Firewalls are hardware or software that filter traffic between private and public networks like the internet. They examine incoming and outgoing messages and block those that don't meet security criteria. Common types include packet filters, stateful inspection firewalls, application proxies, and circuit-level proxies. Packet filters apply rules to IP packets while stateful inspection firewalls track TCP connection states. Application proxies act as a relay for application traffic and can be more secure but have higher processing overhead.
2. WHAT IS FIREWALL?
• Firewalls are hardware and/or software designed to invent unauthorized access
to or from a private network .
• Firewalls examine all messages entering or leaving the Internet and blocks those
that do not meet the specified security criteria.
• They are placed at the junction or gateway between the two networks, which is
usually a private network and a public network such as the Internet
3. WHAT IS FIREWALL?(CONT.)
• A firewall, is a system that allows you to protect a server or a network of servers
from intrusions coming from another network. The most common use is to protect
your Internet network.
4. THE NEED FOR FIREWALL
Internet connectivity is essential
however it creates a threat
Effective means of protecting LANs
Inserted between the premises network and the Internet to establish a controlled link.
can be a single computer system or a set of two or more systems working together
Used as a perimeter defense
Single choke point to impose security and auditing
insulates the internal systems from external networks
5. FIREWALL CAPABILITIES AND LIMITS
Capabilities Limitations
A firewall defines a single choke
point that blocks malicious traffic.
Cannot protect against attacks
bypassing firewall
Provides a location for
security events .
May not protect fully against
internal threats
Convenient platform for several
Internet functions that are not
security related, which include
network address translator.
Improperly secured wireless LAN
can be accessed from outside the
organization
Can serve as the platform for
.
Laptop, PDA, or portable storage
device may be infected outside
corporate network then attached
used internally .
7. PACKET FILTERING FIREWALL
Applies rules to each incoming and outgoing IP packet.
• Typically a list of rules based on matches in the IP or TCP header
• Forwards or discards the packet based on rules match
Two default policies:
Discard - prohibit unless expressly permitted
• More conservative, controlled, visible to users
Forward - permit unless expressly prohibited
• Easier to manage and use but less secure
8. PACKET FILTER ADVANTAGES AND WEAKNESSES
Advantages
• Simplicity
• Typically transparent to users and are very fast
Weaknesses
• Cannot prevent attacks that employ application specific vulnerabilities or functions.
• Limited logging functionality
• Do not support advanced user authentication
• Vulnerable to attacks on TCP/IP protocol bugs.
• Improper configuration can lead to breaches
9.
10.
11. STATEFUL INSPECTION FIREWALLS
• Tightens rules for TCP traffic by creating a directory of outbound TCP connections
• there is an entry for each currently established connection
• packet filter allows incoming traffic to high numbered ports
• only for those packets that fit the profile of one of the entries
• Reviews packet information but also records information about TCP connections
• keeps track of TCP sequence numbers to prevent attacks that depend on the sequence
number
• inspects data for protocols like FTP, IM and SIPS commands
12.
13.
14. APPLICATION-LEVEL GATEWAY
• Also called an application proxy
• Acts as a relay of application-level traffic
• User contacts gateway using a TCP/IP appl.
• user is authenticated
• gateway contacts application on remote host and relays TCP segments between server and user
• Must have proxy code for each application
• may restrict application features supported
• Tend to be more secure than packet filters
• Disadvantage is the additional processing overhead on each connection
16. CIRCUIT-LEVEL PROXY FIREWALL
• Circuit level proxy
• Sets up two TCP connections, one between itself and a TCP user on an inner host and one
on an outside host
• Relays TCP segments from one connection to the other without examining contents
• Security function consists of determining which connections will be allowed
• Typically used when inside users are trusted
• May use application-level gateway inbound and circuit-level gateway outbound
• Lower overheads
18. Packet filters
Application
Gateway
Circuit level Gateway Stateful filters
Simple and least
Most secure
approach
More secure than
packet filter but not
as secure as
application gateway.
Process packets at
very fast speeds
Many routers provide
this functionality
Unique program
each application
Relay TCP
connections
flexibility in
implementing
security policies
Passes or rejects
packets based on rules
good for
authentication and
logging
Permission granted
by port address
do not support user
authentication of
connections
Hard to manage
Not always
transparent to
No application level
checking
complex to configure
Easy to make mistakes
Used for email, FTP
,
TELNET, WWW
Can understand what
is carried in the
packet.
cannot prevent
application-layer
attacks
19. NETWORK SECURITY DEVICES
• Personal software firewalls
• Improved their functionality:
— Most personal software firewalls today also filter outbound traffic as well as inbound
traffic.
— Protects users by preventing malware from connecting to other computers and
spreading.
• Disadvantage: It is only as strong as the operating system of the computer.
20.
21. NETWORK SECURITY DEVICES
• Hardware firewalls
Run their own OS
Usually located outside the network security perimeter as first line of defense
Disadvantage: Can be expensive
22.
23. CISCO ASA
In computer networking, Cisco ASA 5500 Series Adaptive Security Appliances, or simply Cisco ASA,
is Cisc’s line of network security devices introduced in May 2005.
Cisco ASA has become one of the most widely used firewall/VPN solutions for small to medium
businesses. Early reviews indicated the Cisco GUI tools for managing the device were lacking.