How Firewall Work:

Firewalls work by inspecting network traffic and applying predetermined security rules to determine whether to allow or block the traffic. Here’s how they typically function:

1. Packet Inspection: Firewalls examine individual packets of data as they travel between devices on a network. They analyze packet headers, which contain information such as source and destination IP addresses, port numbers, and protocol types.
2. Stateful Inspection: Some firewalls use stateful inspection to track the state of active connections and enforce security policies based on the context of the traffic flow. This allows them to make decisions based on the entire conversation rather than individual packets.
3. Access Control Lists (ACLs): Firewalls use access control lists (ACLs) to define rules that specify which types of traffic are allowed or denied based on criteria such as source and destination IP addresses, port numbers, and protocols.
4. Application Layer Filtering: Next-generation firewalls can perform deep packet inspection at the application layer to identify and block specific applications or protocols, such as web browsing, email, or file sharing, based on their behavior or signatures.
5. Proxy Servers: Some firewalls act as proxy servers, intercepting and forwarding network traffic on behalf of clients. This allows them to inspect and filter traffic before forwarding it to its destination, providing an additional layer of security.
6. Logging and Reporting: Firewalls typically maintain logs of network traffic and security events for analysis and auditing purposes. They may also generate alerts or notifications when they detect suspicious or unauthorized activity.

By implementing these mechanisms, firewalls help organizations enforce network security policies, protect against cyber threats, and maintain the confidentiality, integrity, and availability of their networks and resources.

Firewall Logic:

Firewall use 3 types of filtering mechanisms which are mentioned below:

1. Packet filtering or packet purity: “Packet filtering” refers to the process of inspecting individual packets of data as they pass through a network device, such as a firewall or router, and making decisions about whether to allow or block them based on predetermined criteria. These criteria typically include factors such as source and destination IP addresses, port numbers, and protocol types.
2. Proxy: A proxy is a server or software that acts as an intermediary between a user’s device and the internet, forwarding requests and responses. It can provide anonymity, content filtering, and caching, improving security and performance for network users.
3. Inspection: Inspection refers to the process of carefully examining something, such as data packets, documents, or physical objects, to assess its quality, condition, or contents. It involves thorough observation, analysis, and evaluation to identify any discrepancies, defects, or anomalies. Inspection is often conducted to ensure compliance with standards, regulations, or specifications, as well as to detect and prevent errors or problems.

Firewall Rules:

Firewall rules can be customized as per our needs, requirements and security threat levels. We can create or disable firewall filter rules based on such conditions mentioned as under:

1. IP Address: Blocking off a certain IP Address or a range of IP addresses that we think we are predatory.
2. Domain Names: we can only allow certain specific domain names to access our systems/servers or allow access to only some specified types of domain names or domain names extension like .edu.
3. Protocols: A Firewall can decide which of the systems can allow or have a access to common protocols like IP, SMTP, FTP, UDP, ICMP, Telnet or SNMP.
4. Ports: Blocking or disabling ports of a server that are connected to the internet will help maintain the kind of data flow that we want to see it used for and also close down possible entry points for hackers and malignant software.
5. Keywords: firewalls also can sift through the data flow for a match of the keywords or phrases to block out offensive or unwanted data from following in.