SlideShare a Scribd company logo

Unit II Chapter 6 firewalls.ppt

Download as PPT, PDF
A
AkshitRana31

Firewalls

Software
1 of 23
Firewalls
What is a Firewall?  A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer
What is a Firewall?  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services  only authorized traffic is allowed  Auditing and controlling access  can implement alarms for abnormal behavior
Hardware vs. Software Firewalls  Hardware Firewalls  Protect an entire network  Implemented on the router level  Usually more expensive, harder to configure  Software Firewalls  Protect a single computer  Usually less expensive, easier to configure
Firewall Rules  Allow – traffic that flows automatically because it has been deemed as “safe”  Block – traffic that is blocked because it has been deemed dangerous to your computer  Ask – asks the user whether or not the traffic is allowed to pass through
Classification of Firewall Characterized by protocol level it controls in  Packet filtering  Circuit gateways  Application gateways
Firewalls – Packet Filters Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
 Packets examined at the network layer  Useful “first line” of defense - commonly deployed on routers  Simple accept or reject decision model  No awareness of higher protocol layers Packet Filter Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Presentations Sessions Transport Applications Network Network
Firewalls – Packet Filters  Simplest of components  Low cost  Very fast  Packet filtering routers stores table containing rules  Uses transport-layer information only  IP Source Address, Destination Address  Protocol/Next Header (TCP, UDP, ICMP, etc)  Source port number & destination port number
How to Configure a Packet Filter  Start with a security policy  Specify allowable packets in terms of logical expressions on packet fields  Rewrite expressions in syntax supported by your vendor  General rules - least privilege  All that is not expressly permitted is prohibited  If you do not need it, eliminate it
Advantages of Packet Filter  Packet filters are very fast and transparent  Effective in completely blocking specific types of traffic
Limitations of Packet firewall  Filtering list can become very lengthy, quite complex and error prone  Cannot support user authentication
Firewall Outlines  Packet filtering  Application gateways  Circuit gateways  Combination of above is dynamic packet filter
Firewalls - Circuit Level Gateway Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
Firewalls - Circuit Level Gateway  Operates at session layer  Monitors TCP handshaking b/w packets from untrusted clients or servers  Determines whether connection is valid  Permits traffic only for a limited period  No check on packets transferred  Capability of proxying IP addresses
Firewalls - Circuit Level Gateway  Attributes for validity of connection  Source and destination IP address  Time of the day  Protocol  User and password
Firewall Outlines  Packet filtering  Application gateways  Circuit gateways  Combination of above is dynamic packet filter
Firewalls - Application Level Gateway (or Proxy) Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
Application Gateway or Proxy Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Network Network Presentations Sessions Transport Applications  Act as a proxy for applications  Packets examined at the application layer  Application/Content filtering possible - prevent FTP “put” commands, for example  Modest performance
Application-Level Filtering  Has full access to protocol  user requests service from proxy  proxy validates request as legal  then actions request and returns result to user  Need separate proxies for each service  E.g., SMTP (E-Mail)  NNTP (Net news)  DNS (Domain Name System)  NTP (Network Time Protocol)  custom services generally not supported
Application-Level Filtering  Most secure  Proxies can be configured to encrypt  Complicated configuration  Performance degrades as the number of connections go up
What a personal firewall can do  Stop hackers from accessing your computer  Protects your personal information  Blocks “pop up” ads and certain cookies  Determines which programs can access the Internet
What a personal firewall cannot do  Cannot prevent e-mail viruses  Only an antivirus product with updated definitions can prevent e-mail viruses  After setting it initially, you can forget about it  The firewall will require periodic updates to the rulesets and the software itself

Recommended

Firewall
FirewallFirewall
Firewallthinkahead.net
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
Firewall
FirewallFirewall
FirewallKenny2012
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxVivekTripathi684438
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-IntroAparna Bulusu
 

Recommended

Firewall
FirewallFirewall
Firewallthinkahead.net
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
Firewall
FirewallFirewall
FirewallKenny2012
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxVivekTripathi684438
 
Tech 101: Understanding Firewalls
Tech 101: Understanding FirewallsTech 101: Understanding Firewalls
Tech 101: Understanding FirewallsLikan Patra
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-IntroAparna Bulusu
 
Firewall
FirewallFirewall
FirewallMuuluu
 
Firewall
FirewallFirewall
Firewalltrilokchandra prakash
 
Firewalls
FirewallsFirewalls
FirewallsSanjeevsharma620
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its typesMohammed Maajidh
 
Firewall
FirewallFirewall
Firewalllmbriscoe
 
Firewall Modified
Firewall ModifiedFirewall Modified
Firewall ModifiedRitesh Verma
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxsaad504633
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Prabhdeep Kaur
 
Firewalls
FirewallsFirewalls
FirewallsShashwat Shriparv
 
Network security
Network securityNetwork security
Network securityPresentaionslive.blogspot.com
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptRaj Kumar
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutionsmonugehlot87
 

More Related Content

Similar to Unit II Chapter 6 firewalls.ppt

Firewall
FirewallFirewall
FirewallMuuluu
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxsaad504633
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Prabhdeep Kaur
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptRaj Kumar
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 

Similar to Unit II Chapter 6 firewalls.ppt (20)

Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
 
Firewalls
FirewallsFirewalls
Firewalls
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Firewall
FirewallFirewall
Firewall
 
Firewall Modified
Firewall ModifiedFirewall Modified
Firewall Modified
 
Firewall
FirewallFirewall
Firewall
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)Firewallpresentation 100826052003-phpapp02(1)
Firewallpresentation 100826052003-phpapp02(1)
 
Firewalls
FirewallsFirewalls
Firewalls
 
Network security
Network securityNetwork security
Network security
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.ppt
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 

Recently uploaded

Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutionsmonugehlot87
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningVitsRangannavar
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 

Recently uploaded (20)

Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
buds n tech IT solutions
buds n tech IT solutionsbuds n tech IT solutions
buds n tech IT solutions
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
cybersecurity notes for mca students for learning
cybersecurity notes for mca students for learningcybersecurity notes for mca students for learning
cybersecurity notes for mca students for learning
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 

Unit II Chapter 6 firewalls.ppt

  • 2. What is a Firewall?  A firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or Internet users from accessing a private network and/or a single computer
  • 3. What is a Firewall?  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services  only authorized traffic is allowed  Auditing and controlling access  can implement alarms for abnormal behavior
  • 4. Hardware vs. Software Firewalls  Hardware Firewalls  Protect an entire network  Implemented on the router level  Usually more expensive, harder to configure  Software Firewalls  Protect a single computer  Usually less expensive, easier to configure
  • 5. Firewall Rules  Allow – traffic that flows automatically because it has been deemed as “safe”  Block – traffic that is blocked because it has been deemed dangerous to your computer  Ask – asks the user whether or not the traffic is allowed to pass through
  • 6. Classification of Firewall Characterized by protocol level it controls in  Packet filtering  Circuit gateways  Application gateways
  • 7. Firewalls – Packet Filters Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
  • 8.  Packets examined at the network layer  Useful “first line” of defense - commonly deployed on routers  Simple accept or reject decision model  No awareness of higher protocol layers Packet Filter Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Presentations Sessions Transport Applications Network Network
  • 9. Firewalls – Packet Filters  Simplest of components  Low cost  Very fast  Packet filtering routers stores table containing rules  Uses transport-layer information only  IP Source Address, Destination Address  Protocol/Next Header (TCP, UDP, ICMP, etc)  Source port number & destination port number
  • 10. How to Configure a Packet Filter  Start with a security policy  Specify allowable packets in terms of logical expressions on packet fields  Rewrite expressions in syntax supported by your vendor  General rules - least privilege  All that is not expressly permitted is prohibited  If you do not need it, eliminate it
  • 11. Advantages of Packet Filter  Packet filters are very fast and transparent  Effective in completely blocking specific types of traffic
  • 12. Limitations of Packet firewall  Filtering list can become very lengthy, quite complex and error prone  Cannot support user authentication
  • 13. Firewall Outlines  Packet filtering  Application gateways  Circuit gateways  Combination of above is dynamic packet filter
  • 14. Firewalls - Circuit Level Gateway Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
  • 15. Firewalls - Circuit Level Gateway  Operates at session layer  Monitors TCP handshaking b/w packets from untrusted clients or servers  Determines whether connection is valid  Permits traffic only for a limited period  No check on packets transferred  Capability of proxying IP addresses
  • 16. Firewalls - Circuit Level Gateway  Attributes for validity of connection  Source and destination IP address  Time of the day  Protocol  User and password
  • 17. Firewall Outlines  Packet filtering  Application gateways  Circuit gateways  Combination of above is dynamic packet filter
  • 18. Firewalls - Application Level Gateway (or Proxy) Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
  • 19. Application Gateway or Proxy Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Network Network Presentations Sessions Transport Applications  Act as a proxy for applications  Packets examined at the application layer  Application/Content filtering possible - prevent FTP “put” commands, for example  Modest performance
  • 20. Application-Level Filtering  Has full access to protocol  user requests service from proxy  proxy validates request as legal  then actions request and returns result to user  Need separate proxies for each service  E.g., SMTP (E-Mail)  NNTP (Net news)  DNS (Domain Name System)  NTP (Network Time Protocol)  custom services generally not supported
  • 21. Application-Level Filtering  Most secure  Proxies can be configured to encrypt  Complicated configuration  Performance degrades as the number of connections go up
  • 22. What a personal firewall can do  Stop hackers from accessing your computer  Protects your personal information  Blocks “pop up” ads and certain cookies  Determines which programs can access the Internet
  • 23. What a personal firewall cannot do  Cannot prevent e-mail viruses  Only an antivirus product with updated definitions can prevent e-mail viruses  After setting it initially, you can forget about it  The firewall will require periodic updates to the rulesets and the software itself