BotNet News

Your source for Online Security News

Firewall

Firewall is one of the most fundamental tools in network security. It sits between your internal systems and untrusted networks (such as the Internet) and decides what to allow through based on predefined rules. Systems administrators use host-based firewalls (such as Windows Firewall or iptables on Linux) to harden their endpoints, and help desk technicians frequently troubleshoot connectivity issues that are caused by misconfigured firewall rules. Firewall concepts are covered in foundational certifications like CompTIA’s Network+ and Security+, and in vendor-specific certs such as Cisco’s CCNA and CCNP Security tracks.

Traditional firewalls work based on rules that examine data packets for patterns of malicious behavior and then allow or deny access based on those results. These rules can be based on IP addresses, protocols, ports and other packet-level details. More advanced firewalls also use threat intelligence to compare packets against a library of known malware signatures. This is known as deep packet inspection. Firewalls can also treat traffic differently based on direction. For example, north-south traffic that comes from outside is more likely to carry threats, so it’s inspected more closely than east-west traffic that moves within the network.

Newer firewalls are powered by machine learning algorithms that can ingest much more data and detect patterns that human analysts might miss. This is called User and Endpoint Behavioural Analysis, or UEBA, and it’s been shown to significantly outperform older technologies when it comes to handling novel (zero day) threats.