CCNAS V1.2 Chapter 04 Implementing Firewall Technologies

As networks continued to grow over time, they were increasingly used to transfer and store sensitive data. This intensified the need for stronger security technologies, which led to the invention of the firewall. The term firewall originally referred to a fireproof wall, usually made of stone or metal that prevented flames from spreading between connected structures. Similarly, in networking, firewalls separate protected areas from non-protected areas. This prevents unauthorized users from accessing protected network resources.

Initially, basic access control lists (ACLs), including standard, extended, numbered, and named, were the only means of providing firewall protection. Other firewall technologies began to mature in the late 1990s. Stateful firewalls use tables to track the real-time state of end-to-end sessions. Stateful firewalls consider the session-oriented nature of network traffic. The first stateful firewalls used the “TCP established” option for ACLs. Later, reflexive ACLs were used to dynamically reflect certain types of inside-to-outside traffic upon the return of that traffic. Dynamic ACLs were developed to open a hole in the firewall for approved traffic for a finite period of time. Time-based ACLs were created to apply ACLs during certain times of the day on specified days of the week. With the proliferation of ACL types, it became more and more important to verify the proper behavior of these ACLs with show and debug commands.

Today there are many types of firewalls in existence, including packet filtering, stateful, application gateway, or proxy, address translation, host-based, transparent, and hybrid firewalls. Modern network design must carefully include proper placement of one or more firewalls to protect those resources that must be protected while allowing secure access to those resources that must remain available.