Privia Security was chosen as one of Türkiye's fastest growing companies!
Privia Security was chosen as one of Türkiye's fastest growing companies!
In the world of cybersecurity, firewall applications and configurations are of great importance.
Understanding the operating principle and type of a firewall begins with knowing how the firewall will evaluate traffic and deciding what to allow and what to deny.
Understanding the application of a firewall begins with knowing how it is set up based on the network it protects. The most commonly used configurations are as follows.
In the host-based scenario, the firewall presents itself as a software solution installed on an existing machine with an existing operating system. The most important point in this scenario begins with knowing that no matter how good the firewall solution is, it operates dependent on the underlying operating system. In such a scenario, it is very important for the machine hosting the firewall to have a hardened operating system. Hardening the operating system requires taking various security measures, including the following.
In the network host-based application, you install firewall software on an existing server. The primary advantage of this option is cost. Installing firewall software on an existing machine and using that machine as a firewall is a much more affordable solution.
A dual-homed host is a firewall application running on a server with at least two network interfaces. This is a very old methodology by today’s technology standards. In today’s technology, most firewalls are implemented using real routers rather than servers. The server acts as a router between the network and the interfaces it is connected to.
To do this, the automatic routing function is disabled. That is, an IP packet coming from the internet is not routed directly to the network. The administrator can choose which packets to route and how to route them. Systems inside and outside the firewall can communicate with the dual-homed host, but they cannot communicate directly with each other.
The dual-homed host configuration is an extended version of the network host firewall application. This also means it is dependent on the security of the base operating system. Whenever a firewall runs on any type of server, the security of that server’s operating system becomes more critical than usual.
This option has the advantage of being relatively simple and inexpensive. The most significant disadvantage is its dependence on the operating system.
Today, even the simplest, lowest-end routers have some form of firewall. In larger networks with multiple protection layers, it appears as the first layer of protection. Although various types of firewalls can be applied to a router, the most commonly used type is the packet-filtering firewall. Broadband connection users in a home or small office can obtain a packet-filtering firewall router to replace the basic router provided by the broadband company.
In most cases, this solution is ideal for people who lack technical knowledge. Some vendors can offer router-based firewalls that can be pre-configured to the customer’s needs. The customer can then place this device between the network and the external internet connection and use it.
If a network is divided into segments, each segment needs to use a router to connect to the other segments. Using a router that also includes a firewall will significantly increase security. If the security of one segment of the network is compromised, the rest of the network will remain protected.
Perhaps the best advantage of router-based firewalls is ease of installation. In most cases, vendors can configure the firewall for you and you can simply use it. Most home-based routers such as Linksys or Netgear have a built-in firewall.
A screened host is essentially a combination of firewalls. In this configuration, a combination of a bastion host and a screening router is used. The combination creates a dual-firewall solution that is effective at filtering traffic. The two firewalls can be of different types. The bastion host can be an application gateway and the router can perform packet screening (or vice versa). This approach provides the advantages of both firewall types and is conceptually similar to a dual-homed host.
The screened host has some advantages over the dual-homed firewall. Unlike the dual-homed firewall, the screened host only needs one network interface and does not require a separate sub-network between the application gateway and the router. This makes the firewall more flexible but perhaps less secure, because relying on only one network interface card means it can be configured to pass certain trusted services through the application gateway portion of the firewall directly to servers on the internal network.
The most important concern when using the screened host is that it actually combines two firewalls into one. As a result, any security flaw or misconfiguration affects both firewalls. When you use a DMZ, there are physically two separate firewalls, and the probability of any vulnerability spreading to both is low.
You May Be Interested In These
