Understanding Firewall Architecture and Network Security

Classified in Computers

Written on in English with a size of 3.36 KB

Understanding Firewalls

A firewall is a point between two or more networks, acting as a component or set of components through which all traffic passes. It enables the control, authentication, and logging of all network traffic.

Note: A firewall does not authenticate or protect data from viruses.

Key Features

  • Packet Filter: Performs selective packet routing by analyzing data from headers.
  • Proxies: Analyzes packets at the application layer.
  • Bastion Hosts: Dedicated equipment with minimal services installed, kept at the latest version, to offer services to the internet.

Network Address Translation (NAT)

  • Converts invalid or reserved IP addresses into valid, routable addresses.
  • Solves the shortage of valid IP addresses.
  • Provides masking for the internal network.

Virtual Private Network (VPN)

  • Uses encryption for connections between networks.
  • Common protocols include IPSec.

How Firewalls Work

Packet Filtering

The firewall intercepts TCP/IP packets and examines their headers, comparing them against a set of predefined rules. If a packet matches a rule, the stipulated action (continue, drop, register, etc.) is applied. If no rule matches, the default firewall action is applied.

NAT Operation

NAT performs IP address translation. On output, it changes the source address of the packet to the firewall's address. On input, it performs the inverse operation, ensuring the local network only communicates via the firewall's address.

Linux Firewall Components

The core elements are netfilter, iptables, and tables.

  • Rules: Conditions that trigger specific actions when packet data matches.
  • Chains: Storage locations for rules that specify the flow state (input, output, etc.).
  • Tables: Storage locations for chains, including filter, mangle, and nat.

Table Functions

  • Filter: Manages input, output, and forward rules for packets.
  • NAT: Uses POSTROUTING and PREROUTING to implement IP address translation.
  • Mangle: Handles special modifications, such as prioritizing I/O packets.

Tunneling and VPN Protocols

Tunneling is the process of encapsulating one protocol within another (Gateway-to-Client or Gateway-to-Gateway). Common protocols include IPSec, L2TP, and PPTP.

OpenVPN

Allows the establishment of VPNs in both GNU/Linux and Windows environments by creating a virtual network interface.

Proxy Services

A proxy is software acting as an application gateway between a client and a destination server, interpreting requests to improve access speed, save costs, and provide access control.

  • Squid: A high-performance proxy-cache for web clients, supporting FTP, HTTP, and Gopher. It enables transparent proxying and user control.
  • ACL (Access Control Lists): Used to define proxy service restrictions (e.g., acl_night_time from 18:00 to 05:59).
Karma: -5%
Visits: 0

Related entries:

Tags:
packet filtering squid cybersecurity IPSec iptables firewall netfilter what does dsasdas translate to network protocols proxy VPN network security NAT