Your SlideShare is downloading. ×
0
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Firewall presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Firewall presentation

1,376

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,376
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
136
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. A Presentation OnSubmitted To :- Presented By :- 2/4/2013 Firewall 1
  • 2. 1. Definition of Firewall2. Need of Firewall3. Firewall Design Principles4. Firewall Characteristics5. What a Firewall Can Do?6. What a Firewall Can’t Do?7. Architecture of Firewall8. Types Of Firewall9. Implementation of Firewall10. Deployment of Firewall11. Report & Conclusion 2/4/2013 Firewall 2
  • 3. •Here is how Bob Shirey defines it in RFC 2828. •An internetwork gateway that restricts data communication traffic to and from one of the connected networks (the one said to be "inside" the firewall) and thus protects that networks system resources against threats from the other network (the one that is said to be "outside" the firewall). (See: guard, security gateway.) 2/4/2013 Firewall 3
  • 4. Rules Determine WHO ? WHEN ? WHAT ? HOW ? MyINTERNET PC Secure Private Firewall Network 2/4/2013 Firewall 4
  • 5. What is a Firewall ?  A firewall : Internet ◦ Acts as a security gateway between two networks  Usually between trusted “Allow Traffic and untrusted networks to Internet” (such as between a corporate network and the Internet) ◦ Tracks and controls network communications  Decides whether to pass, reject, encrypt, o r log communications (Access Control) Corporate Site 2/4/2013 Firewall 5
  • 6. Firewalls History• First generation - packet filters • The first paper published on firewall technology was in 1988, when Jeff Mogul from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls.• Second generation - circuit level • From 1980-1990 two colleagues from AT&T Company, developed the second generation of firewalls known as circuit level firewalls.• Third generation - application layer • Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories described a third generation firewall. also known as proxy based firewalls.•Subsequent generations • In 1992, Bob Braden and Annette DeSchon at the University of Southern California (USC) were developing their own fourth generation packet filter firewall system. • In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1. • Cisco, one of the largest internet security companies in the world released their PIX ” Private Internet Exchange ” product to the public in 1997. 2/4/2013 Firewall 6
  • 7.  Theft or disclosure of internal data Unauthorized access to internal hosts Interception or alteration of data Vandalism & denial of service Wasted employee time Bad publicity, public embarassment, and law suits 2/4/2013 Firewall 7
  • 8. The Nature of Today’s Attackers Who are these “hackers” who are trying to break into your computer? Most people imagine someone at a keyboard late at night, guessing passwords to steal confidential data from a computer system. This type of attack does happen, but it makes up a very small portion of the total network attacks that occur. Today, worms and viruses initiate the vast majority of attacks. Worms and viruses generally find their targets randomly. As a result, even organizations with little or no confidential information need firewalls to protect their networks from these automated attackers. 2/4/2013 Firewall 8
  • 9. Firewall Design Principles1. Information systems undergo a steady evolution (from small LAN`s to Internet connectivity)2. Strong security features for all workstations and servers not established3. The firewall is inserted between the premises network and the Internet4. Aims: 1. Establish a controlled link 2. Protect the premises network from Internet-based attacks 3. Provide a single choke point 2/4/2013 Firewall 9
  • 10. Firewall CharacteristicsDesign goals: 1. All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall) 2. Only authorized traffic (defined by the local security police) will be allowed to pass 3. The firewall itself is immune to penetration (use of trusted system with a secure operating system) 2/4/2013 Firewall 10
  • 11. Firewall CharacteristicsFour general techniques:1. Service control • Determines the types of Internet services that can be accessed, inbound or outbound2. Direction control • Determines the direction in which particular service requests are allowed to flow3. User control • Controls access to a service according to which user is attempting to access it4. Behavior control • Controls how particular services are used (e.g. filter e-mail) 2/4/2013 Firewall 11
  • 12. What Firewalls Can Do Positive Effects Negative Effects 2/4/2013 Firewall 12
  • 13. What Firewalls Do (Positive Effects)Positive Effects User authentication. Firewalls can be configured to require user authentication. This allows network administrators to control ,track specific user activity. Auditing and logging. By configuring a firewall to log and audit activity, information may be kept and analyzed at a later date. 2/4/2013 Firewall 13
  • 14. What Firewalls Do (Positive Effects) Anti-Spoofing - Detecting when the source of the network traffic is being "spoofed", i.e., when an individual attempting to access a blocked service alters the source address in the message so that the traffic is allowed. Network Address Translation (NAT) - Changing the network addresses of devices on any side of the firewall to hide their true addresses from devices on other sides. There are two ways NAT is performed: ◦ One-to-One - where each true address is translated to a unique translated address. ◦ Many-to-One - where all true addresses are translated to a single address, usually that of the firewall. 2/4/2013 Firewall 14
  • 15. What Firewalls Do (Positive Effects) Virtual Private Networks VPNs are communications sessions traversing public networks that have been made virtually private through the use of encryption technology. VPN sessions are defined by creating a firewall rule that requires encryption for any session that meets specific criteria. 2/4/2013 Firewall 15
  • 16. What Firewalls Do (Negative Effects) Negative Effects Although firewall solutions provide many benefits, negative effects may also be experienced. ◦ Traffic bottlenecks. By forcing all network traffic to pass through the firewall, there is a greater chance that the network will become congested. ◦ Single point of failure. In most configurations where firewalls are the only link between networks, if they are not configured correctly or are unavailable, no traffic will be allowed through. ◦ Increased management responsibilities. A firewall often adds to network management responsibilities and makes network troubleshooting more complex. 2/4/2013 Firewall 16
  • 17. What a Firewall Can’t Do• Do Firewalls Prevent Viruses and Trojans? NO!! A firewall can only prevent a virus or Trojan from accessing the internet while on your machine• 95% of all viruses and Trojans are received via e-mail, through file sharing (like Kazaa or Gnucleus) or through direct download of a malicious program• Firewalls cant prevent this -- only a good anti-virus software program can however , once installed on your PC, many viruses and Trojans "call home" using the internet to the hacker that designed it• This lets the hacker activate the Trojan and he/she can now use your PC for his/her own purposes• A firewall can block the call home and can alert you if there is suspicious behavior taking place on your system 2/4/2013 Firewall 17
  • 18. Firewall Architectures Screening Router Simple Firewall Multi-Legged firewall Firewall Sandwich Layered Security Architecture 2/4/2013 Firewall 18
  • 19. Screening Router In te rn e t/ U n tru ste d N e tw o rkR o u te s o r b lo c k s p a c k e ts , a sd e te rm in e d b y s e c u rity p o lic y S c re e n in g R o u te r In te rn a l T ru ste d N e tw o rk D e s k to p M a in fra m e D a ta b a s e S e rv e r 2/4/2013 Firewall 19
  • 20. In te rn e t/Simple Firewall U n tru ste d N e tw o rk R o u te s o r b lo c k s p a c k e ts , a s d e te rm in e d b y s e c u rity p o lic y F ire w a ll th e n h a n d le s tra ffic a d d itio n a lly to m a in ta in m o re S c re e n in g R o u te r s e c u rity F ire w a ll In te rn a l T ru ste d N e tw o rk D e s k to p M a in fra m e D a ta b a s e S e rv e r w e b , s m tp 2/4/2013 Firewall 20
  • 21. Multi-Legged Firewall In te rn e t/ U n tru ste d N e tw o rk R o u te s o r b lo c k s p a c k e ts , a s d e te rm in e d b y s e c u rity p o lic y F ire w a ll th e n h a n d le s tra ffic S c re e n in g R o u te r a d d itio n a lly to m a in ta in m o re s e c u rity D M Z n o w o ffe rs a s e c u re D M Z S e m i-T ru ste d N e tw o rk s a n d b o x to h a n d le u n -tru s te d F ire w a llc o n n e c tio n s to in te rn e t s e rv ic e s In te rn a l T ru ste d N e tw o rk W e b S e rv e r S M T P S e rv e r S e rv e r D e s k to p M a in fra m e D a ta b a s e S e rv e r 2/4/2013 Firewall 21
  • 22. Firewall In te rn e t/ U n tru ste d N e tw o rkSandwich S c re e n in g R o u te r R o u te s o r b lo c k s p a c k e ts , a s d e te rm in e d b y s e c u rity p o lic y F ire w a ll th e n h a n d le s tra ffic O u ts id e F ire w a ll a d d itio n a lly to m a in ta in m o re s e c u rity D M Z n o w o ffe rs a s e c u re DMZ n e tw o rk to h a n d le u n -tru s te d S e m i-tru ste d D M Z S e m i-T ru ste d N e tw o rk c o n n e c tio n s to in te rn e t s e rv ic e s n e tw o rk S e p a ra tio n o f s e c u rity p o lic y c o n tro ls b e tw e e n in s id e a n d o u ts id e fire w a lls W e b S e rv e r S M T P S e rv e r S e rv e r In s id e F ire w a ll In te rn a l T ru ste d N e tw o rk D e s k to p M a in fra m e D a ta b a s e A p p S e rv e r 2/4/2013 Firewall 22
  • 23. Layered Firewall R o u te s o r b lo c k s p a c k e ts , a s d e te rm in e d b y s e c u rity p o lic y F ire w a ll th e n h a n d le s tra ffic a d d itio n a lly to m a in ta in m o re s e c u rity In te rn e t /U n - tru ste d N e tw o rk D M Z n o w o ffe rs a s e c u re n e tw o rk to h a n d le u n -tru s te dc o n n e c tio n s to in te rn e t s e rv ic e s In s id e F ire w a ll S e p a ra tio n o f s e c u rity p o lic y c o n tro ls n e tw o rk s w ith in y o u r tru s te d n e tw o rk a s w e ll a s y o u DMZ s e m i a n d u n -tru s te d n e tw o rk s S e m i-tru ste d n e tw o rk F e n c e s k e e p h o n e s t p e o p le h o n e s t! In s id e F ire w a ll M a in fra m e U se r N e tw o rk H R N e tw o rk N e tw o rk In te rn a l F ire w a ll In te rn a l F ire w a ll In te rn a l F ire w a ll D e ve lo p m e n t N e tw o rk2/4/2013 Firewall 23
  • 24. Types of Firewalls Common types of Firewalls: 1. Packet-filtering routers 2. Application-level gateways 3. Circuit-level gateways 4. Bastion host 5. Distributed Firewall System 6. Virtual Private Network (VPN) 2/4/2013 Firewall 24
  • 25. Packet-filtering Router◦ Applies a set of rules to each incoming IP packet and then forwards or discards the packet◦ Filter packets going in both directions◦ The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header◦ Two default policies (discard or forward) 2/4/2013 Firewall 25
  • 26. Packet Filtering Firewall Trusted Firewall Untrusted Network rule set Network Packet is Blocked or Discarded 2/4/2013 Firewall 26
  • 27. Packet Filtering Firewall  A packet filtering firewall is often called a network layer firewall because the filtering is primarily done at the network layer (layer three) or the transport layer (layer four) of the OSI reference model. 2/4/2013 Firewall 27
  • 28. Packet Filtering 2/4/2013 Firewall 28
  • 29. Packet-filtering Router Advantages: ◦ Simplicity ◦ Transparency to users ◦ High speed Disadvantages: ◦ Difficulty of setting up packet filter rules ◦ Lack of Authentication 2/4/2013 Firewall 29
  • 30. Application-level Gateway Gateway sits between user on inside and server on gateway-to-remote outside. Instead of talking host ftp session directly, user and server talk host-to-gateway ftp session through proxy. Allows more fine grained and sophisticated control than packet filtering. For example, ftp server may not allow files greater than a set size. A mail server is an example application of an application gateway gateway ◦ Can’t deposit mail in recipient’s mail server without passing through sender’s mail server 2/4/2013 Firewall 30
  • 31. Application Gateways/Proxies 2/4/2013 Firewall 31
  • 32. Application-level Gateway•Advantages 1. Proxy can log all connections, activity in connections 2. Proxy can provide caching 3. Proxy can do intelligent filtering based on content 4. Proxy can perform user-level authentication•Disadvantages 1. Not all services have proxied versions 2. May need different proxy server for each service 3. Requires modification of client 4. Performance 2/4/2013 Firewall 32
  • 33. Circuit-level Gateway1. Stand-alone system2. Specialized function performed by an Application-level Gateway3. Sets up two TCP connections4. The gateway typically relays TCP segments from one connection to the other without examining the contents5. The security function consists of determining which connections will be allowed6. Typically use is a situation in which the system administrator trusts the internal users7. An example is the SOCKS package 2/4/2013 Firewall 33
  • 34. Circuit Level 2/4/2013 Firewall 34
  • 35. Bastion Host Highly secure host system A system identified by the firewall administrator as a critical strong point in the network´s security The bastion host serves as a platform for an application-level or circuit-level gateway Potentially exposed to "hostile" elements Hence is secured to withstand this ◦ Disable all non-required services; keep it simple Trusted to enforce trusted separation between network connections Runs circuit / application level gateways ◦ Install/modify services you want Or provides externally accessible services 2/4/2013 Firewall 35
  • 36. Screened Host Architecture 2/4/2013 Firewall 36
  • 37. Distributed Firewalls A central management node sets the security policy enforced by individual hosts Combination of high-level policy specification with file distribution mechanism Advantages: ◦ Lack of central point of failure ◦ Ability to protect machines outside topologically isolated space ◦ Great for laptops Disadvantage: ◦ Harder to allow in certain services, whereas it’s easy to block 2/4/2013 Firewall 37
  • 38. Distributed Firewalls Drawback Allowing in certain services works if and only if you’re sure the address can’t be spoofed ◦ Requires anti-spoofing protection ◦ Must maintain ability to roam safely Solution: IPsec ◦ A machine is trusted if and only if it can perform proper cryptographic authentication 2/4/2013 Firewall 38
  • 39. Virtual Private Network (VPN) Used to connect two private networks via the internet ◦ Provides an encrypted tunnel between the two private networks ◦ Usually cheaper than a private leased line but should be studied on an individual basis ◦ Once established and as long as the encryption remains secure the VPN is impervious to exploitation ◦ For large organizations using VPNs to connect geographically diverse sites, always attempt to use the same ISP to get best performance.  Try to avoid having to go through small Mom-n-Pop ISPs as they will tend to be real bottlenecks 2/4/2013 Firewall 39
  • 40. Virtual Private Network (VPN) 2/4/2013 Firewall 40
  • 41. Implementations Software ◦ Devil-Linux ◦ Dotdefender ◦ ipfirewall ◦ PF ◦ Symantec … Hardware ◦ Cisco PIX ◦ DataPower ◦ SofaWare Technologies 2/4/2013 Firewall 41
  • 42. Firewall Deployment DMZ  Corporate Network Internet Gateway Demilitarized Zone (DMZ) ◦ Protect internal Public Servers network from attack Corporate Network ◦ Most common Gateway deployment point Human Resources Network Corporate Site 2/4/2013 Firewall 42
  • 43. Firewall Deployment  Corporate Network Internet Gateway Public Servers  Internal Segment Gateway Demilitarized Zone (Publicly-accessible ◦ Protect sensitive servers) segments (Finance, HR, Product Development) Human Resources Network ◦ Provide second layer of defense Internal Segment Gateway ◦ Ensure protection against internal attacks and misuse Corporate Site 2/4/2013 Firewall 43
  • 44. Firewall Deployment  Corporate Internet Public Servers Network Gateway DMZ  Internal Segment Gateway  Server-Based Firewall Human Resources Network ◦ Protect individual application servers Server-Based Firewall ◦ Files protect Corporate Site SAP Server 2/4/2013 Firewall 44
  • 45. The“2002 Computer Security Institute /FBI Computer Crime and Security Survey” Reported: 90% of survey respondents (primarily larger corporations) detected computer security breaches. Respondents reported a wide range of attacks: 44% detected system penetration from the outside 44% detected denial of service attacks 76% detected employee abuse of Internet access privileges 85% detected computer viruses, worms, etc. 80% acknowledged financial losses due to computer security breaches 44% were willing and/or able to quantify their financial losses (these losses were $455 million). Most serious losses occurred through theft of proprietary information and financial fraud. 74% cited their Internet connections as a frequent point of attack and 33% cited their internal systems ands frequent point of attack 34% reported intrusions to law enforcement (up from only 16% in 1996) 2/4/2013 Firewall 45
  • 46. Future of Firewalls Firewalls will continue to advance as the attacks on IT infrastructure become more and more sophisticated More and more client and server applications are coming with native support for proxied environments Firewalls that scan for viruses as they enter the network and several firms are currently exploring this idea, but it is not yet in wide use 2/4/2013 Firewall 46
  • 47. Conclusion It is clear that some form of security for private networks connected to the Internet is essential A firewall is an important and necessary part of that security, but cannot be expected to perform all the required security functions. 2/4/2013 Firewall 47
  • 48. 2/4/2013 Firewall 48
  • 49. 2/4/2013 Firewall 49

×