Skip to main content

Firewall-The first defense against Malware

 


Firewall forms the first defense against malware attack on a system. It acts as a security guard scrutinizing inbound/outbound traffic from the web.


ACL (Access List)

The earlier adoption to firewall, they resided in the main router. 

We know data passes digitally in the form of individual packets. They contain information such as source/destination address, data type, bandwidth etc.

ACL would compare each packet to a set of predefined rules, mainly in ascending order (rule1, rule 2...).

If a match is found, the connection is allowed, and no further check is done. If no rule is adhered, the packet is discarded. 

But this provided only basic filtering, and ACL did not care about protocol type like http or https

Also, once the rules were set, it cannot be redefined. To edit one would be to clear the existing set and start from scratch.


The era begins ...

Present firewall came into existence during the late 80s, and graphical user interface (GUI) in the 90s.  Firewall basic working include

  • Rule settings like ACL for packet tracking. They can be modified, without full erasure
  • Can exist in the client side or the router. 
  • Permission set to who can access which system. For example, a sales team cannot access HR server, but an administrator can access both.
  • Outgoing packets are less filtered compared to inbound ones.

Types

1. Packet Filtering Firewall

Done using a set of rules based on protocols, source/destination address, and ports. If guidelines are met, the packet will be allowed else discarded.

2. Stateful Inspection Firewall

Here the state of the packet is checked, and filtering is done based on that. The states include

  • New: The packet is not yet identified in memory, presumed to be a recent connection.
  • Established: The packet address pre exits and needs less filtering.
  • Related: The packet is new but has a connection to an established one. Caution is exercised.
  • Invalid: Rules don't apply or adhered, and packet is discarded  
      

3. Application Layer Firewall

The reach extends to the application layer and is the most secure. The firewall forms a drawbridge between the internal network and the web. All traffic passes through it whether inbound or outbound. Features include

  • IP address of internal network is concealed from view, like a VPN (Virtual Private Network).
  • Any strike against the rules, and the packet gets discarded immediately. 
  • Keeps a cache of frequently visited websites for faster access. This increases speed and bandwidth.   

They are also commonly known as proxy firewalls.

Other variants include software/hardware firewalls, cloud firewalls (Online) etc.


Limitations

  • The initial setup is expensive specially for hardware firewalls.
  • Even though they can block eaves dropping or certain malwares, firewalls are not a comprehensive security package. The end user needs to install antivirus software for advanced protection.
  • Firewall limits their protection circle to a single network. Multiple connections need more of the same.



Additional Information



 

   

Labels:

Comments

Post a Comment

Popular posts from this blog

Man In The Middle Attack - EavesDropping in the Digital World

    This is a term used to describe a cyber attack where a hacker acts as middleman, during data transfer between user and an application. The app can be a financial or an E commerce website, Software as a Service (SaaS) etc. The hacker can intercept data passed via the browser to the website, and collect sensitive information such as account and credit card details, user login etc. To put it into context, it is like a postman who reads all the letters addressed to you, then reseals the same, on delivery. This way no one suspects a foul play.   Interception This is the first phase of the attack. Here the hacker establishes a connection with the target device whether a PC, Laptop or Smart phone. This is done   through various methods   like   Free WiFi  : Here a WiFi hot spot is set up  which is not password protected. When a user logs in to the network, they are in essence connecting to the hacker's system. Now any data transfer occurs via this co...
Post a Comment
Read more

X86 vs ARM - The PC War

X86 Vs ARM A Hype?  Recently laptops powered by ARM processors have taken industry by storm. Touted as being highly power efficient, providing 18 hours backup, on as single charge. That too while running multiple program instances. Would this spell an end to the x86 architecture, where Intel and AMD rule. Or will the tables turn around? What's the Difference? Let's start with an x86 based CPU. They feature a single processing unit which can be integrated to other external peripherals like Memory, GPU etc. Here each peripheral has a separate controller, knitted together by address and data BUS. When we look at ARM all the above components (Memory, GPU) are integrated within the main chip. Known commonly as SOC (System on a Chip) . This helps in reduced footprint. But they do come with a drawback. Cannot expand by adding extra peripherals. Coming to complexity, x86 provides a simpler set up, at least for a developer. Here most of the core tasks such as Memory Read/Write, Arithmet...
Post a Comment
Read more

The Brain within an Embedded System-Difference between Microprocessors and Microcontrollers

To understand the working of an Integrated Circuit, we need to first understand what an Embedded System is.  It is basically a conjunction of Hardware and Software parts. Embedded System is a stripped-down version of a mainstream computer, specializing in a single task. They are connected either as a standalone device, or as part of a larger electrical or mechanical system. Mainly in consumer electronics like fridges or microwaves, they have low power rating and, is economical to build. Embedded system performs complex mathematical calculations at any specific time. This is done thru a Central Processing Unit (CPU) , mostly a Microcontroller or at times, a Microprocessor. A Sensor is used to collect data from the external environment Eg: Temperature, atmospheric pressure etc. This is then fed into an Analog to Digital (ADC) converter. The digital signal thus obtained is stored in memory and, decoded by the CPU.  The output of the operation is then fed to a Digital to Analog...
Post a Comment
Read more