Security+ Domain 3.1 - Infrastructure Security - Devices
Firewalls
What are firewalls?
In a basic form, firewalls are devices that separate and control traffic between two networks. There are both hardware and software firewalls and they are generally between an internal and external network, but may separate two internal networks. The exact function depends on the type of firewall.
Before continuing, I would recommend reading about zones in Domain 3.1.
What types of firewalls are there?
There are four main types:
Packet filters are level 3 (network) layer devices that examine certain characteristics of packets including the source and destination IP and port as well as the IP protocol, such as TCP or UDP. The firewall has rules that were previously set and/or configured and either allows, rejects, or drops the packet. Dropping makes the sender have to wait for it to time-out, which can increase the time a network scan takes to complete for an attacker. The difference between rejecting and dropping a packet is that the user is notified if the packet is rejected. There is an improved version known as a stateful inspection firewall. These firewalls keep a record of sessions of communication between computers and only scans the first packet, which can increase performance. In general, packet filters are the fastest type of firewall, but not the most secure.