Firewalls are an integral part of most organizations’ Information Technology environments today. They control traffic that enters and leaves the network by either allowing or denying traffic and are a standard security solution for almost all organizations. This article will serve as a brief review of the firewall portion of the CompTIA Security+ certification exam.
Firewalls serve as a hardware or software component of an Information Technology environment that is deployed between a private trusted network (such as an organization’s private network) and a public untrusted network (internet). Firewalls use filters, which are simply rules, and if a traffic packet comes in that meets the criteria established in the rule, the firewall will perform an action based upon that rule. If the first rule does not trigger action, the firewall will check the packet against subsequent rules in its data set. Firewalls normally organize rules from the most detailed rules being first and the most general rules being last. Once one rule defines the action to be performed for a data packet, it will not check other rules down the priority list.
Access control lists, or ACLs, are important components to many security devices, including firewalls. ACLs allow or disallow access to specific resources. They get assigned to objects, or to a network and govern who has access to that resource. ACLs are considered the first line of defense of a firewall, and regarding placement, ACLs reside on the edge of the firewall.
On a more granular level, ACLs contain rules. The way that ACL rules are configured can determine how a firewall will act when the rule is fired off. Below is a list of the different rule formats within ACLs:
- Permission-based rules – It is common to see ALLOW/PERMIT when the traffic is allowed and (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/3yNs7kCzt3k/