SlideShare a Scribd company logo

Firewall fundamentals

Thang Man
Thang Man
Technology
1 of 19
Download to read offline
FIREWALL FUNDAMENTALS Mẫn Thắng manvanthang@gmail.com 9/24/2011
OBJECTIVES  Introduction to Firewall  Firewall Taxonomy  Firewall Architectures  Firewall Planning & Implementation  Firewall Limitations 2
INTRODUCTION  Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. 3
INTRODUCTION  What can firewalls do?  Manage and control network traffic  Authenticate access  Act as an intermediary  Protect resources  Record and report on events  Firewalls operate at Layers 2, 3, 4, and 7 of the OSI model 4
INTRODUCTION  How does a firewall work? deny/grant access based on the rules pre-defined by admin 5
TAXONOMY  FW Products  Software ISA Server, Iptables, Comodo, ZoneAlarm,…  Appliance Cisco PIX, Checkpoint, SonicWall, WatchGuard,…  Integrated Multiple security functions in one single appliance: FW, IPS, VPN, Gateway Anti-virus/spam, data leak prevention…  Open vs. Closed Source FWs ipfw, ModSecurity, pfSense,… 6
TAXONOMY  FW Technologies  Host-based (or Personal) FW Windows FW, Firestarter,…  Network FW  (Simple) Packet Filtering  Stateful Inspection  Application FWs  Application-Proxy Gateways  Dedicated Proxy Servers  Transparent (Layer-2) FWs 7
TAXONOMY  FW Technologies  Others (Network FW)  NAT (it is actually a routing technology)  VPN  Network Access Control/Protection (NAC/NAP)  Web Application FW  Firewalls for Virtual Infrastructures  Unified Threat Management (UTM) 8
ARCHITECTURES  Single-Box  Screening router 9
ARCHITECTURES  Single-Box  Dual-homed host 10
ARCHITECTURES  Screened host 11
ARCHITECTURES  Screened subnet 12
ARCHITECTURES  DMZ  Single (Three legged) firewall Firewall 13
ARCHITECTURES  DMZ  Dual firewall Internal FW External FW 14
PLANNING & IMPLEMENTATION Plan Manage Configure Deploy Test 15
LIMITATIONS  What a firewall CAN’T protect against:  viruses/malwares  internal threats (disgruntled workers, poor security policy…)  attacks that do not traverse the firewall (social engineering, personal modems or unauthorized wireless connections…)  attacks on services that are allowed through the firewall (HTTP, SMTP, FTP…) 16
CONCLUSION  Firewalls are an integral part of any Defense in Depth strategy 17
REFERENCES [1] Firewall Fundamentals, Cisco Press (2006) [2] Tactical Perimeter Defense, Element K (2007) [3] Module 16 of CEH v7, EC-Council (2010) [4] Building Internet Firewalls 2nd Edition, O'Reilly (2000) [5] Guidelines on Firewalls and Firewall Policy, NIST (2009) 18
THANKS FOR YOUR ATTENTION! Q&A 19

Recommended

FireWall
FireWallFireWall
FireWall
rubal_9
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
yogendrasinghchahar
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
VC Infotech
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
poorvavyas4
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 

Recommended

FireWall
FireWallFireWall
FireWall
rubal_9
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
TayabaZahid
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
yogendrasinghchahar
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
VC Infotech
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
poorvavyas4
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
Jainam Shah
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
LakshmiSamivel
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
Karnav Rana
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
Lokesh Sharma
 
What is firewall
What is firewallWhat is firewall
What is firewall
Harshana Jayarathna
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Firewall
FirewallFirewall
Firewall
nayakslideshare
 
FIREWALL
FIREWALL FIREWALL
FIREWALL
Akash R
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
rahul kundu
 
Firewall
FirewallFirewall
Firewall
Muhammad Sohaib Afzaal
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
Nemwos
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
Vikram Khanna
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
Fredrick Hall
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
ShafeeqaFarsana
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
Patten John
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
Sylvain Maret
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetation
Kaveh Khosravi
 

More Related Content

What's hot

UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
Lokesh Sharma
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
rahul kundu
 

What's hot (20)

Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
UTM Unified Threat Management
UTM Unified Threat ManagementUTM Unified Threat Management
UTM Unified Threat Management
 
What is firewall
What is firewallWhat is firewall
What is firewall
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Firewall
FirewallFirewall
Firewall
 
FIREWALL
FIREWALL FIREWALL
FIREWALL
 
Firewalls
FirewallsFirewalls
Firewalls
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Firewall
FirewallFirewall
Firewall
 
Mobile Device Security
Mobile Device SecurityMobile Device Security
Mobile Device Security
 
Firewall
Firewall Firewall
Firewall
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
 
Firewall
FirewallFirewall
Firewall
 

Viewers also liked

Overview of Linux
Overview of LinuxOverview of Linux
Overview of Linux
Thang Man
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70
symple9
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
Anand Grewal
 

Viewers also liked (20)

Firewall Essentials
Firewall EssentialsFirewall Essentials
Firewall Essentials
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetation
 
Overview of Linux
Overview of LinuxOverview of Linux
Overview of Linux
 
Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70Instalación Firewall Checkpoint R70
Instalación Firewall Checkpoint R70
 
PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3
 
An introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for DummiesAn introduction to Unified Threat Management (UTM), for Dummies
An introduction to Unified Threat Management (UTM), for Dummies
 
Check Point sizing security
Check Point sizing securityCheck Point sizing security
Check Point sizing security
 
Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1Mikrotik® MPLS/VPN Lab Part 1
Mikrotik® MPLS/VPN Lab Part 1
 
tcpip
tcpiptcpip
tcpip
 
basic it presentation........
basic it presentation........basic it presentation........
basic it presentation........
 
Ipv4 & ipv6
Ipv4 & ipv6Ipv4 & ipv6
Ipv4 & ipv6
 
TCP/IP
TCP/IPTCP/IP
TCP/IP
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA Firewalls
 
checkpoint
checkpointcheckpoint
checkpoint
 
Firewall Penetration Testing
Firewall Penetration TestingFirewall Penetration Testing
Firewall Penetration Testing
 
Firewalls Security – Features and Benefits
Firewalls Security – Features and BenefitsFirewalls Security – Features and Benefits
Firewalls Security – Features and Benefits
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
 
Domain name system
Domain name systemDomain name system
Domain name system
 

Similar to Firewall fundamentals

Firewall
FirewallFirewall
Firewall
Apo
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
jibinsh
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
Pranav Gontalwar
 

Similar to Firewall fundamentals (20)

Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Describe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdfDescribe what you would do to protect a network from attack, mention .pdf
Describe what you would do to protect a network from attack, mention .pdf
 
Firewall
FirewallFirewall
Firewall
 
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
A Decentralized Cloud Firewall Framework with Resources Provisioning Cost Opt...
 
Note8
Note8Note8
Note8
 
voice
voicevoice
voice
 
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPUREFIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
FIREWALL PROJECT.pptx BY SAKSHI SOLAPURE
 
Anton Chuvakin on Honeypots
Anton Chuvakin on HoneypotsAnton Chuvakin on Honeypots
Anton Chuvakin on Honeypots
 

More from Thang Man

OpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewOpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical Overview
Thang Man
 
Lesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingLesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic Networking
Thang Man
 
Lesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingLesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell Programming
Thang Man
 
Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)
Thang Man
 
Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)
Thang Man
 
Lesson 3 - Linux File System
Lesson 3 - Linux File SystemLesson 3 - Linux File System
Lesson 3 - Linux File System
Thang Man
 
Lesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentLesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line Environment
Thang Man
 
Lesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxLesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & Linux
Thang Man
 
Building Trusted Network
Building Trusted NetworkBuilding Trusted Network
Building Trusted Network
Thang Man
 

More from Thang Man (10)

Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016Running OpenStack in Production - Barcamp Saigon 2016
Running OpenStack in Production - Barcamp Saigon 2016
 
OpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical OverviewOpenStack 101: Introduction & Technical Overview
OpenStack 101: Introduction & Technical Overview
 
Lesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic NetworkingLesson 8 - Reviewing Basic Networking
Lesson 8 - Reviewing Basic Networking
 
Lesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell ProgrammingLesson 7 - Linux Shell Programming
Lesson 7 - Linux Shell Programming
 
Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)Lesson 6 - Administering Linux System (2)
Lesson 6 - Administering Linux System (2)
 
Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)Lesson 5 - Administering Linux System (1)
Lesson 5 - Administering Linux System (1)
 
Lesson 3 - Linux File System
Lesson 3 - Linux File SystemLesson 3 - Linux File System
Lesson 3 - Linux File System
 
Lesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line EnvironmentLesson 2 - Install Linux & Command Line Environment
Lesson 2 - Install Linux & Command Line Environment
 
Lesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & LinuxLesson 1 - Introduction to Open Source & Linux
Lesson 1 - Introduction to Open Source & Linux
 
Building Trusted Network
Building Trusted NetworkBuilding Trusted Network
Building Trusted Network
 

Recently uploaded

Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
Syngulon
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
Femke de Vroome
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
CzechDreamin
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
Stephen Perrenod
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
Hiroshi SHIBATA
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 

Recently uploaded (20)

WebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM PerformanceWebAssembly is Key to Better LLM Performance
WebAssembly is Key to Better LLM Performance
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
Syngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdfSyngulon - Selection technology May 2024.pdf
Syngulon - Selection technology May 2024.pdf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureECS 2024 Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?The Metaverse: Are We There Yet?
The Metaverse: Are We There Yet?
 
Overview of Hyperledger Foundation
Overview of Hyperledger FoundationOverview of Hyperledger Foundation
Overview of Hyperledger Foundation
 
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024Long journey of Ruby Standard library at RubyKaigi 2024
Long journey of Ruby Standard library at RubyKaigi 2024
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 

Firewall fundamentals

  • 1. FIREWALL FUNDAMENTALS Mẫn Thắng manvanthang@gmail.com 9/24/2011
  • 2. OBJECTIVES  Introduction to Firewall  Firewall Taxonomy  Firewall Architectures  Firewall Planning & Implementation  Firewall Limitations 2
  • 3. INTRODUCTION  Firewalls are devices or programs that control the flow of network traffic between networks or hosts that employ differing security postures. 3
  • 4. INTRODUCTION  What can firewalls do?  Manage and control network traffic  Authenticate access  Act as an intermediary  Protect resources  Record and report on events  Firewalls operate at Layers 2, 3, 4, and 7 of the OSI model 4
  • 5. INTRODUCTION  How does a firewall work? deny/grant access based on the rules pre-defined by admin 5
  • 6. TAXONOMY  FW Products  Software ISA Server, Iptables, Comodo, ZoneAlarm,…  Appliance Cisco PIX, Checkpoint, SonicWall, WatchGuard,…  Integrated Multiple security functions in one single appliance: FW, IPS, VPN, Gateway Anti-virus/spam, data leak prevention…  Open vs. Closed Source FWs ipfw, ModSecurity, pfSense,… 6
  • 7. TAXONOMY  FW Technologies  Host-based (or Personal) FW Windows FW, Firestarter,…  Network FW  (Simple) Packet Filtering  Stateful Inspection  Application FWs  Application-Proxy Gateways  Dedicated Proxy Servers  Transparent (Layer-2) FWs 7
  • 8. TAXONOMY  FW Technologies  Others (Network FW)  NAT (it is actually a routing technology)  VPN  Network Access Control/Protection (NAC/NAP)  Web Application FW  Firewalls for Virtual Infrastructures  Unified Threat Management (UTM) 8
  • 9. ARCHITECTURES  Single-Box  Screening router 9
  • 10. ARCHITECTURES  Single-Box  Dual-homed host 10
  • 11. ARCHITECTURES  Screened host 11
  • 12. ARCHITECTURES  Screened subnet 12
  • 13. ARCHITECTURES  DMZ  Single (Three legged) firewall Firewall 13
  • 14. ARCHITECTURES  DMZ  Dual firewall Internal FW External FW 14
  • 15. PLANNING & IMPLEMENTATION Plan Manage Configure Deploy Test 15
  • 16. LIMITATIONS  What a firewall CAN’T protect against:  viruses/malwares  internal threats (disgruntled workers, poor security policy…)  attacks that do not traverse the firewall (social engineering, personal modems or unauthorized wireless connections…)  attacks on services that are allowed through the firewall (HTTP, SMTP, FTP…) 16
  • 17. CONCLUSION  Firewalls are an integral part of any Defense in Depth strategy 17
  • 18. REFERENCES [1] Firewall Fundamentals, Cisco Press (2006) [2] Tactical Perimeter Defense, Element K (2007) [3] Module 16 of CEH v7, EC-Council (2010) [4] Building Internet Firewalls 2nd Edition, O'Reilly (2000) [5] Guidelines on Firewalls and Firewall Policy, NIST (2009) 18
  • 19. THANKS FOR YOUR ATTENTION! Q&A 19