Abstract will explain in each one. I




In this report, I will explain what security
technologies are and how firewalls in particular are useful for organisations
or individuals. Firewalls are an essential for computer systems due to the
amount of harm that can be caused with the power of networks in the current
generation we are in.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now


There are a lot of in-depth information to provide
with how firewalls function and what abilities they have, to ensure they can
protect at their highest level. There are many types of firewalls, with
different configurations within them, as they all have a main purpose, which is
to protect, but also have additional parts as they are used for different reasons.
Examples include what the firewall may accept or deny specifically. It also
depends on how secure the administrator of the network wants the firewall to
be, as they may only need a certain type of firewall.


The report will include the types of firewalls used
in networks, as well as what functions they can provide, which I will explain
in each one. I will also provide diagrams to give a better example of how these
work in a network to provide a layout. An example is a client, firewall, and the
internet communicating with each other. 




































What are Security Technologies?




technologies is a field that involves IT and security, due to it getting more
advanced in the past years. This is a field that has techniques involving
cryptography, methods, protocols and communication with networks, to ensure
that they are secure. This is because there are threats that put these at
danger, like viruses and attacks. (Amine,
Ait Mohamed and Benatallah, 2013)


are many ways to protect networks with tools, but this does not mean they are
immune to the penetration of their security. They only assist with helping the
networks secure. With the number of tools increasing that help penetrate
networks, more tools are needed to prevent this happening. (Cisco, n.d.)


































Firewall Objective



firewall is a what is in between the network and another, that filters the
access allowed. There is a protected network and the public network, which is
where the firewall is placed. The job of the firewall is to observe the traffic
the two networks have and to evaluate if the data is according to the criteria it
allows. If it is not, then it is simply disallowed. Firewalls have many
advanced features, such as packet filtering, ports, and filtering for certain
protocols. (Boudriga, 2010)



History of Firewalls



The term “Firewall” simply
comes from the way construction of a wall is used to prevent a fire. In a
construction purpose, the firewall needs to provide time for people to escape
the fire or extinguish it. The way this can be compared to the internet is that
the firewall needs to take a large amount of heat. This can be compared to an
attack on a network or damage intended to target a firewall. An organisation
should always have a firewall on their network to ensure high security. A
router that has packet and filtering for protocols is not sufficient enough for
protecting the network, as these can be circumvented easily by intruders. These
routers were also not meant to be for ensuring high amounts of security as they
are just routers for routing network traffic. Routers are getting more secure,
but it is an essential to have a firewall to protect the network from an
external one that is untrusted. (Canavan,


Generations of Firewalls


There are types of firewalls
and many generations, which I will thoroughly explain.





is what has the accepting and denying rules, which is what allows and disallows
packets in a network. A firewall can forward the packet to where it is
designated, can prevent itself sending the packet, or completely block the
packet to send an error condition to the machine it is sent from. These are
based on the network interface card, and the IP address of the host, including
the IP address of the packets destination and network layer source. Whether the
packet is also being retrieved or sent out is another variable. (Ziegler and Constantine, 2001)


is a gateway of security that is incredibly useful; these are often included in
router software on default. It is inexpensive and with most internet providers,
which is beneficial for households. (Cheswick,
Rubin and Bellovin, 2003)





firewalls are similar to packet-filtering, except they can track the traffic at
a very close and high level. Packet-filtering firewall can only analyse a
single packet, but a stateful can analyse the traffic fully, which means it
checks the ports, destination, existing traffic, and much more. This firewall
can also act like a packet-filtering one, which means it can check the traffic
between a website for example and a user. If the connection should not be
continued, it will prevent further connections. (Andress, n.d.)




Application Layer:


An application firewall is
used for protocol analysing, for network traffic on one application or more. (Scarfone and Hoffman, 2009)


An example of application
firewalls in action is if an email is received and contains an attachment, such
as an exe file extension, it can deny it if the organisation does allow it. The
same can be recognised for ports, such as an instant message sent over a
peculiar one. It can prevent connections with certain actions, like a certain
command in file transfer (FTP), too. If a web page contains java or flash,
application firewalls can allow is disallow this to be shown, not forgetting
the security of the website trusted by certain certification authorities. The
website could have SSL certificates from authorities the firewall does not
allow, so would not be shown.


Application firewalls can
prevent attacks such as DoS and malware which are performed within protocols
such as HTTP, as they are application protocols. The firewall can detect
commands that are in sequences it is not expecting, which could be the same
command being sent repetitively. The advantage of this firewall is that it is
common for many types of protocols: HTTP,
SQL, SMTP, VoIP, etc. (Scarfone and Hoffman, 2009)






















Network-based and Host-based Firewalls






Network-based firewalls are
used to protect a network or subnet. These are not intended to protect
computers. The way a network firewall works is that a system runs the firewall
programme and network antivirus.


There are on-box and off-box


On box: The features are
installed as an add-on to the machine or added into the firewall software.


Off box: The features are on
separate systems and work with the firewall installed on the computer. (Shinder, Shinder and Grasdal, 2004)


Network-based firewalls have
increased security as the system can detect suspicious traffic. These can also
can increase bandwidth according to the amount a client uses, whereas a
host-based firewall needs to be replaced if it is exceeded.  (Wideband,





Network-based firewalls do
not have protection for the traffic inside a network that is trusted, so
host-based firewalls on computers individually are needed. Host-based firewalls
can protect the host from being accessed or attacked that are being done
without authorisation. (Microsoft, 2010)


















Proxy Firewalls




Proxy firewalls have the
highest level of security and packets are not passed through the proxy unlike
other firewall types. The proxy imitates a link like a normal connection
process. An example is a computer connecting to a proxy; the proxy will
generate a new connection (which is a mirror one). This means that the packet
does not directly access the network to pass through the firewall, and that intruding
is more difficult, meaning packet information is harder to gather. They also
cache, log, filter and control the requests from a client to ensure safety of a
network from viruses and intruding.


Proxies open a socket on a
server to allow a connection to pass through it. The gateway of a proxy gets a
request from a client in the firewall and it is sent it to a remote server,
which is a server on a different network. Then, the server response is read and
the client will have it sent back to their system. Within a network, the same
proxy is often used by the client computers so that proxy can cache the data
received effectively. (Bullguard, n.d.)





Network Address Translation Firewalls



Network address translation,
also known as NAT, is a way to translate the IPV4 address of multiple computers
within a network into the IPV4 addresses on the computers on a different
network. This requires a NAT enabled router that is between a private network
and public network. (Microsoft, n.d.)


NAT Firewalls are used for
sorting out IP Addresses. Routers use the NAT to change the IP address on
packets of data, so the router knows which device to send the data to, as there
may be multiple devices connected on the network. The packets that are not
recognised are discarded. NAT is used to ensure the right packets of data are
sent to the right devices or systems. (Walters,


Basic TCP/IP Flow



traffic is split up into packets and the firewall needs to analyse each one to
check if it needs to forward the packet to the destination or deny it. There is
the IP header, TCP/UDP, and the data of the packet. The IP is what has the IP
address, which is the sender. Then there is the destination which is the client
who receives it. The TCP/UDP is the source of the port of the sender and
recipient, so the applications can be analysed in the traffic. TCP can also
have sequence numbers and other information. The TCP/UDP ports have the
locations for the destination of the data for the packet that will eventually
get to the receiver. An example is a browser and a web server. If a web server
has received a HTTP request from a browser, the request has the client computer
information, the IP address and port that it was sent from. The port is used to
identify what sent the request, which is the browser. The web server then sends
the response using the source port the client has, which will be the
destination port for it to send to. Then, the clients operating system will
recognise the port number which belongs to the session of the browser. Usually,
the port is higher than 1024 and lower than 5000. (Northrup, n.d.)



























































Appendix A:



















Figure 1: Basic
Packet Filter (Newman, 2003)


Here, this image describes
the packet filtering process. The client IP’s are set to the IP address of and are connecting to the router. The filtering process begins,
and as the layers allow the IP to pass through, the traffic is not denied and
can connect successfully. Layer 3 is the network and Layer 4 is the transport














Figure 2: Layers
of the OSI Model (Microsoft, n.d.)





Appendix B:














Figure 3:
Stateful Firewall (Learn and Develop,



Ways attackers can interrupt
a network is by breaking the TCP 3-way handshake. A stateful firewall can
prevent this from happening (Learn and
Develop, 2017). An example is an ACK scan which is a way to attack a packet
filter, but a stateful firewall recognises this. (Capec, 2017)



Appendix C:

















Figure 4: Web
application firewall (Web Application
Firewall (WAF), 2017)



Firewalls are used to prevent attacks on web applications. Some attacks as an
example could be SQL or cross site scripting. An application firewall provides
security to this and will ensure administrators to be safe from these
intrusions. The Figure 4 shows how attacks are denied but a valid request is
accepted. (Wallace, 2017). These
valid requests are then passed onto the sites. The L7 indicates Layer 7, which deals
with the content of the messages. (NGINX,

Appendix D:















Figure 5: Proxy Firewall Process (How the Proxy Works, n.d.)


proxy in the Figure 5, shows how the client connects to the proxy, then the
proxy sends the request to the server, reads the responding request, then sends
it to the client. (Postcastserver, n.d.)





Appendix E:















Figure 6: NAT Operation (Rodriguez, 2004)



diagram (Figure 6), shows how the internet is connecting a local area network
(LAN), the firewall sees the interface and translates it to trust it to allow
access for the network. A single address is used here which is used for
security purposes, as there is only one entry point to gain access from the
internet. (Rodriguez, 2004)