Kinaro's blog of things


June 01, 2019

Firewalls are the most basic line of defense in a network. There are two types of firewalls.

  • Hardware firewall This exists as a device separate from the web server. It is then connected to the server’s uplink and all traffic has to pass through, thus enabling granular control of the kind of traffic that can pass through.This can be servieces such as emails, SSH, FTP. With this configuration, resources are not split between the server software and the firewall. Hardware firewalls can also be configured to filter traffic for multiple servers.
  • Software firewalls The most common type of firewall. Windows Firewall, UFW, and iptables are good examples. The first is only available in Windows OS’s, the latter are common in GNU/Linux servers. Windows firewall automatically updates the rules every time a new application is installed.
    UFW, or Uncomplicated Firewall, is an easy-to-use frontend for iptables available for GNU/Linux. It allows you to allow traffic based on ports or services

Firewall architectures

Packet Filtering Firewalls

The firewall inspects every packet entering the network and either allows it or drops it based on a set of predefined set of rules. This type of firewall is susceptible to IP spoofing attacks, where a malicious actor sends modified packets that seem to originate from a trusted host. Despite being fairly effective and transparent, packet filtering firewalls are difficult to set up.

Proxy server

A proxy server intercepts all incoming and outgoing traffic for a network, effectively hiding the network addresses for all devices. The most common type of proxy server is a NAT or Network Address Translation firewall. Incoming traffic is through a single IP address, and the same is true for all outgoing traffic. One downside of this is that if you have many devices using a single IP, online services may be blocked on suspiscion of being a Denial of Service(DoS) attack due to the large number of packets transmitted.

Next Generation Firewalls

They work by taking into consideration the applications running on a server or traffic to specific ports. They blend firewall features and Quality of Service functionalities in order to provide enhanced protection.