KYAMBOGO UNIVERSITY

DEPARTMENT OF SCIENCE
SCHOOL OF COMPUTING AND INFORMATION SCIENCE
BACHELOR OF INFORMATION TECHNOLOGY AND COMPUTING
NETWORK SECURITY AND MANAGEMENT
GROUP SIX FIREWALLS REPORT

NAME REGISTRATION NUMBER SIGNATURE

NANYANGE MARY DRUSCILLA 23/U/ITD/10706/PD
NABUKEERA ZAHARAH RAMULAH 23/U/ITD/14136/PD
AFUGA RONALD MICHAEL 23/U/ITE/02939/PE

NAHEREZA ALLAN 23/U/ITD/09373/PD

NAMAYANJYA PATIENCE 23/U/ITD/10119/PD
NABAALE JAMIRAH 23/U/ITE/09115/PE
KAGOMA IAN JONAH 23/U/ITD/06199/PD

NATUKUNDA KEVIN 23/U/ITD/10897/PD

GIDUDU ABEL AHUMUZA 23/U/ITD/05836/PD
AMPEIRE ESTHER 23/U/ITD/03907/PD
KAMUKAMA JONAN 23/U/ITD/06376/PD
SSEGAWA GEORGE KAGGWA 23/U/ITD/12617/PD
INTRODUCTION

In the world of computer networks, a firewall acts like a security guard. Its job is to watch over the
flow of information between your computer or network and the internet. It’s designed to block
unauthorized access while allowing safe data to pass through.

Essentially, a firewall helps keep your digital world safe from unwanted visitors and potential
threats, making it an essential part of today’s connected environment. It monitors both incoming
and outgoing traffic using a predefined set of security rules to detect and prevent threats.

That being said, a firewall is a network security device, either hardware or software-based, which
monitors all incoming and outgoing traffic based on a predefined set of security rules accepts,
rejects, or drops that specific traffic.

Accept: allow the traffic

Reject: block the traffic but reply with an “unreachable error”
Drop: block the traffic with no reply

History and Need For Firewall

Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on
routers. ACLs are rules that determine whether network access should be granted or denied to
specific IP address. But ACLs cannot determine the nature of the packet it is blocking. Also, ACL
alone does not have the capacity to keep threats out of the network. Hence, the Firewall was
introduced. Connectivity to the Internet is no longer optional for organizations. However,
accessing the Internet provides benefits to the organization; it also enables the outside world to
interact with the internal network of the organization. This creates a threat to the organization. In
order to secure the internal network from unauthorized traffic, we need a Firewall.

Working of Firewall
Firewalls match the network traffic against the rule set defined in its table. Once the rule is
matched, associate action is applied to the network traffic. For example, Rules are defined as any
employee from Human Resources department cannot access the data from code server and at the
same time another rule is defined like system administrator can access the data from both Human
Resource and technical department. Rules can be defined on the firewall based on the necessity

2
and security policies of the organization. From the perspective of a server, network traffic can be
either outgoing or incoming.

Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic, originated
from the server itself is, allowed to pass. Still, setting a rule on outgoing traffic is always better in
order to achieve more security and prevent unwanted communication. Incoming traffic is treated
differently. Most traffic which reaches the firewall is one of these three major Transport Layer
protocols; TCP, UDP or ICMP. All these types have a source address and destination address. Also,
TCP and UDP have port numbers. ICMP uses type code instead of port number which identifies
purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For this
reason, the firewall must always have a default policy. Default policy only consists of action
(accept, reject or drop). Suppose no rule is defined about SSH connection to the server on the
firewall. So, it will follow the default policy. If default policy on the firewall is set to accept, then
any computer outside of your office can establish an SSH connection to the server. Therefore,
setting default policy as drop (or reject) is always a good practice.

3
TYPES OF FIREWALLS

Packet-filtering firewalls.

These are the most basic type of firewalls, operating at the network layer. These firewalls analyze
each packet of data that passes through them, and then filters them based on rules like source and
destination IP addresses, port numbers, and protocol types (e.g., TCP, UDP)

Stateful Inspection Firewalls

A stateful inspection firewall allows or blocks traffic based on state, port, and protocol. They
remember the state of active connections (e.g., whether a session is established). They track the
connection status and context, allowing them to make more informed decisions. For example, if a
packet is part of an established session, it may be allowed through even if it does not match a rule
directly.

Proxy Firewalls.

A proxy firewall is an early type of firewall device, serving as the gateway from one network to
another for a specific application. When a client sends a request to access a resource (like a web
page), the proxy firewall intercepts this request and forwards it to the intended server. The server’s
response goes back to the proxy, which then forwards it to the client. This setup allows the firewall
to filter and inspect content for malicious data, providing additional security and logging
capabilities.

Next-Generation Firewalls (NGFW).

This is a network security device that provides capabilities beyond a traditional, stateful firewall.
They analyze traffic at multiple levels, looking beyond just packet headers to understand
application-level data. They can identify specific applications and enforce policies based on the
applications rather than just IP addresses and ports. They also integrate threat intelligence to detect
and block advanced threats in real time.

For example, AI-powered firewalls use artificial intelligence (AI) and machine learning (ML) to
enhance threat protection and network security. While traditional firewalls use predetermined rules
to block and detect threats, AI-powered firewalls work in real time to analyze dynamic network
traffic, identify patterns, and help organizations automate life cycle management of their firewall
policy.

4
Web Application Firewalls (WAF).

These are specialized firewalls designed to protect web applications by filtering and monitoring
HTTP traffic. They sit between the web application and the client, examining incoming and
outgoing HTTP requests. They use rules and patterns to identify and block common web attacks
such as SQL injection, cross-site scripting (XSS), and other vulnerabilities. They can also analyze
traffic patterns to identify anomalies that may indicate an attack.

Hardware Firewalls.

These are physical devices that sit at the network perimeter, providing a dedicated security barrier
for the entire network. They are designed to handle large volumes of traffic and provide
comprehensive protection for all devices within the network. They often include additional features
like VPN support and intrusion detection systems.
Software Firewalls.
Software firewalls are applications installed on individual devices that monitor and control network
traffic. Each software firewall runs on a specific device, filtering traffic based on rules set by the
user. They protect the device from external threats and can control outbound traffic, allowing users
to specify which applications can access the internet. This type of firewall is particularly useful for
personal computers and servers.

FIREWALL ARCHITECTURE

Firewall Architecture refers to the design and organization of a firewall’s components and how they
work together to control and filter network traffic.

Common Firewall architectures include;

Dual-homed host firewalls: In this architectural approach, the bastion host accommodates two
NICs (Network Interface Cards) in the bastion host configuration. One of the NIC is connected to
the external network, and the other one is connected to the internal network thus providing an
additional layer of protection.

Screened subnet firewalls: Of all the architecture available, Screened Subnet Firewall is widely
used and implemented in corporate networks. Screened Subnet Firewalls as the name suggests make

5
use of DMZ (demilitarized network) and are a combination of dual-homed gateways and screened
host firewalls.
Screened host combines the packet filtering router with a separate firewall such as an application
proxy server. This approach allows the router to prescreen packets to minimize network traffic.

Screening router: this performs packet filtering and is used as a firewall itself. It may also be used
as a perimeter protection for the internal network or as the entire firewall solution.

FIREWALL POLICIES

Firewall policies serve as the foundation for network security, establishing the overarching
guidelines for controlling traffic flow. These policies define the network’s security posture and the
types of traffic that are permitted or restricted.

TYPES OF POLICIES
Standard policy: This is the most basic type of policy, allowing or blocking traffic based solely on
source and destination IP addresses. In simple terms, it provides a fundamental level of protection.
Extended policy: Offering more granular control, extended policies allow or block traffic based on
source and destination IP addresses, protocols, and port numbers. This enables more precise traffic
filtering.
Stateful policy: Stateful policies maintain a record of network connections, allowing or blocking
traffic based on the established connection state. This helps prevent unauthorized access and
malicious attacks.

NOTE:Firewall rules are the specific instructions that implement the policies. They define criteria
for allowing or blocking traffic, such as: Source IP address, Destination IP address, Protocol, Port
number, Action.

Action: The action to be taken for traffic matching the criteria (e.g., allow, deny, log).
The order in which rules are evaluated is crucial. If a rule matches a packet, It is processed, and no
further rules are evaluated. This is known as the “first match” principle.

6
FIREWALL DEPLOYMENT

Firewall deployment refers to the strategic placement and configuration of firewalls within a
network infrastructure to control and monitor incoming and outgoing network traffic.

Types of Firewall Deployment

These refer to the different categories of firewalls based on their functionality and placement within
a network. These include;
1. Network-based/hardware/perimeter/edge/gateway firewall deployment

Hardware firewall deployments are typically appliances installed at the perimeter of a network.
They are positioned at strategic points within the network to filter traffic between different network
segments.
2. Host-based/software/personal/endpoint/client-side firewall deployment

Software firewalls are installed directly on individual devices to protect them from threats.

3. Hybrid firewall/integrated/UTM/next-generation/application Layer deployment A

hybrid firewall deployment combines network-based and host-based firewalls to provide
comprehensive security.

Modes of Firewall Deployment

Modes of firewall deployment refer to the operational modes or configurations in which firewalls
can be set up to control and monitor traffic. They determine how the firewall interacts with the
network and processes traffic. Common modes include;
1. Bridge Mode

The firewall operates at the data link layer (Layer 2) and acts as a transparent bridge between two
network segments.
2. Route Mode

The firewall operates at the network layer (Layer 3) and routes traffic between different network
segments.

7
 3. Transparent Mode

Similar to bridge mode, but the firewall is invisible to network devices and does not require IP
addresses.

IMPORTANCE OF PROPER FIREWALL CONFIGURATION

A properly configured firewall is crucial for safeguarding network integrity by defining specific
rules for traffic control based on factors like IP addresses, protocols, and port numbers. It helps
distinguish between legitimate and malicious traffic, allowing authorized data to pass while
blocking unauthorized access attempts.
Tailoring firewall settings to the network's specific needs is essential. This includes regularly
updating rules, closing unnecessary ports, and applying patches to mitigate security vulnerabilities.
A well-optimized firewall enhances both security and performance, minimizing risks of breaches
and ensuring smooth network operation for users and administrators.

HOW TO CONFIGURE A FIREWALL

1. Secure the Firewall: Update firmware, change default credentials, restrict administrative
access by IP, and enable multi-factor authentication.

2. Design Firewall Zones and IP Structure: Segment the network into zones (e.g., DMZ for
public services) with unique IP ranges to prevent unauthorized access and contain breaches.

3. Implement Access Control Lists (ACLs): Define ACLs for each zone to control traffic,
starting with restrictive rules and setting a default deny for undefined traffic.

4. Activate Necessary Services and Logging: Enable essential services (e.g., VPN, DHCP),
disable unused ones, and set up centralized logging for security analysis.

5. Test the Configuration: Conduct penetration testing and vulnerability scans to ensure
correct rule application. Keep a backup of the verified configuration.

6. Ongoing Monitoring and Management: Continuously monitor performance, adjust rules

for new threats, and maintain documentation. Regular maintenance includes updates, rule
reviews, log monitoring, and compliance audits.

8
CONCLUSION

Firewalls play a critical role in safeguarding computer networks from unauthorized access and
cyber threats. They serve as a security barrier between trusted internal networks and potentially
dangerous external sources like the internet. By filtering traffic according to predefined security
rules, firewalls ensure that only legitimate data flows through while blocking harmful or
unauthorized content.

From simple packet-filtering firewalls to advanced next-generation firewalls (NGFWs) and cloud-
based solutions, firewalls have evolved to meet the growing complexity of modern networks and
cyber threats. They offer robust protection for enterprises, personal devices, and cloud
infrastructures, ensuring data security across various environments. Features like deep packet
inspection, intrusion prevention systems, and virtual private network (VPN) support make firewalls
more adaptable to today's dynamic threat landscape.

Proper firewall configuration and management are essential to maximize their effectiveness. This
involves regularly updating rules, enabling necessary services, conducting tests, and monitoring
logs to prevent misconfigurations that can leave networks vulnerable. Firewalls also integrate
seamlessly into larger security frameworks, ensuring that businesses and individuals can maintain
secure and compliant digital operations.

Though firewalls are indispensable for network security, they must work in tandem with other
security measures, such as encryption, strong authentication, and regular security assessments, to
provide comprehensive protection. With the rise of cloud computing and IoT, firewall technology
will continue to adapt, reinforcing its role as a cornerstone of network defense.

9
RECOMMENDATION

1. Enhance Firewall Configuration

Regular updating of firewall rules and configurations based on the evolving threats to the
technological systems of the organizations like NIRA(National Identification Registration
Authority) and as well minimizing overly permissive rules and ensuring that the principle of least
privilege is applied.
2. Implement Next-Generation Firewalls (NGFWs):
Upgrading to NGFWs for organizations dealing with advanced and sophisticated threats like the
Uganda Revenue Authority (URA). NGFWs combine traditional firewall functions with intrusion
prevention systems (IPS), deep packet inspection, SSL inspection, and integrated threat intelligence,
Virtual Private Networks (VPNs) and more advanced features of firewalls.
3. Regular Audits and Monitoring:
Frequent security audits of firewall logs and rule sets to detect vulnerabilities or misconfigurations
especially in banking systems. Implementing real-time monitoring solutions to detect and respond
to threats.
4. Firewall Redundancy and Backup:
Having a backup or redundant firewall in place for mission-critical systems to prevent downtime in
case the primary firewall fails which as well works for the security forces like the Uganda Peoples
Defense Force (UPDF).
5. Training and Awareness:
Training network administrators and staff on firewall management, best practices, latest security
threats and how to defend against them, and new features to ensure they can manage and configure
firewalls effectively.
6. Cloud Firewall Solutions:
If applicable, use of cloud-based firewalls for organizations and governments using cloud
environments. These solutions offer scalability and are tailored for cloud-specific threats.
7. Periodic Penetration Testing:
Conducting penetration tests to identify firewall weaknesses and ensure that it can effectively block
malicious activities.

10
REFERENCES

1. https://www.paloaltonetworks.com/cyberpedia/what-is-firewall-configuration
2. https://www.esecurityplanet.com/networks/how-to-set-up-a-firewall/ Visited on 22nd
September 2024 12:32pm
3. https://www.fortinet.com/resources/cyberglossary/firewall Visited on 22nd September,
2024 12:31pm
4. https://www.spiceworks.com/it-security/network-security/articles/what-is-firewall-
definition-key-components-best-practices/#_003 visited on 22nd September, 2024
12:25pm
5. https://www.cloudflare.com/learning/access-management/what-is-the-network-
perimeter/ https://www.geeksforgeeks.org/introduction-of-firewall-in-computer-
network/
6. https://www.cisco.com/site/us/en/learn/topics/security/what-is-a-firewall.html visited
on 24th September at 8:50am
7. https://www.infosecinstitute.com/resources/network-security-101/firewall-types-and-
architecture.html visited on 24th September, 2024 17:49pm.
8. https://www.cisco.com/site/us/en/learn/topics/security/what-is-web-application-
firewall-waf.html visited on 24th September at 9:20am
9. https://nordlayer.com/learn/firewall/iot/#benefits-of-iot-firewalls visited on 12th
October, 9:39am
10. https://www.quora.com/What-is-the-purpose-of-an-ISP-firewall visited on 12th
October at 9:51am
11. https://www.cloudflare.com/learning/cloud/what-is-a-cloud-firewall/ 9:58am
12. “Next-Generation Firewalls” by Palo Alto Networks(2014)
13. “Firewall Configuration and Administration” by Chris McNab(2006)

11