Firewall in Cyber Security
Introduction to Cyber Security
Cyberworld or cyberspace is a market place of all devices and entities that are interconnected using the internet also known the World Wide Web. Communication between different entities in cyberspace, namely, large enterprise systems, financial applications, software as service on the cloud, institutions, small and medium enterprises, self-employed individuals laptops, desktops, mobile applications, are all prone to threats. A threat to an entity in the cyberspace can be:
- Data theft or misuse
- Impersonation or credit/debit card frauds
- Phishing
- Spamming
- Denial of services
Large organizations define a trusted network or a defined private workplace of resources that they require to expose to the external world or public networks for a purpose. All their applications and systems published on the internet or the public are placed within this defined perimeter of the organizations trusted network. Organizations are continually on the lookout for improved methodologies to secure these applications from unwarranted threats. A firewall is one such solution placed at the perimeter of the organizations’ internal trusted network where the user gains access to the application.
What is a Firewall?
A cybersecurity firewall is a network security system which can either be a hardware or software that protects the trusted network from unauthorized access from external networks and external threats.
- It uses the mechanism of filtering of data by using a defined set of policies rules, that help restrict access to the applications and systems
- It acts like a gatekeeper and monitors and control incoming and outgoing network traffic
- Any specific traffic, in the form of requests for access, requests for data, to a resource behind the firewall and inside the trusted network, will be inspected, analyzed and is allowed to pass or blocked based on pre-defined security rules
- The security rules are configured into the firewall and are customizable.
Why Do We Need Firewall in Cyber Security?
Firewalls help in preventing malware and viruses. They can also be useful to stop networking-based attacks and application-layers attacks as they behave like a gatekeeper or a barrier preventing such types of attacks and allowing only genuine and filtered data to pass through.
Unless data packets come or go from a trusted source, they monitor every attempt between our computer and another network. In order to prevent unauthorized access to a private network, we use a network firewall software.
The firewall can be used as a traffic controller on the network that can detect and counter-attack. A firewall can be configured with rules to protect the network and quickly assess and stop any activity which is suspicious from harming the computer.
The risks of not having firewall include:
1. Open Access
Whenever any system is operating without a firewall, it becomes vulnerable and gives access to all the other networks which basically means that it is open to every kind of connection coming from any source through anyone.
If a case like this happens then it becomes difficult to identify threats or any attacks which are being performed on our network. If we are without a firewall, then our devices are open to malicious activities or any destruction caused on our system.
2. Lost or Comprised Data
If we are without a firewall, then we are probably making our devices reachable and accessible by anyone, which means that anyone can have complete control over the network. In this case, cybercriminals can easily delete our data or be used for their personal benefit.
3. Network Crashes
If the firewall is absent from your system, then the network can be accessed or shut down by anyone, which may cost us our valuable time and money in order to get our network working again. Therefore, it is extremely essential to use firewalls and secure our network, computer, and data from any unidentified sources.
How Does Firewall Work?
A firewall safeguards your PC against harmful data by filtering them out of the system. It protects against backdoors, denial-of-service attacks, macros, remote logins, spam, and viruses. A backdoor is a way to gain access to an application with a vulnerability that attackers exploit to gain access.
A DoS attack occurs when a hacker requests permission to connect to a server, but when the server responds, it cannot locate the hacker. When this happens repeatedly, the server gets flooded, and it can no longer meet the needs of legitimate visitors. Your network will be protected from DoS attacks if you have firewalls that check connections to ensure they are legitimate.
Macro scripts are run by applications to automate routine tasks. Malicious macros can be hidden within seemingly innocent data. A firewall can detect malicious macros by examining packets of data. The use of remote logins is often used to assist someone with a computer problem. However, in the wrong hands, they can be used maliciously, especially since remote logins give access to almost all of your computer’s functions.
It is important to not click on anything suspicious in an email, regardless of who the sender appears to be. A firewall can examine all your emails to detect any malwares and prevent your PC from becoming tainted. Spam emails can sometimes contain links to malicious websites. These types of websites activate malicious code which forces cookies onto your computer. These cookies act as backdoors for hackers. Preventing spam attacks is as simple as not clicking on anything suspicious.
Firewalls inspect data packets for viruses, but antivirus software should be used in conjunction with a firewall to maximize your security. Viruses are capable of erasing data on your computer. Viruses can multiply and then spread to other devices on the network thereby harming them.
Types of firewalls
Firewalls could either be software or hardware devices. Software firewalls are computer programs that you can install on user devices. They monitor and regulate network traffic through port numbers and applications. Hardware firewalls are the equipment you establish between your client’s network and the gateway.
Firewalls often differ based on their structure, functionality, and traffic filtering methods. Common firewalls include:
Packet filtering
Packet filtering firewalls analyze small amounts of data before distributing it according to the filter’s standards. This firewall will assess the packets’ source and destination addresses before allowing or blocking their transfer. Packet filtering also monitors the application protocols of data transfer before making a decision.
Proxy service firewall
With a proxy service, network security systems secure your client’s networks while filtering messages at the application layer. This early firewall device serves a specific application as a gateway from one network to another. The device prevents direct connections from outside the network, delivering content caching and security.
Stateful inspection firewall
A stateful inspection firewall involves dynamic packet filtering to monitor active connections and determine network packets that can pass through the firewall. This firewall blocks or allows traffic based on set protocols, states, or ports. It monitors all activity within a network and makes decisions based on defined rules and the context of previous connections and packets.
Next-generation firewall (NGFW)
Next-generation firewalls (NGFWs) offer application-level inspection for all the data packets. Next-gen firewalls can create policies that boost the network security of your clients. Additionally, they can conduct quick network assessments to alert you to invasive or suspicious activity.
Next-generation firewalls also offer application awareness and control to find and block risky apps. Deploying these firewalls gives your clients access to techniques that effectively deal with evolving security threats. Next-generation firewalls feature both standard firewall capabilities as well as integrated intrusion prevention.
Key Components of a Firewall
A firewall is a collection of hardware and software that, when used together, prevent unauthorized access to a portion of a network. A firewall consists of the following components:
1. Hardware
Firewall hardware typically consists of a separate computer or device dedicated to running the firewall software functions.
2. Software
Firewall software provides a variety of applications. In terms of network security, a firewall provides these security controls through a variety of technologies:
- Internet Protocol (IP) packet filtering
- Network address translation (NAT) services
- SOCKS server
- Proxy servers for a variety of services such as HTTP, Telnet, FTP, and so forth
- Mail relay services
- Split Domain Name System (DNS)
- Logging
- Real-time monitoring
Advantages and Disadvantages of Firewall
- For the firewall to be effective, it must be capable of handling all possible external threats.
- There is a disadvantage to firewalls in which they fail to prevent internal threats, virus attacks and authentic mechanisms used by hackers (such as usernames and passwords).
Besides intrusion detection systems and intrusion prevention systems, organizations must implement other mechanisms and controls to protect themselves from these threats. By implementing antivirus and other prevention and detection systems along with firewalls, viruses, trojans, spyware, ransomware, denial-of-service attacks, and malware can be prevented.
Conclusion
Every commercial or application services exposed on the internet will have its own security requirements based on the functionality. A detailed study and feasibility analysis must be done before implementing the most appropriate of security control systems. To beat the world of threats and hackers, the focus has to be on implementation and then continual improvisations to meet all the possible current and future threats. A firewall is one of the many solutions available in today’s world cybersecurity to control these external threats.
References
Authors: Aditya Wanjari, Mohit Lalwani, Nitesh sonawane , Anushka Wankhade.