1. Access Control Lists (ACLs)
   1. A set of configured pattern matching rules that are applied against the headers of packet traffic as it enters (inbound) or exits (outbound) the port of the device.
   2. Traffic is either allowed (permitted) or filtered (denied) based on these configured rules.
      1. Explicit Allow:
         1. When packet traffic matches the permit statement of a configured ACL rule, it is considered matched and allowed to enter the network.
      2. Explicit Deny:
         1. When packet traffic matches the deny statement of a configured ACL rule, it is considered matched and filtered (discarded).
      3. Implicit Deny:
         1. If packet traffic fails to match configured permit or deny statements of configured ACL rules, the ACL fails closed, discarding all unmatched traffic by default.
2. Firewall Methodologies
   1. Firewall Generations:
      1. First Generation: Packet Filtering
      2. Second Generation: Stateful Filtering
      3. Third Generation: Application Filtering
      4. NGFW (Next Generation Firewall)
   2. Packet Filtering
      1. Inspects packets between computers.
      2. When a packet does not match the packet filter's set of filtering rules, the packet filter either:
         1. Drops (silently discards) the packet; or
         2. Rejects the packet (discards it and generates an Internet Control Message Protocol notification for the sender).
   3. Circuit-Level Gateway (Stateful Packet Inspection):
      1. Operates up to layer 4 (transport layer) of the OSI model. Retains packets in ingress until enough information is available to make a judgment about its state.
      2. Stateful vs Stateless
         1. Stateful:
            1. A stateful communication is one that remembers an exchange between two sources after that communication has ended.
         2. Stateless:
            1. A stateless communication is one that saves no information about the participants of a communication session.
   4. Application-Level Gateway (Application Firewall):
      1. Inspects traffic at the Application Layer. Detects unwanted applications attempting to bypass the firewall using a protocol on an allowed port
      2. Web Application Firewall (WAF):
         1. A specific type of application firewall used to protect servers (and their client sessions) from XSS and SQL injection, among other attacks, during HTTP sessions.
3. Perimeter Networks
   1. Firewalls often connect three types of networks, categorized by the trust of those networks relative to the organization:
      1. Internal Network
      2. External Network
      3. Demilitarized Zone (DMZ):
         1. Also referred to as a Perimeter Network
         2. The boundary between:
            1. The Customer Edge (CE):
            2. The private, locally managed-and-owned side of a network
            3. The Provider Edge (PE):
            4. The public, usually provider-managed side of a network
   2. List the three most common hardware firewall network configurations:
      1. 2-Leg Configuration
         1. A network security configuration where a single hardware firewall is used to protect the organization, as follows:
         2. Internal Network >> Firewall >> Internet Edge (ISP)
      2. 3-Leg Configuration
         1. A network security configuration where the DMZ is attached to a separate connection of the company firewall.
         2. This means the firewall has three connections:
            1. One to the company LAN
            2. One to the DMZ
            3. One to the Internet.
      3. Back-to-Back Configuration
         1. A network security configuration where two dedicated hardware firewalls are used to protect the organization, as follows:
         2. Internal Network >> Internal Firewall >> DMZ >> External Firewall >> Internet Edge (ISP)