Firewall
Upcoming SlideShare
Loading in...5
×
 

Firewall

on

  • 1,766 views

Hai...!! Here the powerpoint gives you a clear idea about Firewall and its types..

Hai...!! Here the powerpoint gives you a clear idea about Firewall and its types..
Make use of it..

Statistics

Views

Total Views
1,766
Views on SlideShare
1,761
Embed Views
5

Actions

Likes
4
Downloads
182
Comments
0

1 Embed 5

https://ucmo.blackboard.com 5

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Firewall Firewall Presentation Transcript

  • Definition A firewall is a hardware or software designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass. Firewalls Can Perform Basic Routing Functions
  • Hardware & Software Firewall Figure 1: Hardware Firewall. Hardware firewall providing protection to a Local Area Network.   Figure 1: Hardware Firewall. Hardware firewall providing protection to a Local Area Network.   Figure 2: Computer with Firewall Software. Computer running firewall software that provide protection to PC..etc.,   Figure 2: Computer with Firewall Software. Computer running firewall software that provide protection to PC..etc.,  
  • History The Morris Worm spread itself through multiple vulnerabilities in the machines of the time. The Morris Worm was the first large scale attack on Internet security; the online community was neither expecting an attack nor prepared to deal with one. First generation: Packet Filters Second generation: Application Level Gateway Third generation: "Stateful" Filters
  • First Generation : Packet Filters ( Relativesimplicity and easeof implementation. ) A packet is a series ofA packet is a series of digital numbersdigital numbers basically,basically, a.a.The data,The data, acknowledgment,acknowledgment, request or commandrequest or command from the originatingfrom the originating systemsystem b.b.The source IPThe source IP address and portaddress and port c.c.The destination IPThe destination IP address and portaddress and port d.d.Information aboutInformation about the protocol (set ofthe protocol (set of rules) by which therules) by which the packet is to be handledpacket is to be handled In packet filtering, only the protocol and the address information of each packet is examined. Its contents and context (its relation to other packets and to the intended application) are ignored. Filtering consists of examining incoming or outgoing packets and allowing or disallowing their transmission or acceptance on the basis of a set of configurable rules, called policies. Packet filtering policies may be based upon any of the following: Allowing or disallowing packets on the basis of the source IP address Allowing or disallowing packets on the basis of their destination port Allowing or disallowing packets according to protocol.
  • II Generation : Application level Gateway ( Much moresecureand reliablecompared to packet filter firewalls) The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol, DNS, or web browsing) Works on all seven layers of the OSI model, from the application down to the physical Layer. Good examples of application firewalls are MS-ISA (Internet Security and Acceleration) server, McAfee Firewall Enterprise & Palo Alto PS Series firewalls. An application firewall can filter higher- layer protocols such as FTP, Telnet, DNS, DHCP, HTTP, TCP, UDP and TFTP For example, if an organization wants to block all the information related to "fool" then content filtering can be enabled on the firewall to block that particular word.
  • Third Generation : Stateful Filters From 1989-1990 three colleagues from AT&T Bell Laboratories, Dave Presetto, Janardan Sharma, and Kshitij Nigam, developed the third generation of firewalls, calling them Circuit Level Firewalls This technology is generally referred to as a stateful packet inspection as it maintains records of all connections passing through the firewall and is able to determine whether a packet is the start of a new connection, a part of an existing connection, or is an invalid packet. This type of firewall can actually be exploited by certain Denial-of-service attacks which can fill the connection tables with illegitimate connections.
  • Subsequent Developments
  • Methods to Attack or View Computer Data:
  • Basic Types Of Firewalls: Conceptually, there are two types of firewalls: Network layer Application layer Network layer Firewall : Generally make their decisions based on the source, destination addresses and ports in individual IP packets. A simple router is the ``traditional'' network layer firewall Many network layer firewalls is that they route traffic directly though them, so to use one you either need to have a validly assigned IP address block or to use a “private internet” address block . Network layer firewalls tend to be very fast and tend to be very transparent to users.
  • In a screened host firewall, access to and from a single host is controlled by means of a router operating at a network layer. The single host is a bastion host; a highly-defended and secured strong- point that (hopefully) can resist attack. In a screened subnet firewall, access to and from a whole network is controlled by means of a router operating at a network layer. It is similar to a screened host, except that it is, effectively, a network of screened hosts.
  • Application Layer Firewall : This can be used as network address translators, since traffic goes in one ``side'' and out the other, after having passed through an application that effectively masks the origin of the initiating connection. Not particularly transparent to end users and may require some training. Modern application layer firewalls are often fully transparent. Application layer firewalls tend to provide more detailed audit reports and tend to enforce more conservative security models than network layer firewalls. Example Application layer firewall: an application layer firewall called a ``dual homed gateway'' is represented. A dual homed gateway is a highly secured host that runs proxy software. It has two network interfaces, one on each network, and blocks all traffic passing through it.
  • DMZ : Demilitarized Zone It is a physical or logical subnetwork that contains and exposes an organization's external services to a larger untrusted network, usually the Internet. It is sometimes referred to as a perimeter network Hosts in the DMZ have limited connectivity to specific hosts in the internal network, firewall controls the traffic between the DMZ servers and the internal network clients. A DMZ configuration typically provides security from external attacks, but it typically has no bearing on internal attacks such as sniffing communication via a packet analyzer or spoofing such as e- mail spoofing.
  • Single Firewall & Dual Firewall I- ISP to Firewall II- Internal Network III- DMZ The firewall becomes a single point of failure for the network and must be able to handle all of the traffic going to the DMZ as well as the internal network. 3 interfaces A more secure approach is to use two firewalls to create a DMZ The first firewall -"front-end" firewall The second firewall - "back-end" firewall This architecture is, of course, more costly. The practice of using different firewalls from different vendors is sometimes described as a component of a "defence in depth" security strategy.
  • Top 10 Firewalls
  • Benefits of Firewall Firewalls protect private local area networks from hostile intrusion from the Internet. Firewalls allow network administrators to offer access to specific types of Internet services to selected LAN users. This selectivity is an essential part of any information management program, and involves not only protecting private information assets, but also knowing who has access to what. Privileges can be granted according to job description and need rather than on an all-or-nothing basis.
  • Conclusion A solid firewall will help you stop intruders from accessing your system. we keep our internet link to the outside world but the outside world can't view us unless we want them to. With a firewall in place we will still have typical email access, but chat and other interactive programs will require you to take an extra step to grant access before we can use them. A firewall is powerful but unobtrusive, just like a deadbolt lock inside a door.