Firewalls

            The simplest definition of a firewall is a mechanism that
            protects one network from another. As a security manager, it is
            important to remember that firewalls should be used to control
            both incoming and outgoing traffic. The term firewall refers to
            many types of technology that operate at various layers of the
            OSI model and have evolved significantly over the past years.
            The most basic and first-generation firewall is the simple packet
            filtering router that examines individual packets and enforces
            rules based on addresses, protocols, and ports.

            Second-generation firewalls would keep track of all connections
            in a state table. This would allow them to enforce rules based on
            packets in the context of the communications session.

            Third generation firewalls operate at layer seven (the application
            layer) and can examine the actual protocol being used for
            communications - for example, HTTP. These firewalls are much
            more sensitive to suspicious activity related to the content of the
            message itself, not just the address information.

            Next-generation firewalls - sometimes called deep packet
            inspection are an enhancement to third-generation firewalls.
            They bring in the functionality of an IPS (Intrusion Prevention
            System) and will often inspect SSL or SSH connections.

            It is important to ensure that the firewall configurations are
            backed up regularly and reviewed to ensure that all rules are in
            the correct order, are documented, and that the firewall is tested
            on a scheduled basis.