Most routers can perform stateless packet filtering, the simplest form of firewall. Stateful packet filtering is where the device maintains context about active sessions, using the stated information to control which packets pass through the device. If a packet is received for a connection that hasn’t already been set up, it’s rejected. This means the device understands which connections are currently active.

A device providing stateful packet filtering is considered as a firewall.

Static Packet Filter firewall will look at the header only. Deep packet inspection firewalls will look at the content and this will slow the process. However, it does provide a more reliable security filter.

A proxy server can either be dedicated hardware or software installed on a general-purpose machine. As you’ve seen, it acts as the client to the server and the server to the client. With this functionality a proxy server can, for example, protect a user's IP address from discovery by hackers.

Application firewalls understand the application traffic passing through them, so they work at a higher level than packet filtering firewalls. Rather than allowing or blocking connections according to the packet filtering rules, they inspect the traffic to see if it’s a permitted protocol; this is known as a deep packet inspection. E.g., Realtime Streaming Protocol (RTSP), BitTorrent or FTP could be blocked.

Next-generation firewalls NGFW are a class of firewall that are implemented in either software or hardware and are capable of detecting and blocking complicated attacks by enforcing security measures at the protocol, port and application level.

The difference between a standard firewall and next-generation firewalls is that the latter performs a more in-depth inspection and in smarter ways. Next-generation firewalls also provide additional features like active directory integration support, SSH and SSL/TLS inspection, and malware filtering based on reputation.

Next-generation firewalls are more capable of detecting application-specific attacks than standard firewalls and thus can prevent more malicious intrusions. They do a full-packet inspection by checking the signatures and payload of packets for any anomalies or malware.

Next-generation firewalls also have more application awareness and deploy various techniques for identifying different applications, including Web-based ones. They store the details of approved applications and examine the data packets for any issues. They also keep a baseline for deviations from normal application behaviours, which can help system administrators.

A firewall is an essential part of our network defence and that you may need to employ different types of firewalls, depending on the context. You have also learned that not only can a firewall limit and block threats, but it can also act as an auditing tool by providing logs of user communications. This can serve as an alert to unauthorised user behaviour, as well as being a useful metric in many different contexts.

What's next?

Now that you've been briefed on Firewalls in some detail, you're going to venture into looking at the De-Militarised Zone, or DMZ.

Next: De-militarised zone (DMZ)

Difficulty

Beginner

Duration

31m

Students

Ratings

5/5

Description

In this course you’ll take a deep dive into networks and communications controls, looking at Firewalls, DMZ and VPN among others.

About the Author

Training Provider

Students

38733

Labs

161

Courses

1557

Learning Paths

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.

Contents

Networks and communications

The course is part of this learning path

Firewalls and proxy servers

What's next?