According to Lesson 10 in the CIS SO- volume 2 firewalls are used block traffic as per security rules, provide transparent protection to internal users, and provide different functionalities and protection levels. In simple terms, a firewall is a security system designed to prevent unauthorized access into or out of a computer network. Firewalls are often used in making sure that internet users who do not have access to private networks can’t get in. A firewall is the first line of defense and provides access control. Firewalls are usually used in conjunction with other perimeter defenses.
There are many types of firewalls on the market today. One is Generation One or packet filtering, which screens routers with a set of Access Control Lists. Packet Filtering is the simplest and least expensive type of firewall. Access decisions are based on network and transport layer header information. Packet Filtering is best used in low-risk environments.
Generation Two or Proxy firewalls act as an “agent” between trusted and untrusted entities. With Proxy firewalls there is no direct communication taking place between the client and the server. A proxy firewall converts public addresses to internal addresses and internal addresses to a public addresses. A proxy firewall’s IP address is exposed to the outside of the network. There are two versions of a proxy firewall, Application-Layer Proxy, and Circuit-Level Proxy.
Generation Three or stateful firewalls make access decisions based on IP addresses, protocol commands, historical comparisons with previously sent packets, and the condition and content of packets. Stateful firewalls use a state engine and create and maintain a state table. Stateful firewalls can monitor the connection between connection-oriented and connectionless protocols.
Generation Four or Dynamic Packet-Filtering firewalls use a combination of application fixes and stateful inspection firewalls. They dynamically change filtering rules based on several different factors.
Generation Five or Kernal Proxy firewall software run on kernels (protected ring) of a system. Kernal Proxy firewalls have direct integration with the operating system and are faster than application-level proxies because the processing is taking place at the core of the operating system.
Understanding how firewalls work, the different kinds, implementation, and how to manage them are vital to a security officer’s job. Understanding how they work and how to use them will help the security officer keep the data safe, mitigate loss and be more informed about what a firewall does. Understanding how a firewall works and what its purpose is will help to maintain the integrity of the network and make sure that things run smoothly and safely. Along with the understanding and knowledge of firewalls, making sure that the correct protocols are in place should there be data loss or a breach will benefit not only the security officer but the data and usage of the organization that they are working for.