Firewalls-Intro

422 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
422
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Firewalls-Intro

  1. 1. FIREWALLS Aparna Bulusu Faculty, Dept of Comp Science St. Ann’s College for Women, Hyderabad
  2. 2. Agenda How Internet works  Potential Threats  Firewalls  Types of firewalls  Implementation aspects  Problems beyond firewalls  Tips for the home user 
  3. 3. Firewalls – The Basics  A firewall is a system or set of systems designed to : ◦ Permit or deny network ◦ ◦ ◦ ◦ transmissions Based upon a set of rules Used to protect networks from unauthorized access Permit legitimate communications to pass. In Effect - Enforces access control policy
  4. 4. How internet works –
  5. 5. A little more detail
  6. 6. The Packet
  7. 7. Problems..  Vulnerabilities typically exist at entry and exit points
  8. 8. Problems.. Remote login - When someone is able to connect to your computer and control it in some form. This can range from being able to view or access your files to actually running programs on your computer. Application backdoors - Some programs have special features that allow for remote access. Others contain bugs that provide a backdoor, or hidden access, that provides some level of control of the program. SMTP session hijacking -. By gaining access to a list of e-mail addresses, a person can send unsolicited junk e-mail (spam) to thousands of users Operating system bugs - Like applications, some operating systems have backdoors. Others provide remote access with insufficient security controls or have bugs that an experienced hacker can take advantage of. routing by default.
  9. 9. Problems… Denial of service What happens is that the hacker sends a request to the server to connect to it. By inundating a server with these unanswerable session requests, a hacker causes the server to slow to a crawl or eventually crash. E-mail bombs - An e-mail bomb is usually a personal attack. Someone sends you the same e-mail hundreds or thousands of times until your e-mail system cannot accept any more messages. Macros - To simplify complicated procedures, many applications allow you to create a script of commands that the application can run. This script is known as a macro. Hackers have taken advantage of this to create their own macros that, depending on the application, can destroy your data or crash your computer. Viruses - Probably the most well-known threat . A virus is a small program that can copy itself to other computers. This way it can spread quickly from one system to the next. Viruses range from harmless messages to erasing all of your data. Spam - Typically harmless but always annoying, spam is the electronic equivalent of junk mail. Especially if it contains links to Web sites. Redirect bombs - Hackers can use ICMP to change (redirect) the path
  10. 10. Basic types of Firewalls   Hardware/ Software firewalls Software ◦ Network Layer ◦ Application Layer ◦ Hybrids    Packet filtering - Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. Proxy service - Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa. Stateful inspection - compares certain key parts of the packet to a database of trusted information. Information travelling from inside the firewall to the outside is monitored for specific defining characteristics, then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.
  11. 11. Customizing Firewalls…         Firewall Configuration Firewalls are customizable. Add or remove filters based on several conditions. Some of these are: IP addresses -Based on IP Address Domain names: Block all access to certain domain names, or allow access only to specific domain names. Protocols -Include or exclude protocols in your filters ( TCP, IP, HTTP, FTP, UDP, SMTP, TELNET etc.) A company might set up only one or two machines to handle a specific protocol and ban that protocol on all other machines. Ports - Any server machine makes its services available to the Internet using numbered ports, For ex: Web server is typically available on port 80, and the FTP server is available on port 21. A company might block port 21 access on all machines but one inside the company.
  12. 12. Specific words and phrases - The firewall will sniff (search through) each packet of information for an exact match of the text listed in the filter. For example, you could instruct the firewall to block any packet with the word "X-rated" in it.  With a hardware firewall, the firewall unit itself is normally the gateway. A good example is the Linksys Cable/DSL router. It has a built-in Ethernet card and hub. You configure the router via a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information. 
  13. 13. Firewall technology – Packet Filtering Inspecting the "packets”  If a packet matches the packet filter's set of rules, the packet filter will  ◦ drop (silently discard) the packet ◦ reject it
  14. 14. Circuit level / Stateful filters Operates up to layer 4 (transport layer) of the OSI model.  Examine each data packet as well as its position within the data stream.  Records all connections passing through it to determine whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection.  Though static rules are still used, these rules can now contain connection state as one of their test criteria. 
  15. 15. Application layer filtering Can "understand" certain applications and protocols (such as File Transfer Protocol, DNS, or HTTP  Can detect if an unwanted protocol is sneaking through on a non-standard port  If a protocol is being abused in any harmful way. 
  16. 16. Network Address Translation (NAT)   Firewalls often have this functionality to hide the true address of protected hosts. The hosts protected behind a firewall commonly have addresses in the "private address range”.
  17. 17. Proxies A proxy server could be dedicated hardware or as software on a generalpurpose machine.  Acts as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. 
  18. 18. Hybrid…  Modern firewalls can filter traffic based on many packet attributes like source IP address, source port, destination IP address or port, destination service like WWW or FTP. They can filter based on protocols, TTL values, net block of originator, of the source, and many other attributes.
  19. 19. LAN INTERNET
  20. 20. What firewalls Accomplish  Prevent access to some web sites!!! ◦ Categories web sites         Adult/Sexually Explicit Advertisements & Pop-Ups Chat Gambling Games Hacking Peer-to-Peer …… ◦ Check by content type  .Exe / .Com  .Mid / .MP3 / .Wav  .Avi / .Mpeg / .Rm
  21. 21. Security..      Any system is only as secure as the people who use it. Education is the best way to ensure that users take appropriate precautions: Install personal firewalls for the client machines. Store confidential information in encrypted form. Encrypt the stream using the Secure Socket Layer (SSL) protocol to protect information flowing between the client and Web sites. Use appropriate password policies, firewalls, and routine external security audits.
  22. 22. Drawbacks.. Can only protect what goes through the firewall  Host to host authentication and encryption are not within the ambit of firewalls…  ◦ In Essence firewalls only deal with the kinds of connectivity allowed between different networks – Not with integrity and privacy of information      Cannot offer protection from trojan type attacks over IRC( Internet Relay Chat) No protection from data- driven attacks – malware, viruses etc. Overall security architecture must be strong for the firewall to be effective E.g. Use USB firewalling technology No Protection from Ignorance though - Never ever reveal sensitive information
  23. 23. In Summary.. Firewalls help protect your network from unauthorized access  Provide a single ‘choke point’ or bottleneck to impose security and audit  Provide important logging and auditing functions 
  24. 24. Tips for enhancing your online security Have robust passwords  Never download anything when you are not sure of the source  Keep your anti virus software updated  Always scan all material before use  Always log out of all your accounts  Never shop online without having you phishing filter on. 

×