This week’s chapter of Boyle and Panko’s book focuses on Firewalls. Specifically, the chapter details the various types of firewalls, their various uses, and how they are implemented, as well as the strengths and weaknesses of these systems as well as systems like intrusion detection systems. What I found interesting this week was, similar to our reading last week, how these systems can be compromised, specifically by DoS attacks. Because the firewall protocol is scripted to drop packets that it can not safely process, an overflow of information could cause the firewall to drop both legitimate and illegitimate packets alike and therefor create a denial of service. I was happy to hear about the process of Unified Threat Management that exists to aid in these issues. Being able to take a holistic approach to protection of assets and data like UTM calls for can hopefully create smarter and more thorough detection methods that can avoid being overwhelmed by issues that Firewalls currently may face at this time
Hi Andrew,
I agree with you, in this chapter provides a comprehensive exploration of firewall types, uses, implementation, strengths, and weaknesses, including comparisons with intrusion detection systems. The discussion on susceptibility to DoS attacks, where overflow causes packet drops, underscores the need for Unified Threat Management (UTM). UTM’s holistic approach promises smarter, more robust detection methods to mitigate current firewall limitations effectively.
I agree with your analysis of Chapter 6. The chapter provided an in-depth exploration of firewalls, including their strengths, weaknesses, and susceptibility to DoS attacks. It is crucial to note the potential for information overload leading to dropped legitimate packets, which is a significant concern. Unified Threat Management (UTM) as a potential solution is quite promising. Moving towards a more holistic approach to data and asset protection with more ingenious detection methods seems necessary in the evolving landscape of cyber threats.
Agreed Kelly, thanks for your input! I find the balancing act of protecting against legitimate threats but also admitting legitimate information and data to be a fascinating challenge in the IT security field. Attempting to overcome this through evolving methods like UTM is interesting and really shows the flexibility of security systems and methods
Hi Andrew, your summary is quite concise. You are right about how the introduction of Unified Threat Management (UTM) presents an encouraging solution and an integrated approach to safeguarding assets and data. By addressing the limitations of traditional firewall systems, UTM offers the potential to enhance security measures and mitigate the risk of being overwhelmed by evolving threats. This insightful exploration emphasizes the importance of staying abreast of emerging technologies and strategies to effectively safeguard against cybersecurity threats in today’s dynamic digital landscape.
This chapter outlines the pivotal role of firewalls as sentinels guarding network perimeters, although they do not offer absolute security. Firewalls have evolved from providing ingress filtering to encompass egress filtering, protecting against internal and external threats. Various firewall architectures and filtering mechanisms are discussed, highlighting the importance of careful planning and continuous monitoring. Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are explored, with an emphasis on their role in detecting and mitigating attacks. Additionally, the integration of firewalls with antivirus servers and their capability to combat denial-of-service (DoS) attacks are addressed. The chapter underscores the necessity of strong firewall management, including policy definition, configuration, and log analysis. Future challenges, such as the demise of perimeter defense and the need for rapid response to zero-day attacks, prompt consideration of alternative detection methods like anomaly detection to enhance firewall efficacy.
Hi ikenna,
Thanks for bringing up this perspective. This chapter outlines the pivotal role of firewalls as sentinels guarding network perimeters, emphasizing that they do not provide absolute security, but are a crucial component of network defense. Firewalls have evolved from providing ingress filtering to encompass egress filtering, thereby protecting against both internal and external threats. The chapter discusses various firewall architectures and filtering mechanisms, underlining the need for careful planning and continuous monitoring. It explores Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs), emphasizing their role in detecting and mitigating attacks. Furthermore, it addresses the integration of firewalls with antivirus servers and their ability to combat denial-of-service (DoS) attacks. The chapter underscores the necessity of robust firewall management, including policy definition, configuration, and log analysis. Looking forward, the chapter acknowledges future challenges such as the demise of perimeter defense and the need for rapid response to zero-day attacks, prompting a consideration of alternative detection methods like anomaly detection to enhance firewall efficacy.
Hi Ikenna, thank you for bringing this perspective to bare. Of a truth the role of firewalls have really evolved.Howecer, my reservation is that cyber attack in recent times have also evolved from what the traditional firewalls could handle.Especially with the advent of artificial intelligence, I am of the strong view that we have to do more in intrusion detection and prevention systems with strong AI capabilities to match evolving ai-enabled cyber attacks.
Working in the IT industry Firewall is one of the most common terms I hear in my day-to-day work life and it’s something that I always want to learn and know more about. Chapter six delved into firewall technologies. The author talked about different types of firewalls and how they operate. Firewalls are not only used to defend against external attackers by dropping suspicious packets based on the defined rules but they can also help to prevent internal attackers from attackers from attacking other firms(this is very useful to prevent internal hots from becoming bots in the DOS attacks)
I have always thought of application proxy firewalls as a very essential tool as organizations can use them to block malicious web servers, But the author thoroughly explained other uses of application proxy firewalls and the limitations around them. Application firewalls offer both server-side and client-side protection. For Client-side applications proxy firewalls can be used to protect against insider threats exfiltrating sensitive data from the networks or detecting any client misbehaviors and for server-side they can be used to protect the server from malicious clients by inspecting the URL headers and allowing/or disallowing clients form uploading malware or any unapproved content based on the policy and offer protection against some of the most common attacks such as the SQL injections.
As attacks are evolving defense is also evolving, defenders have to come up with more innovative solutions to protect against the evolving threats, Using indicators of compromised and threat intelligence feeds we can use attack signatures and anomaly behaviors to defend against known attacks, the downside with this is IDSs can generate a lot of false positive and can lead to dropping packets that legitimate and this can lead to loss of availability or unintentional denial of services.
The author demonstrated how crucial it is to implement defense in depth mechanisms by having different layers of defense, and multiple firewalls with different functions, setting up a demilitarized zone (DMZ) to separate externally exposed resources so that when one system fails not all parts of the network will be exposed.
I completely agree with the importance of application proxy firewalls albeit with the number of limitations they have. One especially important limitation from application firewalls that I think the book missed is also the most detrimental: single-point-of-failure. Because these firewalls are the middle point between clients and servers, if the firewall fails or goes offline for some reason, network traffic will be heavily impacted. You could implement some way to continue operations despite a specific network outage, but you would need to make sure to understand what specific data is being sent in and out to prevent data leakage or to prevent malicious packets from attacking applications.
The article provides a thorough analysis of firewalls and their various functions. In addition to protecting against external threats, they safeguard against internal attacks and data exfiltration. Application firewalls benefit both server-side and client-side protection, although it’s essential to understand their limitations. As new threats emerge, we must adapt our defensive strategies by incorporating innovative solutions such as threat intelligence and anomaly detection while also being mindful of false positives. The author emphasizes the importance of defense by recommending multiple firewalls with different functions and DMZs to create resilient security layers. By presenting a comprehensive picture, the article enhances our understanding of firewalls and their crucial role in securing IT systems.
This chapter goes into specifics on firewalls, with that being said I took what stood out to me the most but also what put into perspective my day-to-day operations at my job and also how it ties into last week’s topics on Dos attacks. I was intrigued by how in-depth packets are handled in this chapter. It has been at least twenty years since I’ve been in networking and looked at how traffic is examined. Just the way that the packets are inspected, dropped and the many ways you can filter packets coming in and out of the network was interesting. Some of the filtering methods included were SPI stateful packet inspection filtering, static packet filtering, network address translation, application proxy filtering, Intrusion prevention system filtering and Antivirus filtering. Just going over figure 6.5 and 6.6 was challenging from a theory perspective but makes sense so far. In 6.6 it shows that SPI focuses on connections between programs on different hosts. That connection that the hosts use to communicate on is called a socket which it then designates a specific program (designated by a port number) on a specific computer (IP Address). This was the first time that I learned about UDP and ICMP, specifically in the “Packets that do not attempt to open connections” section. These protocols are connectionless, SPI firewalls can handle ICMP and UDP. ICMP uses an echo-echo replay interaction and UDP interactions can also be handled in a similar way as it passes subsequent packets matching this connection. This is explained in more detail on figure 6.8 and it shows how the firewalls drops and logs the packets as it came from a spoofed IP address with the TCP destination port 80 but it also was not a connection-opening attempt, and the packet did not match any row in the connection table, so the firewall dropped it and logged the packet. This makes me think if the connection table can be compromised and what damage can be done if so. I also learned that stateful inspection firewalls also have a simple default behavior for deciding whether to pass packets that do try to open connections. The text goes on and explains that by default on internally, it is acceptable for clients to open connections to external servers which is normal but also by default it stops external hosts from opening connections to internal hosts. This makes me think back to when I first started at Comcast, and we would only open certain ports to clients and most of the SM’s that knew what they were doing networking wise would just then go into the gateway and put it in bridge mode so they can connect their own firewall and set up their own rules of how the traffic is managed on their side of the network. Now that chapter puts that into perspective.
Jeffrey it’s cool to hear how the chapter on firewalls resonated with your day-to-day and brought a fresh perspective to your experiences over the years! You noted packet inspection methods and the intricacies of SPI filtering and how it sheds light on the complexity of managing network traffic. Given your experience and what we’ve read in the text this week what challenges or considerations do you think organizations often overlook when it comes to effectively implementing and maintaining firewalls especially when you consider the potential vulnerabilities in the connection table you mentioned?
Hi Jeffery, it’s interesting how firewalls relate to your everyday work and connects with last week’s topic on DoS attacks. Learning about how packets are managed, like with SPI and network address translation, was really eye-opening. Understanding UDP and ICMP protocols, and how they’re handled by SPI firewalls, added to my understanding of network security. The part about the connection table possibly being compromised got me thinking about security risks. And the default rules about internal and external connections reminded me of similar situations I’ve encountered in my own networking experiences.
Boyle and Panko’s Chapter 6 on Firewalls provides an insightful analysis of the importance of firewalls in maintaining network security. The authors effectively elucidate the different types of firewalls, including packet-filtering, stateful inspection, and application-layer firewalls. They also delve into the intricacies of firewall configuration, highlighting the necessity for proper setup to prevent unauthorized access and data breaches.
The chapter’s emphasis on the essential role of firewalls in protecting an organization’s digital assets is particularly salient in today’s digital age. It underscores the fact that firewalls are not just a luxury, but a necessity for any organization that values its data privacy and security.
Boyle and Panko also highlight the potential pitfalls of improper firewall configuration, a crucial consideration in the broader context of network security. The authors’ tone of voice is professional, making the complex subject matter accessible to a wide range of readers. This chapter serves as a comprehensive guide for both novices and seasoned professionals looking to deepen their understanding of firewalls and their role in network security.
I agree with Michael’s assessment for several reasons. Firstly, the chapter provides a clear and thorough examination of various firewall technologies, which is crucial for understanding the complexities of network security. The differentiation between packet-filtering, stateful inspection, and application-layer firewalls allows readers to grasp each type’s specific functions and advantages, enhancing their ability to make informed decisions regarding their security strategies. Additionally, the chapter focuses on proper firewall configuration, which is a critical aspect of cybersecurity. Even the most advanced technologies can fail to protect digital assets if not correctly set up. This highlights the importance of firewalls and ensuring they are configured to effectively block unauthorized access and potential threats. Moreover, the chapter’s relevance is underscored by the current digital landscape, where data breaches and cyber-attacks are increasingly common, making protecting digital assets more critical than ever. The author’s discussion on the potential pitfalls of improper configuration serves as a valuable caution, reminding organizations of the continuous need for vigilance and expertise in securing their networks. Finally, this complex topic is accessible to a broad audience, from novices to seasoned professionals, spreading awareness and understanding of firewall technologies and their critical role in safeguarding an organization’s information.
I completely agree with your assessment Michael. The author’s analysis provides a thorough examination of the critical role that firewalls play in maintaining network security. The author emphasized the importance of proper configuration as misconfiguration can lead to security flaws.
The key takeaway for me was the danger of traffic overload. When a firewall is overwhelmed by high traffic volume, it will prioritize security by dropping packets it cannot process rather than allowing potentially harmful packets through, ensuring a safe failure. However, this action can inadvertently lead to a denial-of-service attack on the firm itself. It’s crucial for organizations to invest in firewalls with adequate processing power to handle current and anticipated traffic levels. Firewall administrators must also update filtering rules as new threats emerge. Factors contributing to increased demand on firewall processing include growing traffic volumes, evolving threats necessitating additional filtering rules, and spikes in traffic during attacks. Effective firewalls must be capable of filtering traffic at wire speed to maintain security during peak loads.
Hi Chidiebere,
I agree that firewalls need to be not only constantly updated to be ready for emerging threats, but also need to be advanced enough and powerful enough to handle high traffic volume and even packet inspection at high volume to ensure effective protection. There are some strategies that can help firewalls with dealing with large traffic while maintaining high speed packet inspection. One such option is through load balancing which can distribute traffic to several firewalls to load traffic volume evenly. Another option is through caching frequently accessed content to speed up content delivery from servers. However, each approach does have their own share of issues so understanding what option is best for an organization ultimately comes down to an organization’s own capabilities and preferences.
I agree with you, Dropping packets due to overload can lead to unintentional denial of service and unavailability of resources unless those packets come from malicious actors (bots) . Yes staying ahead of emerging threats effectively mitigates evolving security risks and ensures the resilience of the organization’s network infrastructure.
Hello Chidiebrere,
you bring forth an interesting point, that traffic overload is an issue. I think this issue will only continue to get worse as technology becomes more common in our lives. While saying that technology with adequate processing power is important, you also mention that it’s necessary to update filtering rules. I think this is more easily accessible by small companies because a corporation would have zero issues paying millions if not billions to update security protocols. But small businesses would have an easier time updating rules. I wonder what other options that a company can use so they can prepare for traffic overload.
This chapter of the book outlines the purpose of firewalls as well as the functions of firewalls such as packet filtering, packet inspection, network address translation, application proxies, IDS/IPS, and antivirus filtering. The chapter also outlines firewall architectures, management, and problems associated with them. One particular part of this chapter that I found interesting was the overall breakdown of how firewalls work which sometimes is a bit confusing for me. Section 6.1 outlines the basic operation a firewall which goes as followed:
One side of the firewall is an isolated box which contains hardened servers, client PCs, and the log file which contains packets/attempted connections to hardened systems. The firewall is on the border of the box which blocks the outside internet from directly connecting to hardened systems. Whenever a legitimate host or an attacker make a connection through the internet, the connection must pass through the firewall before going to hardened systems. If the packets in the connection are not a provable attack packet, they are passed through via a pass/deny decision. If they are, the packet is denied and not forwarded to the hardened systems. All packets are recorded in the log file whenever they connect to the firewall. Firewalls also have two different types of filtering: ingress where packets entering from outside are examined and egress where packets leaving the network are filtered. Both types are important to securing a network.
It’s great to hear that the breakdown in this chapter helped you better understand firewalls, understanding the basic operations is really foundational in exploring more in-depth. Given your interest in the filtering aspects especially with examination of packets both ingress and egress, do you find that organizations sometimes face challenges in balancing the need for strong security measures while ensuring smooth data flow in and out of their networks?
The best takeaway from Chapter 6 is in Section 6.10, where they talk about the “Death of the Perimeter.” The traditional approach to network security, known as the “castle and moat” model, is becoming obsolete. This model uses a firewall to protect a trusted internal network from an untrusted external world. However, the rise of cloud computing, mobile workforces, and interconnected devices has made this model ineffective. Data and resources are scattered, and users access them from anywhere. This makes it easy for threats to bypass traditional defenses. In light of this shift, a new mindset is required. The zero-trust approach assumes no inherent trust within the network. Therefore, every access attempt must be scrutinized based on the user’s identity, device, and context. Multi-factor authentication, micro-segmentation of resources, and constant monitoring are critical components of this approach. While firewalls remain valuable, they are just one part of a broader strategy that protects individuals, devices, and data wherever they exist. The perimeter may be dead, but security vigilance lives on, adapting to the ever-evolving digital landscape.
Kelly, the “Death of the Perimeter” you mentioned that was notable in this chapter is crucial in highlighting the evolving landscape of network security. It demonstrates the shift towards a zero-trust approach and emphasizes scrutiny based on various factors such as user identity, device, and context. Considering this shift what specific challenges do you foresee in implementing and maintaining a zero-trust security model especially when you consider the balance between robust security measures and ensuring a seamless user experience?
The article provides a thorough analysis of firewalls and their various functions. In addition to protecting against external threats, they safeguard against internal attacks and data exfiltration. Application firewalls benefit both server-side and client-side protection, although it’s essential to understand their limitations. As new threats emerge, we must adapt our defensive strategies by incorporating innovative solutions such as threat intelligence and anomaly detection while also being mindful of false positives. The author emphasizes the importance of defense by recommending multiple firewalls with different functions and DMZs to create resilient security layers. By presenting a comprehensive picture, the article enhances our understanding of firewalls and their crucial role in securing IT systems.
My favorite part of this chapter was the reiteration of defense in depth shown in 6.8 Firewall Architecture, it describes the many layers of defense that is typically implemented in large organizations such as having a border router with a border firewall as well as having internal firewalls to prevent spreading of attacks. It also mentioned that having multiple firewalls and especially host firewalls helps overcome configuration errors on specific firewalls so no system is completely vulnerable to mistakes. The DMZ, the third subnet that contains all of the servers and application proxy firewalls that are accessible to the outsider internet and attackers that faces constant barrage should be especially hardened against attacks.
The idea of defense in depth, which is covered in 6.8 Firewall Architecture, was demonstrated by your response. You’ve emphasized the value of having several lines of defense in big businesses, highlighting essential elements like internal firewalls and border routers with border firewalls to stop attacks from spreading. One way to lessen the impact of setup problems and lower system risk is to discuss the use of several firewalls, including host firewalls. Furthermore, the recognition of the DMZ as a crucial third subnet in need of extra security measures against intrusions demonstrates an awareness of network segmentation and the necessity of safeguarding components that are visible to the outside world.
Overall, I believe your discussion reflects a strong grasp of the layered defense approach and its practical application in ensuring cybersecurity in complex organizational settings.
I agree Alex, particularly I find the charts and models provided to provide a really helpful overview and visualization of these systems. Hearing them described in abstract is very helpful but being able to visualize them like how Panko provides with a more overarching view of the systems allowed me to understand concepts like quarantine and DMzs in this context
Hi Alex,
I like how you detailed the network-securing process using various techniques. All companies should utilize DMZ. The demilitarized zone (DMZ) is significant as most organizations deal with multiple vendors. With DMZ, the vendors can access the resources they need without having full access to the network.
Hello Alex
Initially, I was under the impression that firewalls are simply just one layer of security. It makes sense though why a large organization would have multiple layers within its firewall security. The question I have regarding this is do these companies follow a similar pattern with their multiple layers? I imagine if they did, all an attacker would have to do is figure out the formula for one, then they know how to breach other companies. Even if companies had different layers, how different are they truly?
The most interesting part of this chapter for me was section 6.3, which was on stateful packet inspection. The chapter provides an explanation of SPI for main border firewalls, detailing its basic operation, focus on connections, and the concept of states within a connection. The biggest key point that stood out to me is the analogy of a connection to a telephone call. It highlights the concept of states within the conversation, such as opening, ongoing communication, and ending states, and emphasizes the importance of observing implicit rules of conduct during these states, akin to the examination methods used by SPI depending on the state of the connection. Additionally, it notes that while most packets are handled quickly and simply by SPI firewalls, the processing becomes more complex for packets attempting to open connections, though these constitute only a small portion of overall traffic, thus not heavily burdening SPI firewalls.
Also, the chapter underscores the pivotal role of firewalls as network sentinels, despite their inability to ensure complete security. It delves into their evolution, including egress filtering, to combat both external and internal threats. Various firewall topologies and filtering algorithms are discussed, stressing meticulous planning. Additionally, the chapter highlights the importance of intrusion prevention and detection systems, collaborative efforts with antivirus servers to thwart DoS attacks, and robust firewall management practices.
What seemed to me as being something I constantly heard about(that being firewalls), I looked forward to new concepts to learn for this week’s reading. Application proxy firewalls broadened my understanding of how complex firewalls can be and their role in today’s society. A proxy firewall has two purposes, first is for protecting clients that are internal from external servers, and the second role is to sit between the internal server and external clients, which protects a server. It does this because it goes through the content of client requests. There is more however, I found it interesting how with HTTP, a proxy server can examine the URL, compare it with black listed URLs that contain inappropriate content, and block it. This feature is extremely common everywhere outside of most homes. To simplify it, a proxy program appears to me like an auditor, it audits information that comes through and determines if it’s appropriate to pass through.
Like you point out and what surprised me the most is how in-depth and technical firewalls can be. It makes me think on how alot of the SMBs call me and explain how they are being blocked and its a modem issue vs firewall. Now I have some information to ask, “when is the last time you checked your log file?” At first it may throw them off but at least itll gain some respect on my end and then I can ask who configures their networking equipment.
This is one module I was interested in because I never truly understood how firewalls work and what they do. I never knew that there were different types of firewalls but the reading helped provided me with that insight on the different types and how they work. Great summary!
Chapter 6 of Boyle and Panko emphasizes the significance of firewalls within a network. Firewalls help to filter incoming and outgoing traffic. The chapter provides more insights regarding traffic filtering such as network address translation (NAT), application proxy filtering, intrusion prevention filtering, and antivirus filtering.
I found section 6.5 and 6.5 the most interesting on how it broke down how the firewall actually disgudistinguished between the packets, decides to keep it, pass it or log it in the file. I have customer contact me on a daily basis looking to disco their telco services because they think we block certain ports on our modem when in fact once they check their firewall and the ports on there, traffic starts again lol.
Hi Jefferey,
I have also encountered this issue. I’m glad to hear you were able to assist the user. Even though the solution seems easy, some techs fail to realize firewall rules might be blocking traffic.
An essential part of the intrusion detection system are firewalls. They separate networks into those that are trusted and those that are not. Also, when you install firewalls between the network, apps, and databases, they can offer more levels of protection. Although they are not 100% effective in stopping harmful activity, firewalls do contribute to the multi-layered security mechanism.
I found the filtering part fascinating and how it would hold or drop packets and make a log file for that. It makes me think of the day to day or hour to hour “rounds” an auditor or cyber professional would have to do in order to keep up with the network traffic. Like you pointed out as well, firewalls are just part of the equation in the multi layered security environment.
While the chapter talks about different aspects of firewalls and how they help to secure your network. The chapter talks about basic firewall operation and then goes into detail on about static pack filtering, network address translation, filtering, and architectures. The chapter ends describing firewall management and closing on the difficulties with using firewalls.
What caught my eye was the In the News portion. I always find it interesting when companies report an incident how it is often human error that is the cause. Like in the Capitol One incident where a misconfigured firewall was the reason Capitol One lost over 100 million records. I also found it enlightening that 59 percent of the free VPN services are linked to China and most have subpar privacy policies. China who fines it’s citizens for using VPNs. Ironic.
Andrew Young says
This week’s chapter of Boyle and Panko’s book focuses on Firewalls. Specifically, the chapter details the various types of firewalls, their various uses, and how they are implemented, as well as the strengths and weaknesses of these systems as well as systems like intrusion detection systems. What I found interesting this week was, similar to our reading last week, how these systems can be compromised, specifically by DoS attacks. Because the firewall protocol is scripted to drop packets that it can not safely process, an overflow of information could cause the firewall to drop both legitimate and illegitimate packets alike and therefor create a denial of service. I was happy to hear about the process of Unified Threat Management that exists to aid in these issues. Being able to take a holistic approach to protection of assets and data like UTM calls for can hopefully create smarter and more thorough detection methods that can avoid being overwhelmed by issues that Firewalls currently may face at this time
Ikenna Alajemba says
Hi Andrew,
I agree with you, in this chapter provides a comprehensive exploration of firewall types, uses, implementation, strengths, and weaknesses, including comparisons with intrusion detection systems. The discussion on susceptibility to DoS attacks, where overflow causes packet drops, underscores the need for Unified Threat Management (UTM). UTM’s holistic approach promises smarter, more robust detection methods to mitigate current firewall limitations effectively.
Kelly Conger says
Andrew,
I agree with your analysis of Chapter 6. The chapter provided an in-depth exploration of firewalls, including their strengths, weaknesses, and susceptibility to DoS attacks. It is crucial to note the potential for information overload leading to dropped legitimate packets, which is a significant concern. Unified Threat Management (UTM) as a potential solution is quite promising. Moving towards a more holistic approach to data and asset protection with more ingenious detection methods seems necessary in the evolving landscape of cyber threats.
Andrew Young says
Agreed Kelly, thanks for your input! I find the balancing act of protecting against legitimate threats but also admitting legitimate information and data to be a fascinating challenge in the IT security field. Attempting to overcome this through evolving methods like UTM is interesting and really shows the flexibility of security systems and methods
Chidiebere Okafor says
Hi Andrew, your summary is quite concise. You are right about how the introduction of Unified Threat Management (UTM) presents an encouraging solution and an integrated approach to safeguarding assets and data. By addressing the limitations of traditional firewall systems, UTM offers the potential to enhance security measures and mitigate the risk of being overwhelmed by evolving threats. This insightful exploration emphasizes the importance of staying abreast of emerging technologies and strategies to effectively safeguard against cybersecurity threats in today’s dynamic digital landscape.
Ikenna Alajemba says
This chapter outlines the pivotal role of firewalls as sentinels guarding network perimeters, although they do not offer absolute security. Firewalls have evolved from providing ingress filtering to encompass egress filtering, protecting against internal and external threats. Various firewall architectures and filtering mechanisms are discussed, highlighting the importance of careful planning and continuous monitoring. Intrusion detection systems (IDSs) and intrusion prevention systems (IPSs) are explored, with an emphasis on their role in detecting and mitigating attacks. Additionally, the integration of firewalls with antivirus servers and their capability to combat denial-of-service (DoS) attacks are addressed. The chapter underscores the necessity of strong firewall management, including policy definition, configuration, and log analysis. Future challenges, such as the demise of perimeter defense and the need for rapid response to zero-day attacks, prompt consideration of alternative detection methods like anomaly detection to enhance firewall efficacy.
Michael Obiukwu says
Hi ikenna,
Thanks for bringing up this perspective. This chapter outlines the pivotal role of firewalls as sentinels guarding network perimeters, emphasizing that they do not provide absolute security, but are a crucial component of network defense. Firewalls have evolved from providing ingress filtering to encompass egress filtering, thereby protecting against both internal and external threats. The chapter discusses various firewall architectures and filtering mechanisms, underlining the need for careful planning and continuous monitoring. It explores Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs), emphasizing their role in detecting and mitigating attacks. Furthermore, it addresses the integration of firewalls with antivirus servers and their ability to combat denial-of-service (DoS) attacks. The chapter underscores the necessity of robust firewall management, including policy definition, configuration, and log analysis. Looking forward, the chapter acknowledges future challenges such as the demise of perimeter defense and the need for rapid response to zero-day attacks, prompting a consideration of alternative detection methods like anomaly detection to enhance firewall efficacy.
Michael Obiukwu says
Hi Ikenna, thank you for bringing this perspective to bare. Of a truth the role of firewalls have really evolved.Howecer, my reservation is that cyber attack in recent times have also evolved from what the traditional firewalls could handle.Especially with the advent of artificial intelligence, I am of the strong view that we have to do more in intrusion detection and prevention systems with strong AI capabilities to match evolving ai-enabled cyber attacks.
Michael Obiukwu says
Kindly ignore the earliest comment. Draft error.
Mariam Hazali says
Working in the IT industry Firewall is one of the most common terms I hear in my day-to-day work life and it’s something that I always want to learn and know more about. Chapter six delved into firewall technologies. The author talked about different types of firewalls and how they operate. Firewalls are not only used to defend against external attackers by dropping suspicious packets based on the defined rules but they can also help to prevent internal attackers from attackers from attacking other firms(this is very useful to prevent internal hots from becoming bots in the DOS attacks)
I have always thought of application proxy firewalls as a very essential tool as organizations can use them to block malicious web servers, But the author thoroughly explained other uses of application proxy firewalls and the limitations around them. Application firewalls offer both server-side and client-side protection. For Client-side applications proxy firewalls can be used to protect against insider threats exfiltrating sensitive data from the networks or detecting any client misbehaviors and for server-side they can be used to protect the server from malicious clients by inspecting the URL headers and allowing/or disallowing clients form uploading malware or any unapproved content based on the policy and offer protection against some of the most common attacks such as the SQL injections.
As attacks are evolving defense is also evolving, defenders have to come up with more innovative solutions to protect against the evolving threats, Using indicators of compromised and threat intelligence feeds we can use attack signatures and anomaly behaviors to defend against known attacks, the downside with this is IDSs can generate a lot of false positive and can lead to dropping packets that legitimate and this can lead to loss of availability or unintentional denial of services.
The author demonstrated how crucial it is to implement defense in depth mechanisms by having different layers of defense, and multiple firewalls with different functions, setting up a demilitarized zone (DMZ) to separate externally exposed resources so that when one system fails not all parts of the network will be exposed.
Kenneth Saltisky says
Hi Mariam,
I completely agree with the importance of application proxy firewalls albeit with the number of limitations they have. One especially important limitation from application firewalls that I think the book missed is also the most detrimental: single-point-of-failure. Because these firewalls are the middle point between clients and servers, if the firewall fails or goes offline for some reason, network traffic will be heavily impacted. You could implement some way to continue operations despite a specific network outage, but you would need to make sure to understand what specific data is being sent in and out to prevent data leakage or to prevent malicious packets from attacking applications.
Kelly Conger says
Mariam,
The article provides a thorough analysis of firewalls and their various functions. In addition to protecting against external threats, they safeguard against internal attacks and data exfiltration. Application firewalls benefit both server-side and client-side protection, although it’s essential to understand their limitations. As new threats emerge, we must adapt our defensive strategies by incorporating innovative solutions such as threat intelligence and anomaly detection while also being mindful of false positives. The author emphasizes the importance of defense by recommending multiple firewalls with different functions and DMZs to create resilient security layers. By presenting a comprehensive picture, the article enhances our understanding of firewalls and their crucial role in securing IT systems.
Jeffrey Sullivan says
This chapter goes into specifics on firewalls, with that being said I took what stood out to me the most but also what put into perspective my day-to-day operations at my job and also how it ties into last week’s topics on Dos attacks. I was intrigued by how in-depth packets are handled in this chapter. It has been at least twenty years since I’ve been in networking and looked at how traffic is examined. Just the way that the packets are inspected, dropped and the many ways you can filter packets coming in and out of the network was interesting. Some of the filtering methods included were SPI stateful packet inspection filtering, static packet filtering, network address translation, application proxy filtering, Intrusion prevention system filtering and Antivirus filtering. Just going over figure 6.5 and 6.6 was challenging from a theory perspective but makes sense so far. In 6.6 it shows that SPI focuses on connections between programs on different hosts. That connection that the hosts use to communicate on is called a socket which it then designates a specific program (designated by a port number) on a specific computer (IP Address). This was the first time that I learned about UDP and ICMP, specifically in the “Packets that do not attempt to open connections” section. These protocols are connectionless, SPI firewalls can handle ICMP and UDP. ICMP uses an echo-echo replay interaction and UDP interactions can also be handled in a similar way as it passes subsequent packets matching this connection. This is explained in more detail on figure 6.8 and it shows how the firewalls drops and logs the packets as it came from a spoofed IP address with the TCP destination port 80 but it also was not a connection-opening attempt, and the packet did not match any row in the connection table, so the firewall dropped it and logged the packet. This makes me think if the connection table can be compromised and what damage can be done if so. I also learned that stateful inspection firewalls also have a simple default behavior for deciding whether to pass packets that do try to open connections. The text goes on and explains that by default on internally, it is acceptable for clients to open connections to external servers which is normal but also by default it stops external hosts from opening connections to internal hosts. This makes me think back to when I first started at Comcast, and we would only open certain ports to clients and most of the SM’s that knew what they were doing networking wise would just then go into the gateway and put it in bridge mode so they can connect their own firewall and set up their own rules of how the traffic is managed on their side of the network. Now that chapter puts that into perspective.
Alex Ruiz says
Jeffrey it’s cool to hear how the chapter on firewalls resonated with your day-to-day and brought a fresh perspective to your experiences over the years! You noted packet inspection methods and the intricacies of SPI filtering and how it sheds light on the complexity of managing network traffic. Given your experience and what we’ve read in the text this week what challenges or considerations do you think organizations often overlook when it comes to effectively implementing and maintaining firewalls especially when you consider the potential vulnerabilities in the connection table you mentioned?
Nicholas Nirenberg says
Hi Jeffery, it’s interesting how firewalls relate to your everyday work and connects with last week’s topic on DoS attacks. Learning about how packets are managed, like with SPI and network address translation, was really eye-opening. Understanding UDP and ICMP protocols, and how they’re handled by SPI firewalls, added to my understanding of network security. The part about the connection table possibly being compromised got me thinking about security risks. And the default rules about internal and external connections reminded me of similar situations I’ve encountered in my own networking experiences.
Michael Obiukwu says
Boyle and Panko’s Chapter 6 on Firewalls provides an insightful analysis of the importance of firewalls in maintaining network security. The authors effectively elucidate the different types of firewalls, including packet-filtering, stateful inspection, and application-layer firewalls. They also delve into the intricacies of firewall configuration, highlighting the necessity for proper setup to prevent unauthorized access and data breaches.
The chapter’s emphasis on the essential role of firewalls in protecting an organization’s digital assets is particularly salient in today’s digital age. It underscores the fact that firewalls are not just a luxury, but a necessity for any organization that values its data privacy and security.
Boyle and Panko also highlight the potential pitfalls of improper firewall configuration, a crucial consideration in the broader context of network security. The authors’ tone of voice is professional, making the complex subject matter accessible to a wide range of readers. This chapter serves as a comprehensive guide for both novices and seasoned professionals looking to deepen their understanding of firewalls and their role in network security.
Kelly Conger says
I agree with Michael’s assessment for several reasons. Firstly, the chapter provides a clear and thorough examination of various firewall technologies, which is crucial for understanding the complexities of network security. The differentiation between packet-filtering, stateful inspection, and application-layer firewalls allows readers to grasp each type’s specific functions and advantages, enhancing their ability to make informed decisions regarding their security strategies. Additionally, the chapter focuses on proper firewall configuration, which is a critical aspect of cybersecurity. Even the most advanced technologies can fail to protect digital assets if not correctly set up. This highlights the importance of firewalls and ensuring they are configured to effectively block unauthorized access and potential threats. Moreover, the chapter’s relevance is underscored by the current digital landscape, where data breaches and cyber-attacks are increasingly common, making protecting digital assets more critical than ever. The author’s discussion on the potential pitfalls of improper configuration serves as a valuable caution, reminding organizations of the continuous need for vigilance and expertise in securing their networks. Finally, this complex topic is accessible to a broad audience, from novices to seasoned professionals, spreading awareness and understanding of firewall technologies and their critical role in safeguarding an organization’s information.
Mariam Hazali says
I completely agree with your assessment Michael. The author’s analysis provides a thorough examination of the critical role that firewalls play in maintaining network security. The author emphasized the importance of proper configuration as misconfiguration can lead to security flaws.
Chidiebere Okafor says
The key takeaway for me was the danger of traffic overload. When a firewall is overwhelmed by high traffic volume, it will prioritize security by dropping packets it cannot process rather than allowing potentially harmful packets through, ensuring a safe failure. However, this action can inadvertently lead to a denial-of-service attack on the firm itself. It’s crucial for organizations to invest in firewalls with adequate processing power to handle current and anticipated traffic levels. Firewall administrators must also update filtering rules as new threats emerge. Factors contributing to increased demand on firewall processing include growing traffic volumes, evolving threats necessitating additional filtering rules, and spikes in traffic during attacks. Effective firewalls must be capable of filtering traffic at wire speed to maintain security during peak loads.
Kenneth Saltisky says
Hi Chidiebere,
I agree that firewalls need to be not only constantly updated to be ready for emerging threats, but also need to be advanced enough and powerful enough to handle high traffic volume and even packet inspection at high volume to ensure effective protection. There are some strategies that can help firewalls with dealing with large traffic while maintaining high speed packet inspection. One such option is through load balancing which can distribute traffic to several firewalls to load traffic volume evenly. Another option is through caching frequently accessed content to speed up content delivery from servers. However, each approach does have their own share of issues so understanding what option is best for an organization ultimately comes down to an organization’s own capabilities and preferences.
Mariam Hazali says
I agree with you, Dropping packets due to overload can lead to unintentional denial of service and unavailability of resources unless those packets come from malicious actors (bots) . Yes staying ahead of emerging threats effectively mitigates evolving security risks and ensures the resilience of the organization’s network infrastructure.
Hashem Alsharif says
Hello Chidiebrere,
you bring forth an interesting point, that traffic overload is an issue. I think this issue will only continue to get worse as technology becomes more common in our lives. While saying that technology with adequate processing power is important, you also mention that it’s necessary to update filtering rules. I think this is more easily accessible by small companies because a corporation would have zero issues paying millions if not billions to update security protocols. But small businesses would have an easier time updating rules. I wonder what other options that a company can use so they can prepare for traffic overload.
Kenneth Saltisky says
This chapter of the book outlines the purpose of firewalls as well as the functions of firewalls such as packet filtering, packet inspection, network address translation, application proxies, IDS/IPS, and antivirus filtering. The chapter also outlines firewall architectures, management, and problems associated with them. One particular part of this chapter that I found interesting was the overall breakdown of how firewalls work which sometimes is a bit confusing for me. Section 6.1 outlines the basic operation a firewall which goes as followed:
One side of the firewall is an isolated box which contains hardened servers, client PCs, and the log file which contains packets/attempted connections to hardened systems. The firewall is on the border of the box which blocks the outside internet from directly connecting to hardened systems. Whenever a legitimate host or an attacker make a connection through the internet, the connection must pass through the firewall before going to hardened systems. If the packets in the connection are not a provable attack packet, they are passed through via a pass/deny decision. If they are, the packet is denied and not forwarded to the hardened systems. All packets are recorded in the log file whenever they connect to the firewall. Firewalls also have two different types of filtering: ingress where packets entering from outside are examined and egress where packets leaving the network are filtered. Both types are important to securing a network.
Alex Ruiz says
It’s great to hear that the breakdown in this chapter helped you better understand firewalls, understanding the basic operations is really foundational in exploring more in-depth. Given your interest in the filtering aspects especially with examination of packets both ingress and egress, do you find that organizations sometimes face challenges in balancing the need for strong security measures while ensuring smooth data flow in and out of their networks?
Kelly Conger says
The best takeaway from Chapter 6 is in Section 6.10, where they talk about the “Death of the Perimeter.” The traditional approach to network security, known as the “castle and moat” model, is becoming obsolete. This model uses a firewall to protect a trusted internal network from an untrusted external world. However, the rise of cloud computing, mobile workforces, and interconnected devices has made this model ineffective. Data and resources are scattered, and users access them from anywhere. This makes it easy for threats to bypass traditional defenses. In light of this shift, a new mindset is required. The zero-trust approach assumes no inherent trust within the network. Therefore, every access attempt must be scrutinized based on the user’s identity, device, and context. Multi-factor authentication, micro-segmentation of resources, and constant monitoring are critical components of this approach. While firewalls remain valuable, they are just one part of a broader strategy that protects individuals, devices, and data wherever they exist. The perimeter may be dead, but security vigilance lives on, adapting to the ever-evolving digital landscape.
Alex Ruiz says
Kelly, the “Death of the Perimeter” you mentioned that was notable in this chapter is crucial in highlighting the evolving landscape of network security. It demonstrates the shift towards a zero-trust approach and emphasizes scrutiny based on various factors such as user identity, device, and context. Considering this shift what specific challenges do you foresee in implementing and maintaining a zero-trust security model especially when you consider the balance between robust security measures and ensuring a seamless user experience?
Kelly Conger says
Mariam,
The article provides a thorough analysis of firewalls and their various functions. In addition to protecting against external threats, they safeguard against internal attacks and data exfiltration. Application firewalls benefit both server-side and client-side protection, although it’s essential to understand their limitations. As new threats emerge, we must adapt our defensive strategies by incorporating innovative solutions such as threat intelligence and anomaly detection while also being mindful of false positives. The author emphasizes the importance of defense by recommending multiple firewalls with different functions and DMZs to create resilient security layers. By presenting a comprehensive picture, the article enhances our understanding of firewalls and their crucial role in securing IT systems.
Kelly Conger says
This was supposed to be a reply to Mariam. I will post again under her post.
Alex Ruiz says
My favorite part of this chapter was the reiteration of defense in depth shown in 6.8 Firewall Architecture, it describes the many layers of defense that is typically implemented in large organizations such as having a border router with a border firewall as well as having internal firewalls to prevent spreading of attacks. It also mentioned that having multiple firewalls and especially host firewalls helps overcome configuration errors on specific firewalls so no system is completely vulnerable to mistakes. The DMZ, the third subnet that contains all of the servers and application proxy firewalls that are accessible to the outsider internet and attackers that faces constant barrage should be especially hardened against attacks.
Samuel Omotosho says
Hi Alex,
The idea of defense in depth, which is covered in 6.8 Firewall Architecture, was demonstrated by your response. You’ve emphasized the value of having several lines of defense in big businesses, highlighting essential elements like internal firewalls and border routers with border firewalls to stop attacks from spreading. One way to lessen the impact of setup problems and lower system risk is to discuss the use of several firewalls, including host firewalls. Furthermore, the recognition of the DMZ as a crucial third subnet in need of extra security measures against intrusions demonstrates an awareness of network segmentation and the necessity of safeguarding components that are visible to the outside world.
Overall, I believe your discussion reflects a strong grasp of the layered defense approach and its practical application in ensuring cybersecurity in complex organizational settings.
Andrew Young says
I agree Alex, particularly I find the charts and models provided to provide a really helpful overview and visualization of these systems. Hearing them described in abstract is very helpful but being able to visualize them like how Panko provides with a more overarching view of the systems allowed me to understand concepts like quarantine and DMzs in this context
Akintunde Akinmusire says
Hi Alex,
I like how you detailed the network-securing process using various techniques. All companies should utilize DMZ. The demilitarized zone (DMZ) is significant as most organizations deal with multiple vendors. With DMZ, the vendors can access the resources they need without having full access to the network.
Hashem Alsharif says
Hello Alex
Initially, I was under the impression that firewalls are simply just one layer of security. It makes sense though why a large organization would have multiple layers within its firewall security. The question I have regarding this is do these companies follow a similar pattern with their multiple layers? I imagine if they did, all an attacker would have to do is figure out the formula for one, then they know how to breach other companies. Even if companies had different layers, how different are they truly?
Nicholas Nirenberg says
The most interesting part of this chapter for me was section 6.3, which was on stateful packet inspection. The chapter provides an explanation of SPI for main border firewalls, detailing its basic operation, focus on connections, and the concept of states within a connection. The biggest key point that stood out to me is the analogy of a connection to a telephone call. It highlights the concept of states within the conversation, such as opening, ongoing communication, and ending states, and emphasizes the importance of observing implicit rules of conduct during these states, akin to the examination methods used by SPI depending on the state of the connection. Additionally, it notes that while most packets are handled quickly and simply by SPI firewalls, the processing becomes more complex for packets attempting to open connections, though these constitute only a small portion of overall traffic, thus not heavily burdening SPI firewalls.
Ikenna Alajemba says
Also, the chapter underscores the pivotal role of firewalls as network sentinels, despite their inability to ensure complete security. It delves into their evolution, including egress filtering, to combat both external and internal threats. Various firewall topologies and filtering algorithms are discussed, stressing meticulous planning. Additionally, the chapter highlights the importance of intrusion prevention and detection systems, collaborative efforts with antivirus servers to thwart DoS attacks, and robust firewall management practices.
Hashem Alsharif says
What seemed to me as being something I constantly heard about(that being firewalls), I looked forward to new concepts to learn for this week’s reading. Application proxy firewalls broadened my understanding of how complex firewalls can be and their role in today’s society. A proxy firewall has two purposes, first is for protecting clients that are internal from external servers, and the second role is to sit between the internal server and external clients, which protects a server. It does this because it goes through the content of client requests. There is more however, I found it interesting how with HTTP, a proxy server can examine the URL, compare it with black listed URLs that contain inappropriate content, and block it. This feature is extremely common everywhere outside of most homes. To simplify it, a proxy program appears to me like an auditor, it audits information that comes through and determines if it’s appropriate to pass through.
Jeffrey Sullivan says
Like you point out and what surprised me the most is how in-depth and technical firewalls can be. It makes me think on how alot of the SMBs call me and explain how they are being blocked and its a modem issue vs firewall. Now I have some information to ask, “when is the last time you checked your log file?” At first it may throw them off but at least itll gain some respect on my end and then I can ask who configures their networking equipment.
Erskine Payton says
Hi Haslem,
This is one module I was interested in because I never truly understood how firewalls work and what they do. I never knew that there were different types of firewalls but the reading helped provided me with that insight on the different types and how they work. Great summary!
Akintunde Akinmusire says
Chapter 6 of Boyle and Panko emphasizes the significance of firewalls within a network. Firewalls help to filter incoming and outgoing traffic. The chapter provides more insights regarding traffic filtering such as network address translation (NAT), application proxy filtering, intrusion prevention filtering, and antivirus filtering.
Jeffrey Sullivan says
I found section 6.5 and 6.5 the most interesting on how it broke down how the firewall actually disgudistinguished between the packets, decides to keep it, pass it or log it in the file. I have customer contact me on a daily basis looking to disco their telco services because they think we block certain ports on our modem when in fact once they check their firewall and the ports on there, traffic starts again lol.
Akintunde Akinmusire says
Hi Jefferey,
I have also encountered this issue. I’m glad to hear you were able to assist the user. Even though the solution seems easy, some techs fail to realize firewall rules might be blocking traffic.
Samuel Omotosho says
An essential part of the intrusion detection system are firewalls. They separate networks into those that are trusted and those that are not. Also, when you install firewalls between the network, apps, and databases, they can offer more levels of protection. Although they are not 100% effective in stopping harmful activity, firewalls do contribute to the multi-layered security mechanism.
Jeffrey Sullivan says
I found the filtering part fascinating and how it would hold or drop packets and make a log file for that. It makes me think of the day to day or hour to hour “rounds” an auditor or cyber professional would have to do in order to keep up with the network traffic. Like you pointed out as well, firewalls are just part of the equation in the multi layered security environment.
Erskine Payton says
While the chapter talks about different aspects of firewalls and how they help to secure your network. The chapter talks about basic firewall operation and then goes into detail on about static pack filtering, network address translation, filtering, and architectures. The chapter ends describing firewall management and closing on the difficulties with using firewalls.
What caught my eye was the In the News portion. I always find it interesting when companies report an incident how it is often human error that is the cause. Like in the Capitol One incident where a misconfigured firewall was the reason Capitol One lost over 100 million records. I also found it enlightening that 59 percent of the free VPN services are linked to China and most have subpar privacy policies. China who fines it’s citizens for using VPNs. Ironic.