Firewall was the topic of week 5’s lecture. We begun by discussing what the definition of a firewall is. We put it simply:
- A firewall is a “choke point/guard box” of controlling and monitoring the network traffic.
- It allows interconnections between different networks with some level of trust.
- It imposes restrictions on network services (only authorized traffic is allowed).
- It enforces auditing and controlling access (alarms of abnormal behavior can be generated).
- It provides perimeter defence.
Ideally a firewall will block all ‘bad’ traffic whilst allowing all good traffic. Differentiating between good and bad traffic is a very difficult task.
Some slides were dedicated to the demilitarized zone [DMZ]. As shown above the DMZ is a sub network which is exposed to the internet. One would usually see servers such as web, email and DNS in the DMZ.
After running through the key components of firewall architecture, the lecture focussed on the importance of organisation structure and needs. Knowing which services are required, who should be able to use them and from which locations they can be used is necessary knowledge.
Some firewall types were also explored in the lecture notes:
- Packet filtering [network layer]
- Stateful packet filtering
- Circuit level [transport layer]
- Proxy firewalls [Application level]
There was a lot more detail in the lecture notes which I look forward to hearing about in next weeks lecture.