Skip to main content

Basics of Firewall

A firewall is a software-defined product. Which is also installed into a physical device with necessary peripherals like a cooling fan, power console, Physical Ethernet interfaces (I/O).

A firewall is a network security device and gateway level device. Basically, it is used to deny unauthorized access or unauthorized TCP/UDP packets.


A firewall is used to inspect the incoming and outgoing TCP/UPD packets with service Ports by User-defined rules called Access Control Rules (ACL).

All firewall has a pre-defined policy called 'Implicit policy' to deny all inbound and outbound traffic.
To access the internet or different network through firewalls, we have to write an ACL with Source IP address, Destination IP Address and service number (ports, ex: HTTP, SSH).

In the above picture, each brick is a user-defined ACL to access/allow specific network traffic. 

Firewall packet inspection methods: Stateless and Stateful

Stateless inspection 

In this method firewall only check the source and destination IP address with ACL.

    [+] If packet details match with ACL - The firewall will pass the packet.
    [-]  If the packet does meet the ACL -The firewall will Deny the packet.

It's also called Packet Filtering.

But in this method network services were unable to restrict. To overcome this security impact Stateful inspection method used in the Firewall in earlier days.

Stateful inspection 

Stateful packet inspection provides services beyond simple packet filtering, by additionally tracking TCP or UDP sessions between devices.

For example, the stateful inspection can track connections that originate from the trusted network. This session information is kept in a state session table, which allows temporary holes to be opened in the firewall for the return traffic, which might otherwise be denied. 

Connections from the untrusted network to the trusted network are also monitored, to prevent Denial of Service (DoS) attacks. If a high number of half-open sessions are detected, the firewall can be configured to drop the session (and even block the source) or send an alert message indicating an attack is occurring.

 A half-open TCP session indicates that the three-way handshake has not yet completed. A half-open UDP session indicates that no return UDP traffic has been detected. A large number of half-opened sessions will chew up resources while preventing legitimate connections from being established.

Currently, we are using  NGFW Firewalls to protect our network.


Popular posts from this blog

My Life as Information security engineer Chapter 1: Tools

  Hi folks, here I am going to share the tools list that I am using in my daily life cycle. NMAP  Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Basically, I will use it to discover the open ports and closed ports where I did Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of the NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: CURL and WGET curl   is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget   using to download files directly instead of opening and surfing the brow

AquaSec Container Security Solution ( DevSecOps ) - A quickView

  What is AquaSec?      The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure, and secure running workloads wherever they are deployed.    Solutions : Cloud Native Security Platform CSPM Cloud Security Container Security Kubernetes Security Serverless Security Cloud VM Security Dynamic Threat Analysis (DTA) Container Vulnerability Scanning Aquasec offers a 14days trial to learn the container security / Automated DevSecOps. Use this link to get free trail  Sign In | Aqua (   How to start with AquaSec? Once login into the portal click the nine dots in the left-side top > Aqua Hub  Then click the "Integrations" The Integration page has a lot of options to connect your container Platform Choosing your platform provides the required key to integrate. (follow the OEM documents ) The

What is IP Obfuscation ? How it's working ? how to use Cuteit tool ?

  What is IP  Obfuscation?     Which is a method to hide or convert a doted format IP address  (e.g.   into an Integer or Hexadecimal value or Octal form by using some mathematical formula. It’s a kind of method to spoof the human eyes and web security services. dot format to Decimal Conversion 👉  [] to translate (172 x256 3 )+(67×256 2 )+(129×256 1 )+(3×256 0 ) =  2890105091 Now you can use  https://2890105091  to access This is one of the ways to do IP  Obfuscation.  The tool  ‘ Cuteit ‘ is  A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command-line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload. HOW TO USE CUTEIT ? Download & Install Cuteit from the below link git :   git clone Direct link: usage: Cu