Showing posts with label Firewall Technology. Show all posts
Showing posts with label Firewall Technology. Show all posts

Types of Firewall - Technology

Packet Filter Firewall:
It is a least security type due to lack of broad intelligence
Works at layer 3 of OSI model
Filtering is decided based on Source ip, destination ip source port destination port and  protocol
It doesn’t have a ability to “is this really a smtp packet?”
Drawback:  Less secure

Application firewall:
As name states it works at layer 7. It stays as a middleman and protests the network.
To make it more clear,
Let’s consider you are trying to access a google.com then the request comes to firewall and it proxies the connection.
Drawback:  Very slow and high overhead

Stateful inspection:
Maintain a state table and ensure deep inspection of the packet.
Stateful inspection is developed and patterned by checkpoint
So whenever a connection comes to firewall it will maintain a state table and add a entry about the connection.
Based on this the packet is inspected and filtering decision is made.
Stateful inspection protects network from various external attacks like ip spoofing etc.
So let’s consider port 80 is open for internet access. Then there is chance where anyone can send anything via that port.
OMG!! Then what’s the solution for it.
Stateful inspection is the savior. Even the name looks so promising right!
So when the user in the internal network initiates the traffic then it adds a state table entry. With reference to state table it allows the return traffic.
Ok. I think we all came to a conclusion that stateful inspection is the best technology which can completely protect from attacks.
If so then I am sorry gentleman it is wrong.
Did we think about Trojans and malware which can do lot of harm to you.
Then there is other technology which comes into picture here is Deep Packet Inspection (DPI)
DPI can inspect the data part of the packet and take decisions based on content of the packet.
DPI will combine signature-matching technology with analysis of the data in order to determine the impact of data stream.
So will DPI prevent the network completely?
Answer is “NO” J
Nothing is safe because Black is stronger than white (hat or color).
Ok Guys. Soon we will get deep into the various firewall products available.

No comments:
Labels:

Firewall Basics

Let us start with basics,
Why firewall?
Based on my first blog I am sure we know the answer for this.
To make it in one line “It is required to keep our environment safe”
Ok let’s go deeper.
 What is Firewall?
It is Point at the perimeter where the incoming and outgoing packets are inspected, dropped and logged if required.
At Which Layer it works?
Generally,  the answer is Layer 3 and Layer 4. But in recent days it can work up to application layer.
Guys!  To know more about the OSI Layer refer to wiki link http://en.wikipedia.org/wiki/OSI_model 

Types of Firewall:
ü  Packet Filtering
ü  Application Layer gateway
ü  Stateful inspection firewall

Now I believe you understood the basic stuff about firewall.  I will explain the types and product in my upcoming blogs.








No comments:
Labels:

Network Security

Network Security - This is the common word we come across in our day to day internet experience.

Nowadays most of the IT companies come up with latest technology to fulfill this network security needs.

We need to really think about  below before we access some private data,

Is my network secured?

Am I browsing safely with by personal computer?

What if my account is hacked?

What if my machine is affected by virus?

What if my computer is affected with Trojan? (More serious than virus)

Is someone trying to steal my personal information?



When you try to think about these questions you can understand the importance of network security. Network security can be ensured at various levels with different devices.

Basic well known device which is implemented at the perimeter level is Firewall.

Firewall has lots of latest emerging technologies which is documented in product data sheet and impetmentation guides.

I am sure those stuffs are hard to understand. So I have taken a task to bring this technology visible to everyone in layman language.  

Once we understand that we will keep moving forward to update our knowledge with advanced technologies and different products.


Come lets dive into technology !!!








1 comment:
Labels:
Subscribe to: Posts (Atom)