My Thoughts on Firewall


Types of Firewall

Packet Filter

Stateful FW (State Table with PF)

Deep Packet Inspection FW (IPS + PF)

Application Aware Firewall (NGFW / WAF)

Application Proxy (Proxy)


Layered Firewall Strategy (Stateful + NGFW = Outside + DMZ)

Each type of firewall serves different needs on both sides of the DMZ.  The inside doesn't have the requirements that the outside has. The outside is under constant attack. The inside is limited to the traffic that is routed to it.


While the CheckPoint firewalls are scanning the applications that are hitting the data center, the Cisco ASAs are checking ports and protocols. The layered firewall approach is part of a security strategy that demarcates responsibilities. A team is in charge of the perimeter devices (CheckPoint) outside the DMZ, while a separate networking team manages the ASAs inside the DMZ.


If someone is able to crack CheckPoint and get inside, when they get through to the second firewall and have to deal with a completely separate type of personality  and a completely different device. 


The idea is to make it such a pain in the arse to get inside that the attacker will go away.


Abbreviations

FW - Firewall

PF - Packet Filter

IPS - Intrusion Prevention System

NGFW - Next Generation Firewall

WAF - Web Application Firewall


About SecureRootD

Information Security Professional

Android & Kernel Enthusiastic

Trying to Balance between Work, Home & Hobbies