Cyber Security Interview Prep. Q5: "Firewalls Part 1"

Category: Security

What is a firewall? What are the different types? What is the difference between a stateless and stateful firewall?

My answer:

A firewall is a device that sits somewhere on a network and monitors the traffic passing through it. Based on what rules the firewall is set up with, it can allow packets through or block them. By blocking anything suspected of being malware, it boosts an organisation's security.

Firewalls can be packet filtering types, which are more traditional, or they can be newer ones such as NGFWs (Next-Generation Firewalls) and SMLI firewalls (Stateful Multi Layer Inspection).

Within the packet filtering category, firewalls can either be stateful or stateless.

Stateful firewalls are more secure, and have a "memory" that will remember previous packets that have passed through the firewall. This allows the firewall to derive more meaning from a collection of packets, allowing it to "connect the dots" to better detect potential malware. This added context-based detection makes it harder to craft malware to overcome/circumvent such a firewall.

Stateless firewalls are less secure than stateful ones, as each packet is monitored and inspected individually, with the firewall not able to build any context between groups of packets. This makes it easier to craft malware that can circumvent such firewalls.

Note that there is much more to talk about when it comes to firewalls, even at the surface level, but the above answer is more than enough to start off with, and from there, you could offer to provide more details if they ask for it, or the interviewer may choose to move on to something completely different. In each case, you give the interviewer the option of steering in whatever direction they'd like to go next.