what is an asymmetric firewall?

Posted on by hecsan9634

This one time in an Interview, someone asked me what is an asymmetric firewall, I swear I found my self like a deer hit the headlights because I didn’t know what the person meant. LOL! Sorry! Opps!

I am not a technical person, While competing at the National Level at the Collegiate Cyber Defense Competition (CCDC ) back in the days or if you are a network administrator, I highly doubt you use that term to 1) monitor the traffic, 2) find bad actors in your system 3) check firewall rules 4) check the permissions of an user. or 5) maintain the availability, confidentiality, and integrity of a systems while also meeting the business needs of an organization.

In reality there is a lot of Abstraction that I don’t know, but I am getting better!

Keep in mind that I do run a firewall at home and also practice with different ones. It is something that has no meaning for me meaning the actual term ” asymmetric ” , in addition to that I guess I would call windows defender asymmetric because you can control what comes in and what goes out of your system. So Probably I know what it was but I am not a bullshitter so I just kept myself cool because back then I never heard the term.

Just because I want to redeem myself here is what an asymmetric firewall is:

What is an asymmetric firewall?

An asymmetric firewall is a type of firewall that uses different rules for incoming and outgoing network traffic.

In an asymmetric firewall, the rules for incoming traffic may be more strict than the rules for outgoing traffic. This can be useful for protecting a network from external threats, but can also make it more difficult for users on the protected network to access certain types of content or services on the internet.

Asymmetric firewalls are typically used in environments where the primary concern is protecting the internal network from external threats, rather than controlling access to the internet from within the network. They are commonly used in enterprise and government networks, where security is a high priority.

I have written a script in Python to add Ips to the windows firewall but to add a new rule to the Windows firewall using PowerShell, you can use the New-NetFirewallRule cmdlet.

Here is an example of how to use this cmdlet to create a new rule that allows incoming traffic on TCP port 80 (HTTP):

New-NetFirewallRule -DisplayName "Allow HTTP from 192.168.1.0/24" -Direction Inbound -Protocol TCP -LocalPort 80 -RemoteAddress 192.168.1.0/24 -Action Allow

Below is the code broken down. 



# Create a new firewall rule
New-NetFirewallRule 

# Give the rule a display name
-DisplayName "Allow HTTP" 

# Specify that the rule applies to incoming traffic
-Direction Inbound 

# Specify the protocol as TCP
-Protocol TCP 

# Specify the local port as 80
-LocalPort 80 

# Allow incoming traffic that matches the rule
-Action Allow

This will create a new firewall rule with the display name “Allow HTTP” that allows incoming traffic on TCP port 80.

You can also use the -RemoteAddress parameter to specify a specific IP address or range of addresses that the rule should apply to. For example:

New-NetFirewallRule -DisplayName "Allow HTTP from 192.168.1.0/24" -Direction Inbound -Protocol TCP -LocalPort 80 -RemoteAddress 192.168.1.0/24 -Action Allow

Below is the code commented: 

# Create a new firewall rule
New-NetFirewallRule 

# Give the rule a display name
-DisplayName "Allow HTTP from 192.168.1.0/24" 

# Specify that the rule applies to incoming traffic
-Direction Inbound 

# Specify the protocol as TCP
-Protocol TCP 

# Specify the local port as 80
-LocalPort 80 

# Specify the remote IP address range as 192.168.1.0/24
-RemoteAddress 192.168.1.0/24 

# Allow incoming traffic that matches the rule
-Action Allow

This will create a new firewall rule that allows incoming traffic on TCP port 80 from the IP address range 192.168.1.0 to 192.168.1.255.

You can use the Get-Help cmdlet to learn more about the New-NetFirewallRule cmdlet and see a list of all available parameters.

It is important to know how to add rules to the firewall because the firewall is an important security feature that helps to protect your network and computers from unauthorized access and attacks. By adding rules to the firewall, you can control which types of traffic are allowed to pass through the firewall and which are blocked.

For example, you might want to allow incoming traffic on certain ports for certain services (such as HTTP for a web server), but block incoming traffic on other ports to prevent unauthorized access. You might also want to block incoming traffic from specific IP addresses or ranges if you know that they are associated with malicious activity.

I hope this helps someone out there. I used to used Wireshark in Competition and what I would do is just get the IP addresses that I do not know from there and just pass it to the whole team, that way they can add it to their systems and I just add it to my fire wall. I have also used in the past but in Linux Systems ” IP Tables” . I think It is easier to just write the script in a text file and as you get the IP Addresses just add it to the text file, copy and paste! BANG!!! That easy, Now a days I bet I can just automate everything and save time writing that stuff. I am not lazy, I just try to work smart and not hard.

IP Tables are solid when it comes to defending a Linux System. I guess I would have to write something in my blog about IP Tables in the near future and what tools I used in the past during cyber competitions.

Any way: Here are a few resources that you can use to learn more about Windows Firewall and PowerShell:

PEACE!

What are some stuff you forgot during an interview? in the same interview I forgot what is a network packet, haha! Keep in mind I can code a port scanner but I can’t remember some stuff to save my life. I am not technical when it comes to some stuff, I like to keep stuff stupid and simple. How Do you eat an elephant? One Bite at a time! Ha!!

Published by hecsan9634