Firewall Basics

What are those walls of fire?

Firewalls are either the first or the last line of defense against attacks - depending on how good they are ;)

They are not really walls of fire though but have more in common with bouncers in front of clubs.

They let in the ones who look like they are no trouble, but there is a twist.

Firewalls can control both incoming ⬅️ and outgoing ➡️ traffic.

Gotcha, but which one is more important?

Good question, lets think about this slowly, shall we?!

Imagine that our business network is protected by a VPN - so only people with correct credentials + the correct VPN configuration can access internal resources.

Wait, but what does “access” really mean in this case?

Great question - Access in this case means most likely “inbound/incoming” access.

This is someone (coworker or hacker) from a remote location 🏝️ can read files on our company server 🏠.

While outbound/outgoing traffic would be someone from inside your network connecting to a remote server - e.g. downloading a powerpoint file 📄, virus 🦠 or similar.

Example 2 would be a hacker communicating with their remote command and control server - 🚨😱

This means we usually want to protect against these scenarios

1. Hacker connects to our network and reads files (incoming)
2. Employee downloads virus from a remote server + hacker communicates with their remote command & control server (outgoing)

How do we do that?!

We can use a firewall in both cases but often companies take a wrong turn in their prioritization.

Imagine your network is a castle 🏰.

Now if you have very high walls 🧱 + a steep crocodile filled moat 🌊🐊 surrounding your castle

You should be well prepared against external attackers.

Right?!

Well… kinda, but only if the attackers are coming from the outside.

There are scenarios (e.g. insider threat, phishing) where someone from inside your castle walls will do something naughty - we will go into those more

You need to care for both the external facing security (walls), as well as internal security (what happens after walls have been breached)

A firewall often only protect your perimeter so against incoming connections.

Firewall Rules ⑂

Classical Firewalls operate based on predefined & custom rules.

Firewalls are like bouncers and the rules they use are guiding principles for who to let into the castle and who to turn back - that is true for incoming traffic (who comes in from the outside)

BUT, there are also bouncers on the inside of the castle walls 💪🏰 to make sure we know who wants out.

Ok, got it. How would we set this up?

Which firewall should we use?

We have the choice between two types of firewalls:

Hardware 🥅🔥🧱 and Software Firewalls 👩‍💻🔥🧱

In the next chapter we will walk through both options.