CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [69]
Packet Filter Firewalls
A firewall operating as a packet filter passes or blocks traffic to specific addresses based on the type of application. The packet filter doesn’t analyze the data of a packet; it decides whether to pass it based on the packet’s addressing information. For instance, a packet filter may allow web traffic on port 80 and block Telnet traffic on port 23. This type of filtering is included in many routers. If a received packet request asks for a port that isn’t authorized, the filter may reject the request or simply ignore it. Many packet filters can also specify which IP addresses can request which ports and allow or deny them based on the security settings of the firewall.
Packet filters are growing in sophistication and capability. A packet filter firewall can allow any traffic that you specify as acceptable. For example, if you want web users to access your site, then you configure the packet filter firewall to allow data on port 80 to enter. If every network were exactly the same, firewalls would come with default port settings hard-coded, but networks vary, so the firewalls don’t include such settings.
Real World Scenario
Decide Which Traffic to Allow Through
As an administrator, you need to survey your network and decide which traffic should be allowed through the firewall. What traffic will you allow in, and what will you block at the firewall?
Table 3.1 lists only the most common TCP ports. In the table, check the boxes in the last two columns, indicating whether you’ll allow data using this port through the firewall.
TABLE 3.1 Ports Allowed through the Firewall
Proxy Firewalls
A proxy firewall can be thought of as an intermediary between your network and any other network. Proxy firewalls are used to process requests from an outside network; the proxy firewall examines the data and makes rule-based decisions about whether the request should be forwarded or refused. The proxy intercepts all the packages and reprocesses them for use internally. This process includes hiding IP addresses.
When you consider the concept of hiding IP addresses, think of Network Address Translation (NAT) as it was discussed in the section “Working with Newer Technologies” in Chapter 1, “General Security Concepts.”
The proxy firewall provides better security than packet filtering because of the increased intelligence that a proxy firewall offers. Requests from internal network users are routed through the proxy. The proxy, in turn, repackages the request and sends it along, thereby isolating the user from the external network. The proxy can also offer caching, should the same request be made again, and can increase the efficiency of data delivery.
A proxy firewall typically uses two network interface cards (NICs). This type of firewall is referred to as a dual-homed firewall. One of the cards is connected to the outside network, and the other is connected to the internal network. The proxy software manages the connection between the two NICs. This setup segregates the two networks from each other and offers increased security. Figure 3.3 illustrates a dual-homed firewall segregating two networks from each other.
FIGURE 3.3 A dual-homed firewall segregating two networks from each other
Real World Scenario
Dual-Homed Proxy Firewall
You’re the network administrator of a small network. You’re installing a new firewall server. After you complete the installation, you notice that the network doesn’t appear to be routing traffic through the firewall and that inbound requests aren’t being blocked. This situation presents a security problem for the network because you’ve been getting unusual network traffic lately.
The most likely solution to this problem deals with the fact that the server offers the ability to use IP forwarding in a dual-homed server. IP forwarding bypasses your firewall and uses the server as a router. Even though