BotNet News

Firewall is a software or hardware solution that keeps networks safe from different kinds of cyber threats by monitoring and denying traffic according to pre-defined rules. It maintains a wall of security between internal network devices and other external sources, such as the internet. Without a firewall, the inner network can be attacked by different types of malware, which may cause unauthorized access to important data.

The firewall protects the network by inspecting incoming and outgoing traffic for suspicious patterns of behavior, such as IP spoofing or denial-of-service attacks. It does so by comparing the source and destination addresses of each packet against a set of pre-established criteria. Firewalls also check whether the packet has a valid session initiation protocol (SIP) header, such as TCP, UDP or ICMP. If the header is missing or doesn’t match a pre-established pattern, it will be denied.

Packet filtering firewalls check each incoming packet against a set of rules to detect potentially harmful content, such as viruses and spam. They operate at junction points like routers and switches to inspect data packets on the network’s outer layer.

A more advanced firewall is a stateful inspection firewall. These firewalls keep track of the status of each network connection and can make more complex decisions than the basic packet filtering firewalls. This is because they have a record of each connection, making it easier to find suspicious patterns.

A comprehensive firewall risk assessment plan includes setting stringent firewall policies, identifying potential risks, and mitigating them using the principle of least privilege. It should also include maintaining written documentation of firewall rule changes and hardware alterations. This allows for smooth handovers when firewall administrators change jobs and helps to ensure continuous compliance with PCI DSS.