πŸ”’ Understanding Firewalls: Your First Line of Defense

Abinesh M
3 min readFeb 6, 2024

--

Hi Heckerss!!

In this blog, we are going to see about Firewall.

Let’s start….!

A firewall acts as a digital gatekeeper, protecting your network from unauthorized access and cyber threats. It monitors and controls incoming and outgoing traffic based on predefined security rules.

Types of Firewalls:

  1. Packet Filtering Firewall: Examines individual data packets and either permits or blocks them based on predefined criteria. πŸ“¦
  2. Stateful Inspection Firewall: Maintains a record of active connections and evaluates incoming packets based on the context of the entire session. 🧠
  3. Proxy Firewall: Acts as an intermediary between internal and external networks, intercepting and filtering requests on behalf of the clients. πŸ›‘οΈ
  4. Next-Generation Firewall (NGFW): Integrates traditional firewall capabilities with advanced features like intrusion detection/prevention and application-level filtering. πŸš€

Firewall Rules:

  1. Allow Inbound HTTP Traffic:
  • Rule Name: Allow_HTTP_Inbound 🌐
  • Action: Allow βœ…
  • Source: Any 🌍
  • Destination: Firewall’s External Interface (e.g., WAN IP) πŸ›‘οΈ
  • Protocol: TCP πŸ”„
  • Destination Port: 80 (HTTP) πŸ”’
  • Description: Permits incoming HTTP traffic from any source to access web services hosted within the network.

2. Deny Outbound SMTP Traffic for Unauthorized Users:

  • Rule Name: Deny_SMTP_Outbound 🚫
  • Action: Deny ❌
  • Source: Internal Network (LAN IP Range) 🏠
  • Destination: Any 🌐
  • Protocol: TCP πŸ”„
  • Destination Port: 25 (SMTP) πŸ“§
  • Description: Blocks outgoing SMTP traffic from internal network devices to prevent unauthorized users from sending emails directly.

3. Allow SSH Access to Specific Server:

  • Rule Name: Allow_SSH_to_Server πŸšͺ
  • Action: Allow βœ…
  • Source: Specific IP Address (e.g., Admin’s IP) πŸ§‘β€πŸ’Ό
  • Destination: Server’s IP Address πŸ–₯️
  • Protocol: TCP πŸ”„
  • Destination Port: 22 (SSH) πŸ”‘
  • Description: Permits SSH access from a designated administrative IP address to manage a specific server securely.

4. Block UDP DNS Queries from External Sources:

  • Rule Name: Block_UDP_DNS_External 🚫
  • Action: Deny ❌
  • Source: Any 🌍
  • Destination: DNS Server (Internal IP) πŸ–₯️
  • Protocol: UDP πŸ”„
  • Destination Port: 53 (DNS) πŸ”’
  • Description: Prevents external sources from sending UDP DNS queries to the internal DNS server, reducing the risk of DNS spoofing or amplification attacks.

5. Allow Outbound HTTPS Traffic with Web Filtering:

  • Rule Name: Allow_HTTPS_Outbound_With_Filtering 🌐
  • Action: Allow βœ…
  • Source: Internal Network (LAN IP Range) 🏠
  • Destination: Any 🌍
  • Protocol: TCP πŸ”„
  • Destination Port: 443 (HTTPS) πŸ”’
  • Description: Enables outbound HTTPS traffic from internal network devices while applying web filtering policies to restrict access to specific categories of websites (e.g., social media, gambling).

Impact Without Firewall: 🚨 Without a firewall, your network is vulnerable to various cyber threats, including:

  • Unauthorized access: Hackers can infiltrate your network and steal sensitive data. πŸ•΅οΈβ€β™‚οΈ
  • Malware infections: Viruses, worms, and other malware can spread freely, causing system damage and data loss.
  • Denial of Service (DoS) attacks: Attackers can flood your network with traffic, disrupting services and rendering them unavailable. β›”
  • Data breaches: Confidential information may be exposed, leading to financial losses and reputational damage. πŸ’Έ

Remediation:

πŸ”’ Implementing a firewall is crucial to mitigate these risks. Here’s how to proceed:

  1. Select the Right Firewall: Choose a firewall type that aligns with your security requirements and network infrastructure.
  2. Configure Firewall Rules: Define clear and effective rules to regulate traffic flow and enforce security policies.
  3. Regular Updates and Monitoring: Keep your firewall software up to date with the latest patches and security updates. Monitor firewall logs for suspicious activity and adjust rules as needed.
  4. Educate Users: Train employees on safe browsing habits and the importance of adhering to security policies to minimize the risk of security breaches. πŸ“š

Okay… will see in the next blog πŸ‘‹πŸ™‹β€β™‚οΈ.

Reach out to me, If you have any queries 🀝

πŸ‘” LinkedIn: Abinesh M

πŸ“± Instagram: Abi_Hecker

--

--