Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

CS Firewalls

Firewalls

Firewalls are a key component of network architecture, designed to block all network traffic except what is explicitly allowed. Operating at Layer 4, they typically manage TCP and UDP access to internal resources. Next-Generation Firewalls extend control across all OSI model layers, including Layer 7.

Traffic entering the network through a firewall is referred to as ingress traffic, while outgoing traffic is called egress.

Layer 4 Firewall

A traditional Layer 4 firewall includes features such as:

  • NAT (Network Address Translation)
  • Routing
  • Blocking or allowing traffic
  • Tracking active network connections
  • Supporting VPN connections
Note: These firewalls are generally more affordable and provide greater throughput on the network compared to more advanced Next-Generation Firewalls.

NGFW (“Next-Generation Firewalls”)

A modern firewall offers a broader range of capabilities than a traditional Layer 4 firewall, primarily focused on enhanced security features.

A Next-Generation Firewall (NGFW) can track active network connections, but it also has the ability to monitor:

  • Locations through geo-location databases, allowing the firewall to block or allow actions based on user location. However, location services may not always be precise and can often be circumvented using VPNs or jump stations.
  • Users
  • Applications
  • Sessions
  • Ports and services
  • IP addresses

Additional features of a Next-Generation Firewall (NGFW) include:

  • The ability to identify and control applications on the network.
  • Virtualization capabilities, allowing it to function as a software firewall.
  • User-friendly and intuitive management interfaces.
  • Support for protection against known threats through an Intrusion Prevention System (IPS).
  • The potential to detect and mitigate unknown threats using sandboxing solutions.
  • Capability to manage unidentified traffic that cannot be associated with a specific application.
  • Features to terminate and inspect encrypted traffic.
  • Control over users, not just systems, through their respective IP addresses.

cyber NGFW

Note: The features available on your NGFW often depend significantly on the licenses purchased and the capabilities of the hardware hosting the firewall.