Ref: https://learn.cantrill.io/courses/2022818/lectures/45660747 [TECH-FUNDAMENTALS] =OR= https://learn.cantrill.io/courses/1820301/lectures/41301354 [SAA-C03]

YouTube: https://www.youtube.com/watch?v=rL4-vbsN35w

• Summary:
• Contents:

TCP connections, ports and directionality

• TCP is a connection based protocol → A bi-directional connection is established between two devices using a random/ephemeral port on a client and a known port on the server
  • For HTTPS, the TCP port on the server is always 443
  • Range of random/ephemeral ports = 1024-65535
    • Actual range depends on the OS of the client machine! → we need to allow all possible ephemeral ports though
• Each connection has 2 parts: request and response.
• Directionality of a connection = inbound/outbound
  • ‼️ Depends on perspective (client/server)

Stateless Firewall

• 🔧 Examines each individual NW packet in isolation
  • Layers 3 & 4 of OSI-7L Model
• Makes decisions based on predetermined rules, without keeping track of the state of the NW connection
  • ❗ Needs TWO rules per connection (1 IN, 1 OUT)
  • 💡 When configuring, always start by thinking “is the request coming IN or OUT of my machine?” → Then I need to add an inverse rule too for the response
• Needs to allow the whole range of ephemeral ports (1024-65535) in its rules in order to allow incoming connections
  • 👎 Significant admin overhead, prone to mistakes → Makes security engineers uneasy

Stateful Firewall

• 🔧 Monitors and tracks state of NW connections → keeps track of individual NW sessions
  • Layer 5 of OSI-7L Model
• Intelligent enough to identify request & response as being related → makes more informed decisions about what NW traffic to allow or deny.
  • ❗ Needs ONE rule per connection
  • You only need to know if the request is allowed (IN or OUT) → the response is automatically allowed (OUT or IN)
  • 👍 Reduces admin overhead & mistakes