Discuss the best ways of protecting an internal network using firewalls from the following attacks: * SMTP server hijacking * Bugs in operating systems * ICMP redirect bombs * Denial of service * Exploiting bugs in applications

Protecting an internal network from various attacks using firewalls involves configuring them to filter traffic based on specific threat models:

• SMTP server hijacking: Firewalls protect against SMTP server hijacking by restricting access to the mail server's port 25. Inbound SMTP traffic should only be allowed from trusted external mail servers. Outbound traffic can be limited to legitimate mail relays. This prevents unauthorized external entities from exploiting the server.
• Bugs in operating systems: Firewalls block access to vulnerable services and ports on internal operating systems. If an OS bug exists, a firewall prevents an attacker from reaching the vulnerable component. For example, if a server has a known vulnerability on a specific port, the firewall can drop all incoming connections to that port from untrusted networks. This minimizes the attack surface.
• ICMP redirect bombs: Firewalls filter or drop ICMP redirect messages originating from untrusted networks. ICMP redirect messages manipulate host routing tables, potentially misdirecting traffic. Blocking these messages at the perimeter prevents malicious actors from altering internal network routing paths.
• Denial of service (DoS): Firewalls mitigate DoS attacks using several mechanisms. Stateful packet inspection firewalls track connection states. They can drop malformed packets or excessive numbers of incomplete connection requests, such as SYN floods. Firewalls can also implement rate limiting for specific traffic types or sources, preventing a single source from overwhelming a service.
• Exploiting bugs in applications: While traditional packet filtering firewalls operate at lower network layers, application-layer firewalls, like Web Application Firewalls (WAFs), protect against application bugs. These firewalls inspect traffic at the application layer (e.g., HTTP/S). They understand the protocol and content, detecting and blocking malicious requests that exploit vulnerabilities. Examples include SQL injection, cross-site scripting (XSS), or buffer overflows, even on standard ports like 80 or 443.