To provide background on hardware and software firewalls, how they work and how they should be configured.
To create the most secure environment for our information systems, we would like to lock them up somewhere and not connect them to the Internet!
Not practical or useful
Lets create a place (much like the gate in a walled castle) where we force all of the traffic to enter and or leave and we can closely observe it
A firewall is a hardware or software device which is configured to permit, deny or proxy data through a computer network which has different levels of trust
A firewall's basic task is to transfer traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust.
A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized Zone (DMZ)
Connections from the internal and the external network to the DMZ are permitted, while connections from the DMZ are only permitted to the external network — hosts in the DMZ may not connect to the internal network.
This allows the DMZ's hosts to provide services to both the internal and external network while protecting the internal network in case intruders compromise a host in the DMZ.
The DMZ is typically used for connecting servers that need to be accessible from the outside world, such as e-mail, web and DNS servers.
http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29 Demilitarized Zone
Software loaded on a PC that performs a firewall function.
Protects ONLY that computer
There are many commercially available software firewall products.
After loading on a PC, it may have to be configured correctly in order to perform optimally.
Many operating systems contain a built-in software firewall
PC Internet Firewall Software Firewall
Hardware device located between the Internet and a PC (or PCs) that performs a firewall function
Protects ALL of the computers that it is behind
Many have a subnet region of lesser security protection called a Demilitarized Zone (DMZ).
May perform Network Address Translation (NAT) which provides hosts behind the firewall with addresses in the "private address range". This functionality hides true addresses of protected hosts and makes them harder to target.
There are several commercially available hardware firewall products.
After installation, it may have to be configured correctly in order to perform optimally.
PC Internet Firewall PC PC PC DMZ Hardware Firewall
Packet Filters, also called Network Layer Firewalls, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established ruleset. The firewall administrator may define the rules; or default rules may apply.
Application-Layer Firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application while blocking other packets. In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines.
A Proxy device acts as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. They make tampering with an internal system from the external network more difficult.
CyberPatriot wants to thank and acknowledge the CyberWatch program which developed the original version of these slides and who has graciously allowed their use for training in this competition. List of References