Network Firewalls: The Ultimate Manual
A strong firewall is a critical part of any system’s security infrastructure, serving as the first line of defense for the web traffic that passes in and out of the network. But what exactly is a firewall and how does it work?
This Nira guide will explore the concept of network firewalls in more detail, plus share a step-by-step rundown to help you configure one on your own.
What Are Network Firewalls Anyway?
Network firewalls are network security devices that monitor incoming and outgoing network traffic. Based on a defined set of security rules, these devices decide whether to allow or block traffic coming from specific sources.
The purpose behind configuring network firewalls is to filter internet transmissions and create a barrier between secured and controlled internal networks, that can be trusted, and unsecured and untrusted outside networks like the internet.
How Network Firewalls Work
A firewall is like a gatekeeper for your internal systems that keep harmful data outside your computer. It monitors unauthorized attempts to gain access to your operating systems while simultaneously blocking unwanted traffic or unrecognized sources.
But how do network firewalls protect your data?
Some of the main cybersecurity risks that network firewalls protect your computer from include macros, spam, viruses, and denial-of-service (DoS) attacks.
Macros are scripts run by applications to automate manual processes and can contain a series of independent steps launched by a single command. Cybercriminals design or purchase macros that work well within specific applications and can be hidden inside seemingly innocent data. However, once macros enter your computer, it’ll wreak havoc on your system. A firewall detects malicious macros as it examines the packets of data that attempt to pass through.
Spam includes links to malicious websites that activate malicious code to force cookies onto your computer. These cookies create backdoors (“doorways“ to applications with vulnerabilities that cybercriminals exploit to gain access inside a network) for hackers to gain access to the computer.
Preventing a spam attack is simple—all you have to do is avoid clicking on anything suspicious in an email, regardless of who the sender appears to be. But you can increase your network protection by installing network files that inspect your emails and prevent your computer from getting infected.
When your computer gets infected with a virus, it starts copying itself and spreading to another device on the network. Cybercriminals generally use viruses to perform a variety of unauthorized activities, ranging from harmless to more serious like erasing data on your computer. Firewalls can inspect data packets for viruses, but cyber security experts recommend using antivirus software in conjunction with a network firewall to maximize your security.
DoS attacks are executed to shut down a network or machine and make it inaccessible to its intended users. Cybercriminals flood the target with traffic or send information that results in a system crash. In both cases, the DDoS attack restricts access to the legitimate users (account holders, members, and employees) of the service or resource. They continually request permission to connect to a server, but when the server responds, it cannot find the system that made the request and eventually gets flooded, rendering it unable to meet the needs of legitimate visitors.
Some firewalls can check whether the connection request is legitimate and hence protect your network from these attacks.
To understand the whole process better, you need to know the main types of network firewalls and how they work to protect your data.
Type 1: Application-Layer Network Firewalls
This type of network firewall includes a hardware appliance, software filter, or server plugin. It combines security mechanisms with defined applications, such as an FTP service, and sets rules for HTTP connections. These rules are built for each application to identify and block attacks on a network or computer.
Type 2: Packet Filtering Network Firewalls
This network firewall carefully examines each package that passes through the network before accepting or denying it as defined by the rules set by the intended user. Packet filtering can be incredibly useful, but properly configuring the device is challenging. Another issue with packet filtering firewalls is that they are more vulnerable to IP spoofing.
Type 3: Circuit Level Network Firewalls
This network firewall type uses a wide range of security mechanisms once a TCP or UDP connection has been made. After the connection gets established, packets are exchanged directly between the hosts without further filtering or oversight.
Type 4: Proxy Server Network Firewalls
This version of a network firewall checks and verifies all messages that enter or leave a network before proceeding to hide the real network addresses from any external inspection. Proxy firewalls also provide additional functionality, including content caching and security by restricting direct connections that aren’t a part of the network.
Type 5: Next Generation Network FirewalI (NGFW)
This network firewall type helps block modern threats, such as application-layer attacks and advanced malware. It filters traffic moving through a network, where the filtering is decided by the applications or traffic types and ports they’re assigned to. What’s more, these firewalls comprise a blend of a standard firewall with additional functionality that facilitates more self-sufficient network inspection.
Type 6: Stateful Network Firewalls
This type of network firewall is commonly referred to as third-generation firewall technology, where the filtering process is designed to accomplish two things: packet tracking of every interaction between internal connections and traffic classification based on the destination port. These recently developed devices help boost visibility and expand access control granularity, meaning the network interactions are no longer defined by port and protocol.
How to Set Up a Network Firewall for Your System
Network firewalls are a great invention, but there’s a bit of work required to make sure your works exactly how you intend it to. Below, we’ve shared a step-by-step tutorial to help you set up a network firewall.
Step 1: Secure Your Firewall
Access to your network firewall should be limited to only those you trust. To prevent your system from getting hacked or limiting the entry of potential attackers, you need to ensure your firewall is secure.
Here are a few tips to help you do that:
- Update your firewall to the latest recommended vendor firmware.
- Change all default passwords, and instead use complex and secure passwords. Be sure to delete, rename, or disabled any default user accounts, too.
- If you have a team managing the firewall, create additional accounts for each member. But limit their access and privileges based on responsibilities. Also, keep track of all the changes made and avoid using shared user accounts.
- Disable simple network management protocol (SNMT) or configure it to use a secure community string.
- Restrict ongoing and incoming network traffic for specific apps or the transmission control protocol (TCP).
- Reduce your attack surface by restricting where people can make changes to your system. For instance, you can limit changes to being only made from trusted subnets within your corporation.
Step 2: Build Firewall Zones and an IP Address Structure
Identifying network assets and resources that need to be protected is a critical step. You have to create a structure that groups corporate assets into firewall zones based on the level of risk and the similarity of functions.
Consider how servers work. You can have email servers, virtual private network (VPN) servers, and web servers placed in a dedicated zone that limits inbound internet traffic also called a demilitarized zone (DMC). The general rule here is the more zones you create, the more secure your network.
That said, having more zones will also demand more maintenance and management. Once a network zone structure is established, you’ll have to develop a corresponding IP address structure that assigns zones to firewall interfaces and subinterfaces.
Step 3: Configure Access Control Lists (ACLs)
Access control lists or ACLs are firewall rules that help organizations determine which traffic needs permission to flow into and out of each network zone.
These rules must be made specific to the exact source and destination port numbers and IP addresses. ACLs also need a “deny all” rule at the end to enable organizations to filter out any unapproved traffic. Additionally, each interface and subinterface requires an inbound and outbound ACL to ensure only approved traffic can enter each zone.
We highly recommend disabling firewall administration interfaces from public access to protect the configuration and disable unencrypted firewall management protocols.
Step 4: Configure Other Firewall Services and Logging
You can configure your firewall to act as a Dynamic Host Configuration Protocol (DHCP) server, Intrusion Prevention System (IPS), Network Time Protocol (NTP) server, and so on. However, if you don’t intend to use the services, make sure you disable them all.
Besides that, the firewall must be configured to report to a login service to comply with PCI DSS (Payment Card Industry Data Security Standard) requirements.
Step 5: Test the Firewall Configuration
At this stage, all the configurations have been made. Next, you want to test them to ensure the firewall is performing as intended and is blocking the correct traffic.
You can use techniques like penetration testing and vulnerability scanning to test configurations. Before you start, back up the consideration in a secure location in case of any failures during the testing process.
Step 6: Facilitate Firewall Management
Once your firewall is configured and running, you have to continually monitor and manage it to ensure the device continues to function as intended. This involves updating firmware, monitoring logs, reviewing configuration rules every six months, performing vulnerability scans, and similar activities.
Documenting the process and managing the configurations continually and diligently is also important to ensure ongoing network protection.