A firewall is a device which is used to control the flow of traffic into and out-of network. In other words, it is a security device which installed between two networks, internal network to outside network (more often the internet).
Based on the rule define in the firewall data will be passed to one network to other network.
The primary job of a firewall is to secure the inside network from the internet.
Systems on one side of the firewall are protected from systems on the other side.
Consider LAN is corporate or our campus network and WAN is internet.
If we place firewall between the two networks then it will control the flow of the whole traffic and based on rule define into firewall.
It will allow or deny the traffic.Firewalls generally filter traffic based on two methodologies:
Firewalls generally filter traffic based on two methodologies:
A firewall can allow any traffic except what is specified as restricted part. It depends on the type of firewall used, the source, the destination addresses, and the ports.
A firewall can deny any traffic that does not meet the specific criteria based on the network layer on which the firewall operates.
Firewall is the first destination for the traffic coming to your internal network.
So, anything which comes to your internal network passes through the firewall and any outgoing traffic will also pass through the firewall before leaving your network completely.
This is the reason that sometimes this type of firewall filter is also called screening routers.
Firewall types the way a firewall provides greater protection relies on the firewall itself, and on the policies that are configured on it.
The Following types of firewall are:
Stateful Packet-Inspection (SPI)
"Firewall protects internal network from the external network".
It acts as a shield to protect your system from the untrusted, non-reliable systems connected to the internet.
In technical terms firewall is a piece of software hardware or both that allows only selected packet to pass from the internet to your private system.
Firewall is installed on a standalone system that may or may not be networked i.e. it usually connects to an ISP.
There are two types of firewall
a. Packet filter
b. Application Gateway
a. Packet filter:
A packet filter applies a set of rules to each packet & based on the outcome, divides to either forward or discard the packet. It is also called as screening router or screening filter.
It receives each packet & check with the rule.
Suppose the rule is block all the packets then the firewall will block all the packets to enter the internal system.
A packet filter performs the following functions -
Receive each packet as it arrives.
Pass the packet through a set of rules based on the contents of the IP & transport header fields of the packet if there is a match with one of the set rules, decide whether to a accept or discard the packet based on that rule for example a rule could speccify :
disallow all incoming traffic from an IP address 188.8.131.52 ( this IP address is taken just as an example ) or disallow all traffic that uses UDP as the higher transport layer protocol.
If these is no match with any rule, take the default action. The default can be discard all packets or accepts all packets.
b. Application Gateway :
- Application gateway is also called as 'proxy server', this is because it acts like a proxy & decide about the flow of application level traffic.
Application gateway typically work as follows -
A internal uses contacts the application gateway using a TCP/IP application, such as HTTP or TEL NET.
The application gateway asks the users about the remote host with which the user work to set up a connection for actual communication ( If its domain name or IP address etc). The application gateway also asks for the user id & the password required to access the service of the application gateway.
The user provide this information to the application gateway.
The application gateway new access the remote host on behalf of the user & passes the packets of the user to the remote host.
Some security bugs can’t be identified without sending a payload that exploits a suspected vulnerability.
These types of probes are more accurate they rely on direct observation as opposed to inferring problems based on port numbers or service banners. But they also carry more risk of interrupting the service, because the test payload must be trying to either produce or take advantage of an error in the service’s code.
An easy-to-understand example of a vulnerability probe is an HTML injection check for a web application. Imagine a web app that has a search box for users to find text within its pages.
Typically, such apps report the search term in the web page, such as “Results for ‘zombies’...”.
A snippet of HTML might look like:
<div id="search"><spanclass="results">Results for 'zombies'...</span>
When a web app reflects user-supplied text (such as the search term in the previous example), and that text contains characters that are important to the syntax of HTML (such as the angle brackets used to define tags like <script>), then it’s likely that the app has a vulnerability that would enable an attacker to actually rewrite portions of the web page. An attacker who exploits an HTML injection vulnerability like this could steal data from the user or deface the web site.
So, instead of searching for “zombies” we try searching for “<xss>”. The web app’s HTML now looks like:
<div id="search"><span class="results">Results for '<xss>'...</span>
The hacker can take advantage of vulnerability to compromise the system or network.
The outcome may be to crash the software, causing a denial of service, or retrieve data, like pulling usernames and passwords from a database, or completely compromise the operating system by gaining root or administrator access.
Exploits take many shapes. It can be simple binary shellcode or clever bits of text appended to URL parameters.
Discovering vulnerability typically just means uncovering a software fault. Developing an exploit means taking advantage of that software fault to give the attacker an advantage against the system.