Firewall Principles

Yaser Rahmati | یاسر رحمتی

Firewall principles are fundamental to securing networks by controlling traffic based on a set of rules. Firewalls act as barriers between your internal network and external networks, like the internet, to protect against unauthorized access, attacks, and threats.

Here’s a step-by-step guide to understanding firewall principles:

1. What is a Firewall?

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic. It establishes a barrier between a trusted internal network and untrusted external networks.

Key Functions of a Firewall:

  • Packet Filtering: Analyzes incoming and outgoing packets based on predefined rules.

  • Stateful Inspection: Tracks the state of active connections and makes decisions based on the context of the traffic.

  • Proxy Service: Intercepts all messages entering and leaving the network, effectively hiding the internal network from the outside.

  • Network Address Translation (NAT): Hides internal IP addresses by translating them to a single public IP address.

2. Types of Firewalls

1. Packet-Filtering Firewall:

  • Operates at the Network Layer (Layer 3) and Transport Layer (Layer 4) of the OSI model.

  • Filters traffic based on IP addresses, ports, and protocols.

  • Example: Deny all traffic from a specific IP address or block traffic on a specific port.

2. Stateful Inspection Firewall:

  • Monitors the state of active connections and makes decisions based on the state, port, and IP address.

  • It allows packets that are part of an established connection and denies others.

3. Proxy Firewall:

  • Operates at the Application Layer (Layer 7) of the OSI model.

  • Acts as an intermediary between end-users and the services they access.

  • It can inspect application-level data (e.g., HTTP, FTP) and make more granular decisions.

4. Next-Generation Firewall (NGFW):

  • Combines traditional firewall features with additional capabilities such as intrusion prevention systems (IPS), deep packet inspection (DPI), and application awareness.

5. Hardware vs. Software Firewalls:

  • Hardware Firewalls: Dedicated devices that protect entire networks.

  • Software Firewalls: Installed on individual computers to protect specific devices.

3. Firewall Rules and Policies

Firewalls operate based on a set of rules that determine what traffic is allowed or denied.

Basic Rule Components:

  • Source IP Address: The IP address of the device that sends the traffic.

  • Destination IP Address: The IP address of the device that receives the traffic.

  • Source Port: The port number from which the traffic originates.

  • Destination Port: The port number to which the traffic is addressed.

  • Protocol: The protocol being used (e.g., TCP, UDP, ICMP).

  • Action: The action to take, usually "Allow" or "Deny."

Example of a Simple Firewall Rule:

  • Allow inbound HTTP traffic:

    • Source IP: Any

    • Destination IP: Your server’s IP

    • Protocol: TCP

    • Destination Port: 80

    • Action: Allow

4. Firewall Rule Order and Evaluation

Firewall rules are typically evaluated in order, from top to bottom. The first rule that matches the traffic is applied, and subsequent rules are ignored.

Steps to Create Firewall Rules:

  1. Identify Network Assets: Determine what needs protection (e.g., servers, workstations).

  2. Define Access Needs: Determine who needs access and to what (e.g., allow HTTP traffic to the web server).

  3. Create Specific Rules: Write rules to allow or deny traffic based on IP addresses, ports, and protocols.

  4. Order Rules Correctly: Place more specific rules above general ones.

  5. Test Rules: Apply the rules and test to ensure they work as intended.

  6. Monitor and Update: Regularly review and update rules based on new security needs.

5. Example: Configuring a Simple Firewall on MikroTik

Let’s configure a basic firewall on a MikroTik router:

Step 1: Access the Router

  • Log in to your MikroTik router using Winbox or SSH.

Step 2: Open Firewall Settings

  • Navigate to IP -> Firewall in the left menu.

Step 3: Add Firewall Rules

  1. Deny All Incoming Traffic (Default Deny)

    • Chain: input

    • Action: drop

    • Comment: "Drop all inbound traffic"

    • Place this rule at the bottom.

  2. Allow Established and Related Connections

    • Chain: input

    • Connection State: established, related

    • Action: accept

    • Comment: "Allow established and related connections"

    • Place this rule at the top.

  3. Allow Incoming SSH Traffic

    • Chain: input

    • Protocol: TCP

    • Dst. Port: 22

    • Action: accept

    • Comment: "Allow SSH"

    • Place this rule above the "Drop all inbound traffic" rule.

  4. Allow Incoming HTTP Traffic

    • Chain: input

    • Protocol: TCP

    • Dst. Port: 80

    • Action: accept

    • Comment: "Allow HTTP"

    • Place this rule above the "Drop all inbound traffic" rule.

Step 4: Apply and Test

  • Apply the rules and test by trying to access the router via SSH or HTTP from a remote location. Ensure that other traffic is blocked.

6. Advanced Firewall Concepts

1. NAT (Network Address Translation):

  • Source NAT (SNAT): Modifies the source IP address of outgoing packets (e.g., hiding internal IP addresses).

  • Destination NAT (DNAT): Modifies the destination IP address of incoming packets (e.g., port forwarding).

2. VPN (Virtual Private Network):

  • Integrates with firewalls to allow secure remote access to the network.

3. Intrusion Prevention System (IPS):

  • Works with firewalls to detect and prevent malicious activities.

7. Best Practices

  1. Default Deny: Always start with a default deny rule and explicitly allow necessary traffic.

  2. Least Privilege: Only allow the minimum access required for users and services.

  3. Logging: Enable logging for critical firewall rules to monitor and troubleshoot issues.

  4. Regular Updates: Keep firewall rules and firmware up to date to protect against new threats.

  5. Review and Audit: Regularly review firewall rules to ensure they align with current security policies.

Summary

By understanding and implementing these firewall principles, you can protect your network from unauthorized access and threats. Whether using a simple rule set or a more complex configuration with advanced features, the key is to plan, implement, and regularly review your firewall strategy to maintain a secure network environment.

Keywords

MikroTik, RouterOS, RouterBOARD, wireless networking, ISP, WISP, networking equipment, routers, switches, Cloud Core Router, CCR, SXT, LTE integration, 5G, cybersecurity, network security, networking software, networking hardware, Latvia, John Trully, Arnis Riekstiņš, MikroTik Academy, MUM events, network management, hotspot, VLAN, firewall, VPN, QoS, bandwidth management, traffic shaping, wireless access point, CAPsMAN, WinBox, PoE, mesh networking, routing protocols, MPLS, OSPF, BGP, MikroTik training

میکروتیک, روتر او اس, روتر برد, شبکه بی‌سیم, آی اس پی, وایرلس آی اس پی, تجهیزات شبکه, روترها, سوییچ‌ها, کلود کور روتر, سی سی آر, اس ایکس تی, ادغام ال تی ای, 5G, امنیت سایبری, امنیت شبکه, نرم‌افزار شبکه, سخت‌افزار شبکه, لتونی, جان ترولی, آرنیس ریکسینش, آکادمی میکروتیک, رویدادهای مام, مدیریت شبکه, هات اسپات, وی‌لَن, فایروال, وی‌پی‌ان, کیو‌اُ‌اس, مدیریت پهنای باند, شکل‌دهی ترافیک, نقطه دسترسی بی‌سیم, کپزمن, وین‌باکس, پی او ای, شبکه مش, پروتکل‌های مسیریابی, ام پی ال اس, اُ اس پی اف, بی جی پی, آموزش میکروتیک

External Links

🌐 Personal Website 📄 Resume 🎥 Video Archive 💼 Finance Blog 🔐 Network & Security Notebook 🎬 Aparat Channel

PreviousModule 6 : FirewallNextFirewall (Input Chain)

Last updated