAN.
Network Address Translation (NAT)
Network Address translation or Port Address Translation is very useful and powerful features which are used to manage Ports and IP addresses according to our configuration. We can serve a web service from 8080 to the Internet but this web service can be running on port number 80 in our server which is internally located.
Currently, one of the most dangerous attacks occurs from the web with different techniques like Social Engineering, Drive-By Download, Phishing, Web Browser Exploitation, XSS etc. We generally use Application Gateways in order to prevent the web-based attacks to our internal users. Enterprise firewalls generally provide Application Gateway features as an extra license.
Web Application Firewall
As the web is a very serious attack vector we have to protect and secure our web servers, web applications and web services. Web Application Firewall located between WAN or Internet and our Web Application Server. Every request made to the Web Application will be filtered, allowed or blocked according to the request attributes. Especially web application attacks like SqlInjection, Directory Traversal, Brute Force are stopped and prevented with the Web Application Firewalls.
Intrusion Prevention System (IPS)
Firewalls generally identify and block well known and basic type of attacks. Today world has a lot of different, complicated and advanced attack types which can not be identified by the firewall. Intrusion Prevention System or IPS provides advanced features, techniques, signature, heuristics in order to identify advanced attacks.
Deep Packet Inspection (DPI)
Network packets like TCP, UDP, IP, OSPF, Ethernet are transmitted over the network. If we want to control the network completely we need an inspection of these packets and filter accordingly. Deep Packet Inspection or DPI is a technology which provides detailed information and control about network protocol and packets.
SSL/TLS is a very popular protocol which is used to authenticate web sites and secure by encrypting the traffic. It can create some difficulties with opaque network traffic. SSL/TLS termination is used to inspect SSL/TLS encrypted traffic in a fashionable way without breaking the security of the clients. SSL/TLS will terminate traffic in the firewall and create new SSL/TSL sessions with the other parts which means the web traffic will be transferred in an encrypted way.
What is Next Generation Firewall? Actually, we have defined a Next Generation Firewall up to now with the above features. NGN firewall can provide the following features according to the capabilities and license.
- SSL/TLS Termination
- Deep Packet Inspection
- Intrusion Prevention System
- Web Application Firewall
- Application Gateway
- Load Balancer