Firewalls filter network traffic so that you only receive data that you should be getting. No firewall works perfectly, and a lot of a firewall's effectiveness depends on how you configure it.
The data that your computer sends and receives over the internet or an internal network is comprised of TCP packets and UDP packets. TCP packets can be more effectively filtered by firewalls because they contain more information in their headers.
A firewall system can work on five layers of the OSI-ISO reference model. But most of them run at only four layers i.e. data-link layer, network layer, transport layer, and application layers.
Most of the attack on the network occurs from inside the system so to deal with its Firewall system should be capable of securing from internal threats also.
A demilitarized zone (DMZ) is used by a majority of firewall systems to guard assets and resources. DMZ’s are deployed to give external users access to resources like e-mail servers, DNS servers, and web pages without uncovering the internal network. It behaves as a buffer between distinctive segments in the network.
Each region in the firewall system is allocated a security level. For Example, low, medium, and high. Normally traffic flows from a higher level to a lower level. But for traffic to move from a lower to a higher level, a different set of filtering rules are deployed.
For permitting the traffic to move from a lower security level to a higher security level, one should be precise about the kind of traffic permitted. By being precise we are unlocking the firewall system only for that traffic which is essential, all other kinds of traffic will be blocked by configuration.
A firewall is deployed to separate distinctive parts of the network:
-
Link to the Internet, assigned with the lowest level of security.
-
A link to DMZ assigned a medium-security because of the presence of servers.
-
A link to the organization, situated at the remote end, assigned medium security.
-
The highest security is assigned to the internal network.
Firewall rules can be designed to block, allow, or filter specific TCP/IP ports, block or allow specific IP addresses or address ranges (no class B addresses on our network, thank you very much!), block or allow packets for certain applications if you're using an application firewall, or drop traffic that fits a certain rule to a different port (all traffic from employee gateway IPs goes through port 22 SSH no matter where it comes from!)
How The Rules Will Be Assigned:
-
High to low-level access is allowed
-
Low to high-level access is not allowed
-
Equivalent level access also not allowed
By using the above set of rules, the traffic allowed to automatically flow through the firewall is:
-
Internal devices to DMZ, remote organization, and the internet.
-
DMZ to the remote organization and the internet.
Any other kind of traffic flow is blocked.
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM