Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
178
Views
1
Helpful
2
Replies

access list

Go to solution
krutiksojitra567
Level 1
Level 1

‎05-16-2024 12:06 AM

can we consider access list as a software firewall?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎05-16-2024 01:31 AM

Hello @krutiksojitra567 

Access lists can be considered a form of software firewall, especially in the context of network security. Access lists are used in networking devices such as routers and switches to control the flow of traffic based on predefined criteria like source IP address, destination IP address, port numbers, etc.

They work by allowing or denying packets based on these criteria, thereby acting as a barrier between different parts of a network or between a network and the outside world. This control over traffic flow effectively serves the purpose of a firewall, albeit at a more basic level compared to dedicated firewall software or appliances.

However, access lists typically operate at lower layers of the OSI model (usually Layers 3 and 4), focusing on network and transport layer protocols such as IP and TCP/UDP. Modern software firewalls often provide more advanced features including application layer filtering, deep packet inspection, and intrusion prevention capabilities, which may not be available in traditional access lists.

To go further, there's a distinction between stateful and stateless firewalls, as well as ACLs.

A stateful firewall maintains a state table that keeps track of the state of active connections passing through it. It monitors the state of active connections and makes decisions based on the context of the traffic flow. For example, if a packet is part of an established connection or a related connection (such as a response to an outbound request), the firewall allows it through. Stateful firewalls are more intelligent and can make more granular decisions compared to stateless firewalls.

A stateless firewall, like an ACL, filters packets based solely on predetermined criteria such as source and destination addresses, ports, or protocols. It doesn't maintain any information about the state of connections. Each packet is evaluated independently without any awareness of whether it's part of an established connection or not.

Stateless firewalls are typically defined in contrast to stateful firewalls. The main difference between these two types of firewalls lies in the fact that stateful firewalls track certain information about the current state of an active network connection, whereas stateless firewalls do not.

This point is important because it allows stateful firewalls to identify and block seemingly legitimate but malicious traffic. For example, the TCP handshake involves a SYN packet from the client followed by a SYN/ACK packet from the server followed by an ACK packet from the client. If an attacker sends an ACK packet to a corporate server that is not in response to a SYN/ACK, a stateful firewall will block it, but a stateless firewall will not. This means that stateless firewalls will overlook certain types of network analysis and other attacks that stateful firewalls could detect and block.

ACLs are indeed stateless by nature. They operate on a packet-by-packet basis, without maintaining any information about the state of connections. This means that each packet is evaluated in isolation based on the criteria specified in the ACL rules.

So, while access lists can provide basic filtering capabilities similar to a stateless firewall, they lack the ability to make decisions based on the state of connections, which is a key feature of stateful firewalls.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

2 Replies 2

Go to solution
MHM Cisco World
VIP
VIP

‎05-16-2024 12:13 AM - edited ‎05-16-2024 01:54 AM

NO

the firewall is statfull
ACL is statless 
there is different 

in simple words
FW have capability to detect traffic direction and open hole in it ACL 
the ACL dont have such as these capability except one ACL which is TCP ACL, this ACL can use established keyword to make hole in ACL.

MHM

0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎05-16-2024 01:31 AM

Hello @krutiksojitra567 

Access lists can be considered a form of software firewall, especially in the context of network security. Access lists are used in networking devices such as routers and switches to control the flow of traffic based on predefined criteria like source IP address, destination IP address, port numbers, etc.

They work by allowing or denying packets based on these criteria, thereby acting as a barrier between different parts of a network or between a network and the outside world. This control over traffic flow effectively serves the purpose of a firewall, albeit at a more basic level compared to dedicated firewall software or appliances.

However, access lists typically operate at lower layers of the OSI model (usually Layers 3 and 4), focusing on network and transport layer protocols such as IP and TCP/UDP. Modern software firewalls often provide more advanced features including application layer filtering, deep packet inspection, and intrusion prevention capabilities, which may not be available in traditional access lists.

To go further, there's a distinction between stateful and stateless firewalls, as well as ACLs.

A stateful firewall maintains a state table that keeps track of the state of active connections passing through it. It monitors the state of active connections and makes decisions based on the context of the traffic flow. For example, if a packet is part of an established connection or a related connection (such as a response to an outbound request), the firewall allows it through. Stateful firewalls are more intelligent and can make more granular decisions compared to stateless firewalls.

A stateless firewall, like an ACL, filters packets based solely on predetermined criteria such as source and destination addresses, ports, or protocols. It doesn't maintain any information about the state of connections. Each packet is evaluated independently without any awareness of whether it's part of an established connection or not.

Stateless firewalls are typically defined in contrast to stateful firewalls. The main difference between these two types of firewalls lies in the fact that stateful firewalls track certain information about the current state of an active network connection, whereas stateless firewalls do not.

This point is important because it allows stateful firewalls to identify and block seemingly legitimate but malicious traffic. For example, the TCP handshake involves a SYN packet from the client followed by a SYN/ACK packet from the server followed by an ACK packet from the client. If an attacker sends an ACK packet to a corporate server that is not in response to a SYN/ACK, a stateful firewall will block it, but a stateless firewall will not. This means that stateless firewalls will overlook certain types of network analysis and other attacks that stateful firewalls could detect and block.

ACLs are indeed stateless by nature. They operate on a packet-by-packet basis, without maintaining any information about the state of connections. This means that each packet is evaluated in isolation based on the criteria specified in the ACL rules.

So, while access lists can provide basic filtering capabilities similar to a stateless firewall, they lack the ability to make decisions based on the state of connections, which is a key feature of stateful firewalls.

 

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
Customers Also Viewed These Support Documents