2. What is a Firewall?
A firewall is hardware, software, or a
combination of both that is used to prevent
unauthorized programs or Internet users from
accessing a private network and/or a single
computer
3. What is a Firewall?
A choke point of control and monitoring
Interconnects networks with differing trust
Imposes restrictions on network services
only authorized traffic is allowed
Auditing and controlling access
can implement alarms for abnormal behavior
4. Hardware vs. Software Firewalls
Hardware Firewalls
Protect an entire network
Implemented on the router level
Usually more expensive, harder to configure
Software Firewalls
Protect a single computer
Usually less expensive, easier to configure
5. Firewall Rules
Allow – traffic that flows automatically because
it has been deemed as “safe”
Block – traffic that is blocked because it has
been deemed dangerous to your computer
Ask – asks the user whether or not the traffic is
allowed to pass through
7. Firewalls – Packet Filters
Looks at each packet entering
or leaving the network and
accepts or rejects it based on
user-defined rules. Packet
filtering is fairly effective and
transparent to users, but it is
difficult to configure. In
addition, it is susceptible
to IP spoofing.
8. Packets examined at the network layer
Useful “first line” of defense - commonly deployed
on routers
Simple accept or reject decision model
No awareness of higher protocol layers
Packet Filter
Applications
Presentations
Sessions
Transport
Data Link
Physical
Data Link
Physical
Applications
Presentations
Sessions
Transport
Data Link
Physical
Network
Presentations
Sessions
Transport
Applications
Network Network
9. Firewalls – Packet Filters
Simplest of components
Low cost
Very fast
Packet filtering routers stores table containing rules
Uses transport-layer information only
IP Source Address, Destination Address
Protocol/Next Header (TCP, UDP, ICMP, etc)
Source port number & destination port number
10. How to Configure a Packet Filter
Start with a security policy
Specify allowable packets in terms of logical
expressions on packet fields
Rewrite expressions in syntax supported by your
vendor
General rules - least privilege
All that is not expressly permitted is prohibited
If you do not need it, eliminate it
11. Advantages of Packet Filter
Packet filters are very fast and transparent
Effective in completely blocking specific types
of traffic
12. Limitations of Packet firewall
Filtering list can become very lengthy, quite
complex and error prone
Cannot support user authentication
13. Firewall Outlines
Packet filtering
Application gateways
Circuit gateways
Combination of above is dynamic packet filter
14. Firewalls - Circuit Level Gateway
Applies security
mechanisms when
a TCP or UDP connection
is established. Once the
connection has been made,
packets can flow between
the hosts without further
checking.
15. Firewalls - Circuit Level Gateway
Operates at session layer
Monitors TCP handshaking b/w packets from
untrusted clients or servers
Determines whether connection is valid
Permits traffic only for a limited period
No check on packets transferred
Capability of proxying IP addresses
16. Firewalls - Circuit Level Gateway
Attributes for validity of connection
Source and destination IP address
Time of the day
Protocol
User and password
17. Firewall Outlines
Packet filtering
Application gateways
Circuit gateways
Combination of above is dynamic packet filter
18. Firewalls - Application Level
Gateway (or Proxy)
Applies security
mechanisms to specific
applications, such
as FTP and Telnet servers.
This is very effective, but
can impose a performance
degradation.
19. Application Gateway or Proxy
Applications
Presentations
Sessions
Transport
Data Link
Physical
Data Link
Physical
Applications
Presentations
Sessions
Transport
Data Link
Physical
Network Network
Network
Presentations
Sessions
Transport
Applications
Act as a proxy for applications
Packets examined at the application layer
Application/Content filtering possible - prevent
FTP “put” commands, for example
Modest performance
20. Application-Level Filtering
Has full access to protocol
user requests service from proxy
proxy validates request as legal
then actions request and returns result to user
Need separate proxies for each service
E.g., SMTP (E-Mail)
NNTP (Net news)
DNS (Domain Name System)
NTP (Network Time Protocol)
custom services generally not supported
21. Application-Level Filtering
Most secure
Proxies can be configured to encrypt
Complicated configuration
Performance degrades as the number of
connections go up
22. What a personal firewall can do
Stop hackers from accessing your computer
Protects your personal information
Blocks “pop up” ads and certain cookies
Determines which programs can access the
Internet
23. What a personal firewall cannot do
Cannot prevent e-mail viruses
Only an antivirus product with updated definitions
can prevent e-mail viruses
After setting it initially, you can forget about it
The firewall will require periodic updates to the
rulesets and the software itself