SlideShare a Scribd company logo

Firewall fundamentals

Thang Man
Thang Man
Technology
1 of 19
Download to read offline
FIREWALL FUNDAMENTALS Mẫn Thắng manvanthang@gmail.com 9/24/2011
OBJECTIVES  Introduction to Firewall  Firewall Taxonomy  Firewall Architectures  Firewall Planning & Implementation  Firewall Limitations 2
INTRODUCTION  Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. 3
INTRODUCTION  What can firewalls do?  Manage and control network traffic  Authenticate access  Act as an intermediary  Protect resources  Record and report on events  Firewalls operate at Layers 2, 3, 4, and 7 of the OSI model 4
INTRODUCTION  How does a firewall work? deny/grant access based on the rules pre-defined by admin 5
TAXONOMY  FW Products  Software ISA Server, Iptables, Comodo, ZoneAlarm,…  Appliance Cisco PIX, Checkpoint, SonicWall, WatchGuard,…  Integrated Multiple security functions in one single appliance: FW, IPS, VPN, Gateway Anti-virus/spam, data leak prevention…  Open vs. Closed Source FWs ipfw, ModSecurity, pfSense,… 6
TAXONOMY  FW Technologies  Host-based (or Personal) FW Windows FW, Firestarter,…  Network FW  (Simple) Packet Filtering  Stateful Inspection  Application FWs  Application-Proxy Gateways  Dedicated Proxy Servers  Transparent (Layer-2) FWs 7
TAXONOMY  FW Technologies  Others (Network FW)  NAT (it is actually a routing technology)  VPN  Network Access Control/Protection (NAC/NAP)  Web Application FW  Firewalls for Virtual Infrastructures  Unified Threat Management (UTM) 8
ARCHITECTURES  Single-Box  Screening router 9
ARCHITECTURES  Single-Box  Dual-homed host 10
ARCHITECTURES  Screened host 11
ARCHITECTURES  Screened subnet 12
ARCHITECTURES  DMZ  Single (Three legged) firewall Firewall 13
ARCHITECTURES  DMZ  Dual firewall Internal FW External FW 14
PLANNING & IMPLEMENTATION Plan Manage Configure Deploy Test 15
LIMITATIONS  What a firewall CAN’T protect against:  viruses/malwares  internal threats (disgruntled workers, poor security policy…)  attacks that do not traverse the firewall (social engineering, personal modems or unauthorized wireless connections…)  attacks on services that are allowed through the firewall (HTTP, SMTP, FTP…) 16
CONCLUSION  Firewalls are an integral part of any Defense in Depth strategy 17
REFERENCES [1] Firewall Fundamentals, Cisco Press (2006) [2] Tactical Perimeter Defense, Element K (2007) [3] Module 16 of CEH v7, EC-Council (2010) [4] Building Internet Firewalls 2nd Edition, O'Reilly (2000) [5] Guidelines on Firewalls and Firewall Policy, NIST (2009) 18
THANKS FOR YOUR ATTENTION! Q&A 19

Recommended

Vpn
VpnVpn
Vpnmalekoff
 
projet sur le vpn presentation
projet sur le vpn presentationprojet sur le vpn presentation
projet sur le vpn presentationManuel Cédric EBODE MBALLA
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data CenterFibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data CenterStuart Miniman
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1Nil Menon
 
Les Vpn
Les VpnLes Vpn
Les Vpnmedalaa
 
Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN . Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN .Mouad Lousimi
 

Recommended

Vpn
VpnVpn
Vpnmalekoff
 
projet sur le vpn presentation
projet sur le vpn presentationprojet sur le vpn presentation
projet sur le vpn presentationManuel Cédric EBODE MBALLA
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data CenterFibre Channel over Ethernet (FCoE), iSCSI and the Converged Data Center
Fibre Channel over Ethernet (FCoE), iSCSI and the Converged Data CenterStuart Miniman
 
Fortigate Training
Fortigate TrainingFortigate Training
Fortigate TrainingNCS Computech Ltd.
 
CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1CCNA 1 Routing and Switching v5.0 Chapter 1
CCNA 1 Routing and Switching v5.0 Chapter 1Nil Menon
 
Les Vpn
Les VpnLes Vpn
Les Vpnmedalaa
 
Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN . Rapport mise en place d'un sevrer VPN .
Rapport mise en place d'un sevrer VPN .Mouad Lousimi
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Alphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Firewall basics
Firewall basicsFirewall basics
Firewall basicsFredrick Hall
 
Chapter 4
Chapter 4Chapter 4
Chapter 4Amy McMullin
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4Nil Menon
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
 
Wlan security
Wlan securityWlan security
Wlan securitySajan Sahu
 
Firewall
FirewallFirewall
FirewallMudasser Afzal
 
Firewall
FirewallFirewall
FirewallApo
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1VISHNU N
 
IoT Security
IoT SecurityIoT Security
IoT SecurityPeter Waher
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Vpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientVpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientManassé Achim kpaya
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall EssentialsSylvain Maret
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 

More Related Content

What's hot

Alphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4Nil Menon
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsUday Bhatia
 
Firewall
FirewallFirewall
FirewallApo
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1VISHNU N
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Vpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientVpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientManassé Achim kpaya
 

What's hot (20)

Firewall
Firewall Firewall
Firewall
 
Alphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référenceAlphorm.com Formation pfSense: Le firewall open source de référence
Alphorm.com Formation pfSense: Le firewall open source de référence
 
Firewall
FirewallFirewall
Firewall
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4CCNA 2 Routing and Switching v5.0 Chapter 4
CCNA 2 Routing and Switching v5.0 Chapter 4
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
How Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptionsHow Secure are IPsec and SSL VPN encryptions
How Secure are IPsec and SSL VPN encryptions
 
Wlan security
Wlan securityWlan security
Wlan security
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1
 
IoT Security
IoT SecurityIoT Security
IoT Security
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Vpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et clientVpn d’acces avec cisco asa 5500 et client
Vpn d’acces avec cisco asa 5500 et client
 
Dmz
Dmz Dmz
Dmz
 

Viewers also liked

Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationKaveh Khosravi
 
Overview of Linux
Overview of LinuxOverview of Linux
Overview of LinuxThang Man
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70symple9
 
PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3series09
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesElsa Cariello
 
Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Kaveh Khosravi
 
basic it presentation........
basic it presentation........basic it presentation........
basic it presentation........vlsaroj
 
Ipv4 & ipv6
Ipv4 & ipv6Ipv4 & ipv6
Ipv4 & ipv6alibefkani
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration TestingChirag Jain
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsAnthony Daniel
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies sushmil123
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dnsAnand Grewal
 

Viewers also liked (20)

Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetation
 
Overview of Linux
Overview of LinuxOverview of Linux
Overview of Linux
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70
 
PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for Dummies
 
Check Point sizing security
Check Point sizing securityCheck Point sizing security
Check Point sizing security
 
Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1
 
tcpip
tcpiptcpip
tcpip
 
basic it presentation........
basic it presentation........basic it presentation........
basic it presentation........
 
Ipv4 & ipv6
Ipv4 & ipv6Ipv4 & ipv6
Ipv4 & ipv6
 
TCP/IP
TCP/IPTCP/IP
TCP/IP
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
checkpoint
checkpointcheckpoint
checkpoint
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and Benefits
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
 

Similar to Firewall fundamentals

Firewall
FirewallFirewall
FirewallApo
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdfImXaib
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network securityVikram Khanna
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptRevanth71
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfjibinsh
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...Pranav Gontalwar
 

Similar to Firewall fundamentals (20)

Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
 
Firewall
FirewallFirewall
Firewall
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
 

More from Thang Man

Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Thang Man
 
OpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewOpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewThang Man
 
Lesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingLesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingThang Man
 
Lesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingLesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingThang Man
 
Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Thang Man
 
Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Thang Man
 
Lesson 3 - Linux File System
Lesson 3 - Linux File SystemLesson 3 - Linux File System
Lesson 3 - Linux File SystemThang Man
 
Lesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentLesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentThang Man
 
Lesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxLesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxThang Man
 
Building Trusted Network
Building Trusted NetworkBuilding Trusted Network
Building Trusted NetworkThang Man
 

More from Thang Man (10)

Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016
 
OpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewOpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical Overview
 
Lesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingLesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic Networking
 
Lesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingLesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell Programming
 
Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)
 
Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)
 
Lesson 3 - Linux File System
Lesson 3 - Linux File SystemLesson 3 - Linux File System
Lesson 3 - Linux File System
 
Lesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentLesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line Environment
 
Lesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxLesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & Linux
 
Building Trusted Network
Building Trusted NetworkBuilding Trusted Network
Building Trusted Network
 

Recently uploaded

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Firewall fundamentals

  • 1. FIREWALL FUNDAMENTALS Mẫn Thắng manvanthang@gmail.com 9/24/2011
  • 2. OBJECTIVES  Introduction to Firewall  Firewall Taxonomy  Firewall Architectures  Firewall Planning & Implementation  Firewall Limitations 2
  • 3. INTRODUCTION  Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. 3
  • 4. INTRODUCTION  What can firewalls do?  Manage and control network traffic  Authenticate access  Act as an intermediary  Protect resources  Record and report on events  Firewalls operate at Layers 2, 3, 4, and 7 of the OSI model 4
  • 5. INTRODUCTION  How does a firewall work? deny/grant access based on the rules pre-defined by admin 5
  • 6. TAXONOMY  FW Products  Software ISA Server, Iptables, Comodo, ZoneAlarm,…  Appliance Cisco PIX, Checkpoint, SonicWall, WatchGuard,…  Integrated Multiple security functions in one single appliance: FW, IPS, VPN, Gateway Anti-virus/spam, data leak prevention…  Open vs. Closed Source FWs ipfw, ModSecurity, pfSense,… 6
  • 7. TAXONOMY  FW Technologies  Host-based (or Personal) FW Windows FW, Firestarter,…  Network FW  (Simple) Packet Filtering  Stateful Inspection  Application FWs  Application-Proxy Gateways  Dedicated Proxy Servers  Transparent (Layer-2) FWs 7
  • 8. TAXONOMY  FW Technologies  Others (Network FW)  NAT (it is actually a routing technology)  VPN  Network Access Control/Protection (NAC/NAP)  Web Application FW  Firewalls for Virtual Infrastructures  Unified Threat Management (UTM) 8
  • 9. ARCHITECTURES  Single-Box  Screening router 9
  • 10. ARCHITECTURES  Single-Box  Dual-homed host 10
  • 11. ARCHITECTURES  Screened host 11
  • 12. ARCHITECTURES  Screened subnet 12
  • 13. ARCHITECTURES  DMZ  Single (Three legged) firewall Firewall 13
  • 14. ARCHITECTURES  DMZ  Dual firewall Internal FW External FW 14
  • 15. PLANNING & IMPLEMENTATION Plan Manage Configure Deploy Test 15
  • 16. LIMITATIONS  What a firewall CAN’T protect against:  viruses/malwares  internal threats (disgruntled workers, poor security policy…)  attacks that do not traverse the firewall (social engineering, personal modems or unauthorized wireless connections…)  attacks on services that are allowed through the firewall (HTTP, SMTP, FTP…) 16
  • 17. CONCLUSION  Firewalls are an integral part of any Defense in Depth strategy 17
  • 18. REFERENCES [1] Firewall Fundamentals, Cisco Press (2006) [2] Tactical Perimeter Defense, Element K (2007) [3] Module 16 of CEH v7, EC-Council (2010) [4] Building Internet Firewalls 2nd Edition, O'Reilly (2000) [5] Guidelines on Firewalls and Firewall Policy, NIST (2009) 18
  • 19. THANKS FOR YOUR ATTENTION! Q&A 19