Networking Protocols, Firewalls, and Security Measures: TCP/IP, OSI, Filtering Rules, VPNs

TCP/IP

Transmission Control Protocol/Internet Protocol; the suite of communication protocols used to connect network devices on the internet

OSI

Open Systems Interconnection; a conceptual model for standardizing communication functions, different from TCP/IP as it has 7 layers vs TCP/IP's 4

Layers of TCP/IP Reference Model

Application, Transport, Internet, Link (or Network Interface)

Application Layer (TCP/IP)

Provides an interface between end-user and network, supports application layer protocols such as HTTP, FTP, SMTP

Primary Objective of a Firewall

To protect a private network and its resources from attacks originating from external networks like the internet

Typical Location of a Firewall

At the boundary between a private data network (trusted) and external networks (untrusted)

Trusted vs Untrusted Network (Firewall Perspective)

Trusted: Private data network; Untrusted: External networks

Host Firewall

Protects an individual device, usually has a single network interface

Network Firewall

Protects an entire network of hosts and resources, placement depends on firewall type

Filtering Rules

Predetermined, predefined rules in firewalls used to decide whether to allow or block data packets

Addressing Scheme at Internet Layer

32-bit source/destination IP addresses (IPv4)

Addressing Scheme at Transport Layer

Source and destination Port addresses

Addressing Scheme at Link Layer

Source and destination MAC (hardware) addresses

Static Filtering Firewall

Uses a fixed set of rules loaded beforehand by the admin to filter network traffic

Dynamic Filtering Firewall

Can create or update rules in response to changing network situations, adapting at runtime

Filtering Router

A router that first applies filtering rules to incoming/outgoing network traffic before routing packets

Packet Filtering Firewall (PFF)

Operates at the Internet layer; inspects packet headers to decide allow/block; stateless (no memory of previous packets)

Stateless Firewall

Treats each packet independently, no awareness of previous packets, fast but vulnerable to spoofing

State-Aware (Stateful) Firewall

Remembers previously seen packets; decisions can depend on earlier traffic, better for detecting attacks

Spoofing Attack

An attacker pretends to be another user or device by falsifying data to gain unauthorized access

IP Spoofing

Falsifying an IP address in data packets to impersonate another device

DNS Spoofing

Supplying false DNS responses to divert traffic to malicious or unintended sites

Proxy Firewall / Application Layer Firewall

Runs on a dedicated machine called a proxy server, filters based on application protocols, operates at Application layer, creates a DMZ

DMZ (Demilitarized Zone)

A neutral zone between a private network and external networks; adds security by preventing direct access to internal resources

Circuit-Level Gateway

Operates at the Transport layer; filters based on source/destination port addresses; blocks all direct TCP connections between hosts in different networks

MAC Layer Firewall

Operates at the Link layer; filters traffic using source/destination MAC addresses; usually protects resources from insider threats within the local network

VPN (Virtual Private Network)

A secure tunnel created over a public network to allow remote, encrypted communication between private networks or remote hosts

VPN Transport Mode

Encrypts only the payload of the data packet; header remains in clear text

VPN Tunnel Mode

Encrypts both the payload and header of the data packet, providing full protection

Advantages of Packet Filtering Firewall

Fast processing, since only headers are examined; easy and efficient to implement

Disadvantages of Packet Filtering Firewall

Stateless (doesn't track sessions), vulnerable to spoofing and certain attacks

Advantages of Proxy Firewall

Provides more security by creating a DMZ, prevents direct access to internal servers

Disadvantages of Proxy Firewall

Protocol-dependent, usually limited to a single application protocol, may introduce delays

Filtering Rules Example

Rules may involve source IP, destination IP, service (HTTP, FTP, etc.), action (allow/deny), and direction (inbound/outbound)

Difference: Packet Filtering vs Proxy Firewall

Packet filtering firewalls operate at the Internet layer and filter based on IP information in header; Proxy firewalls operate at the Application layer filtering based on app protocols and run on dedicated proxy servers (2nd generation vs 1st generation firewall)