Skip to main content

Firewall-The first defense against Malware

 


Firewall forms the first defense against malware attack on a system. It acts as a security guard scrutinizing inbound/outbound traffic from the web.


ACL (Access List)

The earlier adoption to firewall, they resided in the main router. 

We know data passes digitally in the form of individual packets. They contain information such as source/destination address, data type, bandwidth etc.

ACL would compare each packet to a set of predefined rules, mainly in ascending order (rule1, rule 2...).

If a match is found, the connection is allowed, and no further check is done. If no rule is adhered, the packet is discarded. 

But this provided only basic filtering, and ACL did not care about protocol type like http or https

Also, once the rules were set, it cannot be redefined. To edit one would be to clear the existing set and start from scratch.


The era begins ...

Present firewall came into existence during the late 80s, and graphical user interface (GUI) in the 90s.  Firewall basic working include

  • Rule settings like ACL for packet tracking. They can be modified, without full erasure
  • Can exist in the client side or the router. 
  • Permission set to who can access which system. For example, a sales team cannot access HR server, but an administrator can access both.
  • Outgoing packets are less filtered compared to inbound ones.

Types

1. Packet Filtering Firewall

Done using a set of rules based on protocols, source/destination address, and ports. If guidelines are met, the packet will be allowed else discarded.

2. Stateful Inspection Firewall

Here the state of the packet is checked, and filtering is done based on that. The states include

  • New: The packet is not yet identified in memory, presumed to be a recent connection.
  • Established: The packet address pre exits and needs less filtering.
  • Related: The packet is new but has a connection to an established one. Caution is exercised.
  • Invalid: Rules don't apply or adhered, and packet is discarded  
      

3. Application Layer Firewall

The reach extends to the application layer and is the most secure. The firewall forms a drawbridge between the internal network and the web. All traffic passes through it whether inbound or outbound. Features include

  • IP address of internal network is concealed from view, like a VPN (Virtual Private Network).
  • Any strike against the rules, and the packet gets discarded immediately. 
  • Keeps a cache of frequently visited websites for faster access. This increases speed and bandwidth.   

They are also commonly known as proxy firewalls.

Other variants include software/hardware firewalls, cloud firewalls (Online) etc.


Limitations

  • The initial setup is expensive specially for hardware firewalls.
  • Even though they can block eaves dropping or certain malwares, firewalls are not a comprehensive security package. The end user needs to install antivirus software for advanced protection.
  • Firewall limits their protection circle to a single network. Multiple connections need more of the same.



Additional Information



 

   

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

Virtual Private Network (VPN) - Browsing Anonymous

  Privacy is a major concern when browsing the internet. Your data could be eavesdropped by hackers, companies targeting ads or even rogue state actors. What gets revealed would be personal browsing history, location monitoring, IP addresses to name a few. Enter the tech... Virtual Private Network or simply known as VPN is a technology used to prevent unauthorized access of your private data. Even if a hacker penetrates the network and get hold of data packets, all that is revealed is gibberish.  This is because all the information that passes through your device is encrypted and can be only revealed through a personal key.  Internet Service Provider Before going further, a knowledge of Internet Service Provider (ISP) is needed. They are the backbone of the World Wide Web. ISP provides each device with a unique IP (Internet Protocol) address, bandwidth allocation and network security. When a website is searched, first it goes from your device to the Router or Modem which...
Post a Comment
Read more

Ransomware - Trojan in Disguise

  You log into the computer, and it boots up. But instead of seeing the welcome screen, you get a dialog box.  "Your data has been encrypted. To recover, pay $$ of Bitcoin." The message also has a countdown timer, which indicates a payment deadline.  Passwords, credit card details, personal videos/pictures all have been compromised. The hacker even threatens to leak everything online. What happened...... Ransomware is a type of malware that encrypts personal data and blocks access to a computer/network. To regain control, a ransom needs to be paid. Usually this is through Bitcoin, or other crypto currencies. On payment, a key is given, which decrypts everything, and returns access to the system.  However, you could be placed in a "Sucker's list" which is sold in the dark web. This can attract more ransomware attacks, in future. History.... Originating in the 90s, the attacks were first recorded in Russia. Since then, it has crossed into Europe and North America...
Post a Comment
Read more

Clock Speed - Benchmark for Processors?

Intel i7 - Base Frequency 2.80 GHz, 4.70 GHz (Turbo Frequency) Intel i9 - Base Frequency 2.2 GHz, 5.8 GHz (Turbo Frequency)  AMD Ryzen 7 - Base Frequency 3.4 GHz, 4.6 GHz (Max Boost Clock) Whenever we shop for a laptop or home PC, we note the processor speed. The saying being more the clock speed, higher the performance . However, efficiency of a chip is determined by a range of other factors What is clock speed? The CPU (Central Processing Unit), or processor performs various arithmetic operations, at any given time. This is performed by opening and closing billions of transistors, embedded within it. That constitutes a cycle.  Simply put, clock speed is the number of cycles executed per second ,  calculated in GHz.  So, a processor having 3 GHz speed, performs 3 billion cycles per second. Higher this ratio, better the performance. At least, in paper. But there are other things in play, when looking at the overall functionality.   Multi Core processing A sing...
Post a Comment
Read more