 A firewall forms a barrier through which the traffic going in each direction
must pass. A firewall security policy dicta...
◦ All traffic from inside to outside and vice versa, must pass
through the firewall (physically blocking all access to the...
 Service control
◦ Determines the types of Internet services that can be accessed,
inbound or outbound.
 Direction contr...
 cannot protect against attacks bypassing it.
◦ eg sneaker net, utility modems.
 cannot protect against internal threats...
 What Is Firewall?
 Name The Techniques Involved In Firewall?
 Explain any two techniques?
 Any Two Limitations Of Fir...
 Three common types of Firewalls:
◦ Packet-filtering routers
◦ Application-level gateways
◦ Circuit-level gateways
◦ Bast...
◦ Applies a set of rules to each incoming IP packet
and then forwards or discards the packet.
◦ Filter packets going in bo...
 Advantages:
◦ Simplicity
◦ Transparency to users
◦ High speed
 Disadvantages:
◦ Difficulty of setting up packet filter ...
 Possible attacks and appropriate countermeasures
◦ IP address spoofing
◦ Source routing attacks
◦ Tiny fragment attacks
 examine each IP packet in context
– keeps tracks of client-server sessions
– checks each packet validly belongs to one
...
 Application-level Gateway
◦ Also called proxy server.
◦ Acts as a relay of application-level traffic.
 Advantages:
◦ Hi...
 Circuit-level Gateway
◦ Stand-alone system or
◦ Specialized function performed by an The
gateway typically Application-l...
◦ A system identified by the firewall
administrator as a critical strong point in the
network´s security.
◦ The bastion ho...
What are the types of firewall?
 What is packet filter?
 Name the possible attacks involved in packet
filter?
 What is Application level gateway?
 wha...
 In addition to the use of simple configuration of a
single system (single packet filtering router or single
gateway), mo...
 Screened host firewall system (single-homed bastion
host)
 Screened host firewall syste (dual-homed bastion host)
 Scr...
Screened host firewall, single-homed bastion
configuration
 Firewall consists of two systems:
◦ A packet-filtering router...
Screened host firewall, dual-homed
bastion configuration
◦ The packet-filtering router is not completely
compromised.
◦ Tr...
 Screened subnet firewall configuration
◦ Most secure configuration of the three.
◦ Two packet-filtering routers are used...
 Advantages:
◦ Three levels of defense to thwart intruders.
◦ The outside router advertises only the existence
of the scr...
• given system has identified a user
• determine what resources they can access
• general model is that of access matrix w...
• information security is increasingly important
• have varying degrees of sensitivity of information
– cf military info c...
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Firewall
Upcoming SlideShare
Loading in...5
×

Firewall

143

Published on

Published in: Internet, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
143
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Firewall

  1. 1.  A firewall forms a barrier through which the traffic going in each direction must pass. A firewall security policy dictates which traffic is authorized to pass in each direction.  Firewall is an effective means of protecting a local system or network of systems from network based security threats while at the same time affording access to outside world via WAN or Internet.
  2. 2. ◦ All traffic from inside to outside and vice versa, must pass through the firewall (physically blocking all access to the local network except via the firewall). ◦ Only authorized traffic (defined by the local security policy) will be allowed to pass.
  3. 3.  Service control ◦ Determines the types of Internet services that can be accessed, inbound or outbound.  Direction control ◦ Determines the direction in which particular service requests are allowed to flow through the firewall.  User control ◦ Controls access to a service according to which user is attempting to access it.  Behavior control ◦ Controls how particular services are used (e.g. filter e-mail).
  4. 4.  cannot protect against attacks bypassing it. ◦ eg sneaker net, utility modems.  cannot protect against internal threats. ◦ eg disgruntled employee  cannot protect against transfer of all virus infected programs or files. ◦ because of huge range of O/S & file types
  5. 5.  What Is Firewall?  Name The Techniques Involved In Firewall?  Explain any two techniques?  Any Two Limitations Of Firewall?
  6. 6.  Three common types of Firewalls: ◦ Packet-filtering routers ◦ Application-level gateways ◦ Circuit-level gateways ◦ Bastion host
  7. 7. ◦ Applies a set of rules to each incoming IP packet and then forwards or discards the packet. ◦ Filter packets going in both directions. ◦ The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header. ◦ Two default policies (discard or forward).
  8. 8.  Advantages: ◦ Simplicity ◦ Transparency to users ◦ High speed  Disadvantages: ◦ Difficulty of setting up packet filter rules ◦ Lack of Authentication
  9. 9.  Possible attacks and appropriate countermeasures ◦ IP address spoofing ◦ Source routing attacks ◦ Tiny fragment attacks
  10. 10.  examine each IP packet in context – keeps tracks of client-server sessions – checks each packet validly belongs to one  better able to detect bogus packets out of context
  11. 11.  Application-level Gateway ◦ Also called proxy server. ◦ Acts as a relay of application-level traffic.  Advantages: ◦ Higher security than packet filters. ◦ Easy to log and audit all incoming traffic.  Disadvantages: ◦ Additional processing overhead on each connection (gateway as splice point).
  12. 12.  Circuit-level Gateway ◦ Stand-alone system or ◦ Specialized function performed by an The gateway typically Application-level Gateway ◦ Sets up two TCP connections ◦ relays TCP segments from one connection to the other without examining the contents
  13. 13. ◦ A system identified by the firewall administrator as a critical strong point in the network´s security. ◦ The bastion host serves as a platform for an application-level or circuit-level gateway.
  14. 14. What are the types of firewall?
  15. 15.  What is packet filter?  Name the possible attacks involved in packet filter?  What is Application level gateway?  what is circiut level gateway?  Difference between application and circiut level gateway?
  16. 16.  In addition to the use of simple configuration of a single system (single packet filtering router or single gateway), more complex configurations are possible.
  17. 17.  Screened host firewall system (single-homed bastion host)  Screened host firewall syste (dual-homed bastion host)  Screened-subnet firewall system
  18. 18. Screened host firewall, single-homed bastion configuration  Firewall consists of two systems: ◦ A packet-filtering router. ◦ A bastion host.  Configuration for the packet-filtering router: ◦ Only packets from and to the bastion host are allowed to pass through the router.  The bastion host performs authentication and proxy functions.
  19. 19. Screened host firewall, dual-homed bastion configuration ◦ The packet-filtering router is not completely compromised. ◦ Traffic between the Internet and other hosts on the private network has to flow through the bastion host.
  20. 20.  Screened subnet firewall configuration ◦ Most secure configuration of the three. ◦ Two packet-filtering routers are used. ◦ Creation of an isolated sub-network.
  21. 21.  Advantages: ◦ Three levels of defense to thwart intruders. ◦ The outside router advertises only the existence of the screened subnet to the Internet (internal network is invisible to the Internet). ◦ The inside router advertises only the existence of the screened sub-net to the internal network ( the systems on the inside cannot construct direct routes to the internet.
  22. 22. • given system has identified a user • determine what resources they can access • general model is that of access matrix with – subject - active entity (user, process) – object - passive entity (file or resource) – access right – way object can be accessed
  23. 23. • information security is increasingly important • have varying degrees of sensitivity of information – cf military info classifications: confidential, secret etc • subjects (people or programs) have varying rights of access to objects (information) • want to consider ways of increasing confidence in systems to enforce these rights • known as multilevel security – subjects have maximum & current security level – objects have a fixed security level classification
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×