INTRODUCTION TO NETWORK SECURITY

2 THREATS AND VULNURABILITIES

NETWORK SECURITY DEVICES AND TECHNOLOGIES

NETWORK TRAFFIC ANALYSIS

CRYPTOGRAPHY AND NETWORK SECURITY

NETWORK SECURITY ANALYSIS AND FORENSIC

SECURING WIRELESS NETWORKS

ADVANCED TOPICS IN NETWORK SECURITY

Types (stateful, stateless, application-layer firewalls)

FIREWALL

Firewalls are essential security mechanisms used to monitor and control network traffic. They are categorized based on their functionality and how they track connections. Below is an explanation of stateful, stateless, and application-layer firewalls, along with their differences:

1. Stateless Firewalls

A stateless firewall operates by inspecting packets independently of their context (i.e., without considering the state of a connection). It applies a set of predefined rules to each packet to decide whether to allow or block it.

Features of Stateless Firewalls:

  • Packet Filtering:
    • Examines individual packets based on header information like source/destination IP, port, and protocol.
  • No Connection Awareness:
    • Does not keep track of established or ongoing connections.
  • Faster but Less Secure:
    • Because it doesn't store or analyze session data, it is lightweight and faster, but it may allow malicious traffic if rules aren't comprehensive.

2. Stateful Firewalls

A stateful firewall tracks the state of active connections and makes filtering decisions based on the context of the traffic, such as whether the packet is part of an ongoing session or a new connection.

Features of Stateful Firewalls:

  • Connection Awareness:
    • Keeps a state table to track ongoing sessions, including TCP/UDP handshakes and packet sequences.
  • Dynamic Rules:
    • Automatically allows return traffic for established sessions (e.g., if a user initiates a request to a website, the response is allowed without additional rules).
  • More Secure but Resource-Intensive:
    • Requires memory and processing power to maintain the state table, making it slower than stateless firewalls.

3. Application-Layer Firewalls (Layer 7 Firewalls)

An application-layer firewall operates at the application layer (Layer 7) of the OSI model and can inspect the content of network packets. Unlike stateless and stateful firewalls, it understands application-specific protocols (e.g., HTTP, FTP, SMTP).

Features of Application-Layer Firewalls:

  • Deep Packet Inspection (DPI):
    • Inspects the payload of packets, allowing the firewall to detect and block malicious traffic based on application behavior.
  • Protocol Awareness:
    • Can analyze and enforce rules for specific protocols (e.g., allow only HTTP GET requests and block POST requests).
  • Advanced Threat Detection:
    • Identifies application-specific vulnerabilities and threats (e.g., SQL injection, cross-site scripting).