Firewall

Purpose

A Firewall object is used to represent communication restrictions in a Router. One way of looking at a Firewall object is to see it as a set of rules used by the connected Router object. In order to allow a Dataflow to traverse a Router with a Firewall, you need to connect the Dataflow to either the Router or the Firewall.

Connections

Connections to Firewall
Connections to Firewall

 

ObjectConnectionDescriptionFunction
RouterFirewall Execution A Router is connected to a Firewall object to show that the Router has restrictions regarding what communication may traverse it.Can prevent Forwarding on the Router.
DataflowPermissionConnect a Dataflow to a Firewall to denote that the Dataflow is allowed to traverse the Router.Can prevent Forwarding on the Router.

Attack Steps and Defenses

Firewall Attack Steps and Defenses
Firewall Attack Steps and Defenses

 

Attack StepDescriptionLeads to
CompromiseThe possibility to control/own it.Router: Forwarding
Firewall: Disable
DiscoverEntranceThe possibility to find out what connections are allowed by the firewall rule set.Router: Forwarding

 

DefenseDescriptionImpactDefault
EnabledThis defense concerns whether the firewall is functioning and performs stateful inspection and packet filtering as expected.Can prevent Forwarding.On
KnownRuleSetThis defense concerns whether the firewall rule set is configured properly and known to the modeler.Prevents DiscoverEntrance.0.5