Skip to content

JA3. Firewalls and Access Control

Statement

Describe the most interesting facts you learned about Firewalls and Access Control (think about reasons why you noticed these facts, your impression, and your plans for further exploration of firewalls and access control).

Solution

Firewalls and Access control are two of the most important topics in security. A firewall is an actual hardware or software, while access control is a concept that can be implemented in many ways, including firewalls, intrusion detection systems, and even web applications. Below is a list of some interesting facts I learned while reading this week’s material:

Firewalls are just an implementation of access control, exactly Rule-based Access Control. RBAC grants access based on a set of rules that may take into account the user, resource, action, and even the environment. Running all these data against the rule set decides whether the access is granted or not. In a sense, firewalls are just a very specific implementation of RBAC, but they run on individual packets instead of the much more context-rich data that RBAC usually has (Everything Security, 2019).

Firewalls have been around for a very long time. The first firewall proposal, or packet filter, came in 1989 by Jeff Mogul of Digital Equipment Corp (DEC); the internet was not a thing at the time, but still, people thought they needed security practices to save their data; so nowadays, it is more than necessary to have a firewall(s) in any network. The first web application firewall came in 2006 (OSTEC, 2015).

Firewalls can work at every layer of the OSI model. The first generation of firewalls worked only on the first three layers (the network layer) of the OSI model, but starting from the third generation, application layers firewalls were able to work at any layer of the OSI model (GreeksforGreeks, 2019).

Firewalls can work for both networks or hosts. Network-based firewalls are placed behind the router, thus they can protect and monitor all hosts in the network at once; host-based firewalls are placed in the host itself, thus they can protect only that host (GreeksforGreeks, 2019).

Access control is usually implemented in the web world without thinking about it. Web developers who are not security experts (especially in Web 2.0) need to make their apps accessible to users, and those users need not step on each other’s feet or modify data they don’t own; thus, the various authentication and authorization methods implemented in the web world like OAuth, OpenID, JWT, Bearers, etc. All of these methods implement some sort of hybrid access control model, that takes a piece of every model (DAC, MAC, RBAC, ABAC, etc.).

DAC is the most common access control model. Discretionary Access Control relies on the owner of a resource to decide who can access it and how; it is the most flexible model, easy to implement, and decentralized, which represents all the characteristics that the businesses of today need to move fast (Risk, 2021).

MAC is used in SELinux. Mandatory Access Control is the opposite of DAC, it is centralized, and depends on Classification, clearance, and compartments; it is used in the military. However, it is also used in SELinux, which is a security-enhanced Linux kernel that was developed by the National Security Agency (NSA) and integrated into the Linux kernel in 2003 (RedHat, 2019).

Reference