Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

6 Chapter 6 (I)


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

6 Chapter 6 (I)

  1. 1. WXGE6315 FIREWALL
  2. 2. <ul><li>Barrier between secure intranet / LAN with open Internet . </li></ul>What is Firewall? It is a “ security guard ” for your network and it blocks any potential ‘attacker’ into the network based on it’s security policy .
  3. 3. What is Firewall <ul><li>In computing, a firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy. </li></ul><ul><li>A firewall has the basic task of controlling traffic between different zones of trust. Typical zones of trust include the Internet (a zone with no trust) and an internal network (a zone with high trust). The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle. </li></ul>
  4. 4. How Firewall Works Open Internet Your Network Your Firewall Checking Based on predefined Security Policy Data safe to go ! Data goes into your network Data not safe - BLOCK IT ! Data blocked and cannot come in LEGEND Safe data packet Unsafe data packet
  5. 5. Types of Firewall <ul><li>There are two main categories of firewalls exist: </li></ul><ul><ul><li>network layer firewalls </li></ul></ul><ul><ul><li>application layer firewalls </li></ul></ul>
  6. 6. Network Layer Firewall <ul><li>In computer networks, a network layer firewall works as a packet filter by deciding what packets will pass the firewall according to rules defined by the administrator. </li></ul><ul><li>Filtering rules can act on the basis of source and destination address and on ports , in addition to whatever higher-level network protocols the packet contains. Network layer firewalls tend to operate very fast, and transparently to users. </li></ul>
  7. 7. Network Layer Firewall <ul><li>Network layer firewalls generally fall into two sub-categories </li></ul><ul><ul><li>Stateful Firewall </li></ul></ul><ul><ul><li>Stateless Firewall (non-stateful) </li></ul></ul><ul><li>Stateful firewalls hold some information on the state of connections (for example: established or not, initiation, handshaking, data or breaking down the connection) as part of their rules (e.g. only hosts inside the firewall can establish connections on a certain port). </li></ul>
  8. 8. Stateful Packet Inspection <ul><li>Stateful packet inspection is a form of super-charged packet filtering. It examines not just the headers of the packet, but also the contents, to determine more about the packet than just its source and destination information. It is called a stateful packet inspection because it examines the contents of the packet to determine what the state of the communication is i.e. it ensures that the stated destination computer has previously requested the current communication. </li></ul><ul><li>This is a way of ensuring that all communications are initiated by the recipient computer and are taking place only with sources that are known and trusted from previous interactions. In addition to being more rigorous in their inspection of packets, Stateful inspection firewalls also close off ports until connection to the specific port is requested. This allows an added layer of protection from the threat of port scanning. </li></ul>
  9. 9. Stateless Firewall <ul><li>Stateless firewalls have packet-filtering capabilities but cannot make more complex decisions on what stage communications between hosts have reached. </li></ul><ul><li>Stateless firewalls therefore offer less security. Stateless firewalls somewhat resemble a router in their ability to filter packets. </li></ul>
  10. 10. Packet Filtering <ul><li>When a packet filter firewall receives a packet from the Internet, it checks information held in the IP Address in the header of the packet and checks it against a table of access control rules to determine whether or not the packet is acceptable. </li></ul><ul><li>In this case, a set of rules established by the firewall administrator serves as the guest list. These rules may specify certain actions when a particular source or destination IP address or port number is identified. For example, access to a pornographic web site can be blocked by designating the IP address of that site as a non-permitted connection (incoming or outgoing) with the users’ computer. When the packet filter firewall encounters a packet from the porn site, it examines the packet. Since IP address of the porn site is contained in the header of the packet, it meets the conditions that specifically deny such a connection and the web traffic is not permitted to go through. </li></ul>
  11. 11. Application Layer Firewall <ul><li>In computer networking, an application layer firewall is a firewall operating at the application layer of a protocol stack. Generally it is a host using various forms of proxy servers to proxy traffic instead of routing it. As it works on the application layer, it may inspect the contents of the traffic, blocking what the firewall administrator views as inappropriate content, such as certain websites, viruses, attempts to exploit known logical flaws in client software, and so forth. </li></ul><ul><li>An application layer firewall does not route traffic on the network layer . All traffic stops at the firewall which may initiate its own connections if the traffic satisfies the rules. </li></ul>
  12. 12. Application-Level Proxy <ul><li>Application-level proxy determines if a connection to a requested application is permitted. Only connections for specified purposes, such as Internet access or e-mail, will be permitted. This allows system administrators to control what applications their systems computers will be used for. </li></ul><ul><li>For example, hackers can use the Telnet service (which in the early days of the Internet was developed to allow remote logins to computers) to gain unauthorized access to a network. However, a firewall can be setup to allow only web and e-mail applications to gain access. The firewall can be programmed to stop all packets with the destination port of 23, which is the standard port for Telnet. Any attempt by hackers to telnet into the users’ computer will fail because the application level firewall will recognize this telnet connection as a non-web/e-mail application and reject the information trying to enter the users’ computer. </li></ul>