What is a Firewall?• A firewall is simply a program or hardware device that filtersthe information coming through the Internet connection intoyour private network or computer system. If an incomingpacket of information is flagged by the filters, it is not allowedthrough
Why firewalls• Protect local systems• Protect network based security threats• Provide secured and controlled access to internet• Provide restricted and controlled access frominternet to local serversFirewall characteristics• All traffic from outside to inside and vice versamust pass through firewall• Only authorised traffic allowed to pass• Firewall itself immune to penetration
Types of firewall• Packet filtering firewall applies set of rules to each incoming IP packet and then forwardsor discards it. Typically based on ip addresses and port numbers
Filter packets going in both directions Packet filter set up as list of rules based on matches tofields in TCP or IP header Two default policies( discard or forward).Attacks• IP spoofing• Source routing attack• Tiny fragment attack-first fragment of packet musthave predefined amount of transport header.
advantages• Simplicity• Transparency-need not know about presence offirewall• High speedDisadvantages1.Difficulty of setting up packet filter rules-largerouting tables2. Lack of authentication
Application level gateway• Also called proxy server-typically a computer• It is service specific• Acts as a relay of application level traffic
Advantages• Higher security than packet filters• Only need to scrutinise few allowableapplications• Easy to log and audit all incoming traffic-bactrackingDisadvantagesAdditional processing overhead on eachconnectionSlower as computers not routers
• More like tunelling• Standalone system, or specialised functionperformed by application level gateway• Does not permit end-to-end TCP connection ,rather gateway sets up two TCP connections• Security function consists of determiningwhich connections will be allowed
Bastion Host• It is a system identified by firewalladministrator as critical point in networksecurity• Executes secure version of its OS and istrusted• Consists of services which are essential• Requires additional authentication beforeaccess is allowed
Firewall configurations• In addition to use of simple configuration ofsingle system, more complex configurationsare possible as: Single homed host Dual-homed host Screened subnet
Single homed host• Only packets from and to bastion host allowed to passthrough router• Bastion host performs authentication and proxy functionsGreater security because:• Implements packet and application level filtering• Intruder has to penetrate two seperate systems
Dual homed host• Packet filtering router not completely compromised• Traffic between internet and hosts on private networkhas to flow through bastion host• DMZ-CONTAINS INFO WHICH CAN BE ACCESSED FROMOUTSIDE
Screened subnet• Most secure• Two packet filtering routers used• Creation of isolated subnetwork• Inside router accepts packets only from bastion host
Firewall Limitations• cannot protect from attacks bypassing it• cannot protect against internal threats– e.g. disgruntled employee-intrusion detectionsystems which looks for statistical anamoly.Install personal firewall on desktops• cannot protect against transfer of all virusinfected programs or files– because of huge range of O/S & file types
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.