Network Firewall Comparison

Assignment-1

Pranav Pangil Cibi

Sheridan College

Author Note

Pranav Pangil Cibi, Department of IT, Sheridan College.

Special thanks to professor for his help in preparation of this manuscript.

Correspondence concerning this article should be addressed to Pranav Pangil Cibi,

IT department, Sheridan College.

Email – [email protected]
Network Firewall Comparison
2
Abstract

A firewall is another network security device that keeps track of incoming and outgoing network

traffic and decides which traffic to allow or deny in accordance with a set of security rules. For

over 25 years, firewalls have served as network security's first line of defense. They provide a

barrier between trustworthy internal protected and regulated networks from suspicious external

networks like the Internet.

The firewall is divided into four types. These are Packet Filtering, Proxy Service, Stateful

inspection and Next-Generation Firewall. Malware and application-layer threats are the main

targets of firewalls, particularly Next-Generation Firewalls. These Next-Generation Firewalls

can react swiftly and smoothly to identify and stop threats across the whole network when

combined with an integrated intrusion prevention system (IPS). Firewalls may conduct rapid

assessments to detect intrusive or suspect behaviour, such as malware, and can be configured to

act on previously specified policies to safeguard your network further. You may configure your

network with specific guidelines to allow or prohibit incoming and outgoing traffic by using a

firewall as part of your security infrastructure.

Keywords: [Accordance]
Network Firewall Comparison
3

Assignment-1

A packet Filtering Firewall regulates the flow of incoming and outgoing network data is a packet

filtering firewall. Each packet, which contains user data and control information, is examined by

the firewall and put through a series of pre-established checks (Golnabi, K., Min, R. K., Khan,

L., & Al-Shaer, E. 2006). The firewall permits the packet to go to its destination if it successfully

passes the test. Those who fail the test are rejected by checking sets of rules, protocols, ports, and

destination addresses, firewalls test packets.

Packets are structured data units that are transported through packet-switched networks in system

networking. Because they break down communications into smaller units or packets and send

each one independently over the network, these networks are capable of fault tolerance.

Proxy Service

A network element known as a service proxy serves as a middleman for requests from

microservices application components looking for resources. To request a specific service (file,

connection, web page, or other resources) offered by one of the microservices components, a

client establishes a connection with the service proxy (Kuipers, D., & Fabro, M. 2006 ). Based

on the configured load balancing algorithm, the service proxy assesses the request to determine

the best course of action.

Network Firewall Comparison
4

Statement Inspection

The stateful inspection, often referred to as dynamic packet filtering, is a firewall

technology that keeps track of the status of active connections and makes decisions about which

network packets to let pass through the firewall based on this data. Stateful inspection, which

works well with Transmission Control Protocol (TCP) and related protocols but can also support

protocols like User Datagram Protocol, is frequently used in place of stateless inspection or static

packet filtering (UDP).

Data packets are filtered using state and context using the network firewall technology

known as stateful inspection (Lyu, M. R., & Lau, L. K. 2000). The method was created by Check

Point Software Technologies in the early 1990s to alleviate the drawbacks of stateless inspection.

Next Generation Firewall

Stateful network traffic inspection is offered by a conventional firewall. It filters traffic

according to rules set by the administrator and allows or prevents traffic according to state, port,

and protocol. This and many other things are accomplished by NGFWs (Zalenski, R. 2002).

NGFWs can block contemporary threats such as sophisticated malware and application-layer

attacks in addition to access control. A next-generation firewall must have these features in order

to meet Gartner's definition:

 Stateful inspection and other common firewall features

 Comprehensive intrusion prevention

 Application control and awareness to identify and prevent dangerous applications

 Sources of threat intelligence

 Upgraded routes to incorporate upcoming information feeds

Network Firewall Comparison
5
 Methods for dealing with changing security risks

Comparison of Network Firewalls

To properly grasp the significance of the firewall in our daily lives, I'll compare three firewalls

created by various firms in this assignment.

The following is a comparison of the Firewalls:

 WatchGuard Firebox Findings,

 Cujo AI Smart Internet Security Firewall

 Cisco ASA 5500-X

Findings

The qualities of each firewall under investigation differ from one another, and Cujo AI Smart

Internet Security Firewall emerged as the overall winner due to its mobility, simplicity of usage,

and low cost. The network firewall can be easily configured without the assistance of a

professional, and Cujo Internet Security offers a wide range of purchasing options through online

marketplace.
Network Firewall Comparison
6
References

Golnabi, K., Min, R. K., Khan, L., & Al-Shaer, E. (2006, April). Analysis of firewall policy rules
using data mining techniques. In 2006 IEEE/IFIP Network Operations and Management
Symposium NOMS 2006 (pp. 305-315). IEEE.

Kuipers, D., & Fabro, M. (2006). Control systems cyber security: Defense in depth
strategies (No. INL/EXT-06-11478). Idaho National Lab.(INL), Idaho Falls, ID (United States).

Lyu, M. R., & Lau, L. K. (2000, October). Firewall security: Policies, testing and performance
evaluation. In Proceedings 24th Annual International Computer Software and Applications
Conference. COMPSAC2000 (pp. 116-121). IEEE.

Zalenski, R. (2002). Firewall technologies. IEEE potentials, 21(1), 24-29.

Network Firewall Comparison
7

Citations

Abstract: Checkpoint, Cisco

Packet : Cisco
Proxy Service: Avinet
Stateful: TechTarget
Next Generation Firewall: Avinet
Figure: Cisco,Cujo , WatchGuard
 Network Firewall Comparison
8
Figure:

Firewall Cisco ASA 5500-X CUJO AI WATCHGUARD

SMARTINTERNET FIREBOX
SECURITY FIREWALL
Rule Based No No No
Application-aware Yes Yes Yes
state-ful packet filtering Yes Yes Yes
Intrusion Detection Yes Yes Yes
System
Content Filtering Yes Yes Yes
Other Features NGIPS,99% blocking Powered by Lithium Built in VPN antivirus,
effectiveness,24/7 Batteries for portability, Up to 200 authenticated
updates on security Protection for IOT devices, limit, Safe Search and
intelligence by Cisco Ultra Low latency (2ms). google for Business
Talos. security.
Initial Expense 400$ 230$ 80,000$