Protect LAN from malicious activity on the Internet
Controls the flow of information in and out from the network
Firewalls can be standalone Network Device or a software on a device (Host-based)
A firewall can operate on Layer 4 through 7 depending on its type and configuration
Host-based Firewall
Windows: Windows Firewall
MacOS: PF (Packet Filtering) - OSX >= 10 & IPFW (IP Firewall)
FreeBSD: PF & IPFW
Linux: iptables
Types of Firewall
Packet Filtering Firewall
Checks packet headers for traffic allowance based on IP addresses and ports
Very basic but fastest
Cannot stop all types of attacks because of limited inspection capabilities
Also called Layer 4 Firewall
Stateful Firewall
Similar to Packet Filtering Firewall but it also tracks the communication session (inbound and outbound connections)
Determines the legitimacy of a requested session by monitoring the 3-way handshake (DoS, DDoS Attack)
Proxy Firewall
Acts as an intermediary between internal and external connections
Circuit Firewall
Operates at Layer 5 (SOCKS Firewall)
Application Layer Firewall
Filters packets based on an application or service
Understands certain protocols (FTP, DNS, HTTP, etc.)
Detects malicious applications and services that tries to bypass it
Operates at Layer 7
Kernel Proxy Firewall
Also called Fifth Generation Firewall
Has minimal impact on network performance while thoroughly inspecting packets across all layers
Next-Generation Firewall (NGFW)
Performs deep Layer 7 packet inspection
Can look through traffic to detect and prevent attacks
Connected to the cloud to get the latest threat information
Can integrate with other security products
Unified Threat Management Firewall (UTM)
Provides the ability to conduct multiple security functions in a single appliance
Includes features of IPS, Antivirus Solutions, VPN, Load Balancer, DLP, etc.
UTM can become a single point of failure for the network
Web Application Firewall (WAF)
Focuses on the inspection of HTTP traffic