In this section of CCNA tutorials, we will discuss the next-generation firewall and IPS. This topic will cover the basic concept of firewall, need of firewall in networking, comparison of the traditional firewall with next-gen firewall, Cisco next-gen firewall series, the functionalities of IPS in computer networks etc.
What is a Firewall
- In networking security, the firewall acts as a barrier between the trusted / internal network and the untrusted/external network.
- The trusted network is the internal network of any organization or business establishment. That must be more secure and confidential. Only authentic or trusted users are allowed to access the trusted network.
- The untrusted networks are the external networks that are outside the control of the network administrator and outside the organization’s security domain.
- The firewall serves as the choke point or the entry/exit point for any traffic flowing in and out of the network.
- Traditional firewall filters packets on the basis of the IP address, port numbers, service protocols, and a certain set of rules on the firewall device.
- The firewall may be hardware or software.
What is the need for a firewall in network security?
The use of the internet is growing exponentially day by day. Consequently, the ongoing threats due to cybercriminals and malicious activities across the internet have become the biggest challenge for the organization, government, or business establishments to prevent their trusted network from such threats.
There must be a secured mechanism to prevent the trusted network from the untrusted network (internet). The firewall proves to be the better option to fulfil this job. The firewall is placed between the inside network and the outside network. Every packet flowing in and out of the network is allowed to pass through the firewall. The firewall allows or denies every packet based on IP address, port numbers, protocols contained in the packet, or the predefined set of rules and policies.
Traditional Firewalls vs Next-generation Firewalls
Traditional firewalls are network security devices that filter incoming and outgoing packets through them based on IP address, port numbers, protocols and the state of the packets. It is the older version of firewall techniques. It works on the basis of stateful inspection of incoming and outgoing traffic. The traditional firewalls have certain limitations that they are not much effective in detecting application-level threats.
The next-gen firewalls are the 3rd generation firewalls that provide advanced network security functionality beyond traditional firewalls. In addition to the stateful inspection of incoming and outgoing traffic, it also provides application-level filtering capabilities, an integrated intrusion prevention system, deep packet inspection, and advanced malware threat protection.
The major features of Next-gen firewalls are:
- Provide standard firewall functionality like stateful inspection of incoming and outgoing traffic.
- Provide an integrated intrusion prevention system.
- Capability to provide application awareness and control over untrusted or malicious apps.
- Deliver cloud-delivered threat intelligence.
- Provide malware detection and protection system.
- A high degree of network security solution.
Features of Cisco Next-Gen Firewall
The Cisco Next-Gen firepower firewall series offers a high degree of network security solution to meet the diverse needs from the small office, home office (SOHO) to high-end data centres and service providers.
Cisco firepower series NGFW is loaded with a bundle of features. Cisco Next-gen firewall is not just an access control and traffic filtering mechanism, but it also provides a very high degree of protection and automatic threat detection.
Some of the key features of Cisco next-gen firewalls are enumerated below.
- Automates networking and security operations.
- Prioritise alerts, correlates threat information and integrates with the rest of your security tools.
- The built-in Next-gen IPS provides breach prevention and advanced security before the threat intend to get inside the trusted network.
- Built-in sandboxing and advanced malware protection (AMP) continuously monitors and analyse traffic behaviour. The unusual file behaviours are quickly detected and eliminate the threats.
- provides comprehensive network visibility by deep inspection of every activity across hosts, users , netaorks and devices.
- provides flexible deployment options in both on-premise and cloud.
- very fast in detecting threats.
Cisco Next-Gen Firewall series
- Cisco Firepower 1000 series
- Cisco Firepower 2100 series
- Cisco Firepower 4100 series
- Cisco Firepower 9300 series
Cisco Firepower 1000 series
Cisco Firepower 1000 series is designed to meet the security needs of small and medium offices. It comes with four models namely; FPR-1010, FPR-1120, FPR-1140 and FPR-1150. The throughput ranges from 650 Mbps to 3 Gbps. Cisco Firepower 1000 series of NGFW runs Cisco Threat Defence (FTD) and the Cisco ASA software.
Cisco Firepower 2100 Series
Cisco Firepower 2100 series comes with four different families namely FPR-2110, FPR-2120, FPR-2130 and FPR-2140 with throughput varying from 2.3 Gbps to 9Gbps. It is designed to be deployed on medium to large-sized networks. It provides superior threat defence with its innovative dual-core CPU architecture. Cisco firepower 21000 series runs either Cisco Threat defence software or the Cisco ASA software.
Cisco Firepower 4100 Series
Cisco Firepower 4100 Series is designed to meet the growing needs of the enterprise network data centre. Its throughput is up to 45Gbps. Its different variants are FPR-4110, FPR-4112, FPR-4115, FPR-4125 and FPR-4145. Cisco Firepower 4100 series provides superior threat defence and runs either on Cisco Secure Firewall Threat Defense (FTD) or Cisco ASA firewall software.
Cisco Firepower 9300 series
Cisco Firepower 9300 series provides a very high degree of network security for services providers, high-performance computing centres, large data centres, and campuses. It runs either the Cisco Secure Firewall ASA or Threat Defense (FTD) software with throughput ranging from 21Gbps up to 153 Gbps. Its different models are SM-40, SM-48, SM-56 and SM-56 x 3.
What is IPS in networking?
In the context of computing, IPS stands for Intrusion Prevention System. IPS is a network security arrangement that thoroughly examines the network traffic flowing in and out of the network. It detects any malicious threats and vulnerable exploits on the traffic. It also checks for the unusual behaviour of traffic.
Any suspicious behaviour or threats are recorded and then take preventive action by the IPS to prevent the suspicious activity from any damage to the trusted network.
|Layer 2 and Layer 3 Switches||Cisco DNA Centers and WLC|