SlideShare a Scribd company logo

Firewall & its Services

Download as PPSX, PDF
Navdeep Dhingra
Navdeep Dhingra

What is a Firewall ? Firewall Zones Types of Firewall Cisco Firewall Firewall Services Packet Filtering Stateful Packet Inspection Proxy Services Network Address Translation Dynamic NAT Load Sharing NAT

Internet
1 of 23
N A V D E E P S I N G H Firewall & its Services
What is a Firewall ?  Firewall is a device or a software feature designed to control the flow of trafic into and out-of a network.  Firewall interconnects networks with different trust.  Firewall implements and enforces a security policy between networks.
Firewall Zones Trusted Zone Untrusted Zone Demilitarized Zone(DMZ)
Firewall Zones Trusted Zone  By default the LAN is trusted.  Trusted zone contains a numerical value of 100 which means highest level of trust. Untrusted Zone  Untrusted zone contains a numerical value of 0 which means lowest level of trust.  A WAN port can only be mapped to an Untrusted Zone.
Firewall Zones Demilitarized Zone  DMZs are less trusted zones  Public Zone is demilitarized zone and has a trust value of 50
Types of Firewalls Software Based Firewalls  Run as additional program on Personal Computers  Known as Personal Firewalls  Most of the SBFs get automatically configured and updated after installation.  Examples of SBFs are:- Windows Firewall, Kaspersky Firewall, Zone Alarm Pro Firewall  Also there are some open source firewall available. Exa:- OpenWRT, PfSense, Untangle Gateway, IPcop.
Types of Firewalls Hardware Based Firewalls  Hardware based firewalls are the first line of defense against the cyber attacks.  HBFs are more expensive as compared to SBFs.  Traditionally HBFs were only used to carry out Packet Filtering.  Today HBFs have built-in Intrusion Prevention System and Intrusion Detection System IPS/IDPS  When IDPS detects a malicious activity it sends a signal, drops the packet, blocks the IP and resets the connection.  Some Hardware Based Firewall providers are:  CISCO  ProSafe  D-Link  SonicWall  Netgear
Cisco Firewalls Cisco Firepower 9300 (Latest Series-9000 & 4100)  1.2 Tbps clustered throughput  57 million concurrent connections, with application control  500,000 new connections per second  High-end Next Gen. Firewall (NGFW)
Firewall Services The following services are provided by Firewalls:  Packet Filtering  Stateful packet Inspection  Proxying  Authentication  Logging  Content Filtering  Network Address Translation
Packet Filtering  Each incoming data packet is examined by the firewall.  The header of the each packet is compared to the pre- configured set of rules.  An allow or deny decision is made based on the results.  Rules of packet filtering are:  Protocol Type (TCP,IP,UDP,ICMP,ESP,etc)  Source Address  Source Port  Destination Address  Destination Port
Packet Filtering  Packet Filtering Firewalls works on the Network Layer (layer 3) and Transport Layer (layer 4) of the OSI model of reference.
Stateful Packet Inspection  All packets are examined and the header information is stored in dynamic state session table.  State table is used verify the data packets from the same connection.  The rules of stateful packet inspection are:  Protocol Type (TCP,IP,UDP,ICMP,ESP,etc)  Source Address  Source Port  Destination Address  Destination Port  Connection State
Stateful Packet Inspection  In Stateful Packet Inspection technique the firewall examines the headers of all incoming data packets from the level of network layer to the application layer of the OSI Model of reference.
Proxy Services  Proxy/Application gateway acts as an intermediate between the connections.  Each connection can only communicate with other by going through the proxy/application gateway.  Proxy/Application gateway operates at the Application layer (Layer 7) of the OSI Model of reference.  When a client issues a request from an untrusted network, a connection is established between the client and proxy/gateway. The proxy/gateway compares the request to the set of rules, if finds the request valid, it sends a connection request to the destination on the behalf of the client.
Proxy Services Proxy Servers also provide some other services:  Logging:-Proxy servers makes log of the each communication.  Content Filtering  Authentication
NAT(Network Address Translation)  NAT is a method that enables hosts on private networks to communicate with hosts on the Internet.  NAT is mostly used to translate between public address and private address.  NAT can be also used for Public to Public Address Translation and Private to Private Address Translation.  NAT hides the IP address and IP address structure of the internal network.  In NAT the actual IP address/port used in an internal network is translated to the outside IP address/outside port.  This is done by replacing the local IP address from the header of the data packet with the outside IP address.
Types of NAT Static NAT  Static NAT performs one to one translation between two addresses or between a port on one address to a port on another address.
Types of NAT Static NAT  Static NAT maps a block on external IP addresses to the same size block of internal IP addresses.  NAT maps a specific port to come through the firewall rather than all ports.  Static NAT allows the internal client to maintain their set-up information.  Multiple ISP’s can be enlisted to provide a degree of fault-tolerant access to the system. If network performance or quality degrades, connections can be swapped to another supplier.
Dynamic NAT  Dynamic does not perform one to one translation but instead maps a group on internal IP addresses to a pool of external IP addresses.
Dynamic NAT  These mappings can be set to expire if they are not used within a programmable period of time.  Dynamic NAT works as firewall between internal network and the outside network or internet.  Dynamic NAT only allows the connections that originate inside the internal domain.  A computer on an external network can not connect to one of the internal servers unless the internal node has initiated the contact.
Load Sharing NAT  Load Sharing NAT(LSNAT) distributes a session load across a pool of servers.  LSNAT is most often used in embedded server farms where a single blade server is unable to handle the increasing number of clients or sessions.
References  Intro_firewalls by Aaron Balchunas (routeralely.com)  University of Cambridge-University Information Services (Academic & Infrastructure)-” Firewalls and Network Address Translation”.  CISCO-Security Guide, Cisco ACE Application Control Engine-”Configuring Network Address Translation”  University of Virginia-Department of Computer Science- ”module17-nat”  CISCO NGFW-product guide-Firepower 9300 -“at-a- glance-c45-734810.pdf”, Title “Threat-Centric Security for Service Providers “
Thank You

Recommended

FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configurationSoban Ahmad
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Securityiberrywifisecurity
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 

Recommended

FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Windows 7 firewall & its configuration
Windows 7 firewall & its configurationWindows 7 firewall & its configuration
Windows 7 firewall & its configurationSoban Ahmad
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Securityiberrywifisecurity
 
Firewall
FirewallFirewall
Firewallsyeda zoya mehdi
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Firewalls
FirewallsFirewalls
Firewallsjunaid15bsse
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Firewall
FirewallFirewall
FirewallShivank Shah
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
Firewall ppt
Firewall pptFirewall ppt
Firewall pptOECLIB Odisha Electronics Control Library
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
Firewall basics
Firewall basicsFirewall basics
Firewall basicsFredrick Hall
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Firewall
FirewallFirewall
FirewallNilkanth Shingala
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 
Переговори - як підготвуватися та отримати максимальлний результат
Переговори - як підготвуватися та отримати максимальлний результатПереговори - як підготвуватися та отримати максимальлний результат
Переговори - як підготвуватися та отримати максимальлний результатCenter for Health Care Studies
 
Aprentacao projetor
Aprentacao projetorAprentacao projetor
Aprentacao projetorNTE RJ14/SEEDUC RJ
 
908140239254 pay slipreport
908140239254 pay slipreport908140239254 pay slipreport
908140239254 pay slipreportThanThai Sangwong
 

More Related Content

What's hot

Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer networkpoorvavyas4
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Types of firewall
Types of firewallTypes of firewall
Types of firewallPina Parmar
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Sabreen Irfana
 

What's hot (19)

Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configuration
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsür
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security Definition
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
 
Dmz
Dmz Dmz
Dmz
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
FireWall
FireWallFireWall
FireWall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Types of firewall
Types of firewallTypes of firewall
Types of firewall
 
Firewall
FirewallFirewall
Firewall
 
Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt Data security in local network using distributed firewall ppt
Data security in local network using distributed firewall ppt
 

Viewers also liked

Переговори - як підготвуватися та отримати максимальлний результат
Переговори - як підготвуватися та отримати максимальлний результатПереговори - як підготвуватися та отримати максимальлний результат
Переговори - як підготвуватися та отримати максимальлний результатCenter for Health Care Studies
 
Особенности использования машинного обучения при защите от DDoS-атак
Особенности использования машинного обучения при защите от DDoS-атакОсобенности использования машинного обучения при защите от DDoS-атак
Особенности использования машинного обучения при защите от DDoS-атакQrator Labs
 
Lviv PM Club (January) Роман Грисьо - як ефективний інструмент управління ко...
Lviv PM Club (January) Роман Грисьо - як ефективний інструмент управління ко...Lviv PM Club (January) Роман Грисьо - як ефективний інструмент управління ко...
Lviv PM Club (January) Роман Грисьо - як ефективний інструмент управління ко...Lviv Startup Club
 
Geometry hunt in our school
Geometry hunt in our schoolGeometry hunt in our school
Geometry hunt in our schoolGeorge Arlapanos
 
Service Provider Deployment of DDoS Mitigation
Service Provider Deployment of DDoS MitigationService Provider Deployment of DDoS Mitigation
Service Provider Deployment of DDoS MitigationCorero Network Security
 
Event introduction - Microsoft for Charities Event Ireland
Event introduction - Microsoft for Charities Event IrelandEvent introduction - Microsoft for Charities Event Ireland
Event introduction - Microsoft for Charities Event Irelandm-hance
 
Μεταφορά στα φυτά
Μεταφορά στα φυτάΜεταφορά στα φυτά
Μεταφορά στα φυτάGeorge Arlapanos
 
OTF Connect Webinar - Exploring Proportional Reasoning Through a 4-Part Math ...
OTF Connect Webinar - Exploring Proportional Reasoning Through a 4-Part Math ...OTF Connect Webinar - Exploring Proportional Reasoning Through a 4-Part Math ...
OTF Connect Webinar - Exploring Proportional Reasoning Through a 4-Part Math ...Kyle Pearce
 
Затяжной спад в экономике: Что предпринимают потребители и бизнес в России
Затяжной спад в экономике: Что предпринимают потребители и бизнес в РоссииЗатяжной спад в экономике: Что предпринимают потребители и бизнес в России
Затяжной спад в экономике: Что предпринимают потребители и бизнес в РоссииPwC Russia
 
Three phase vector groups
Three phase vector groupsThree phase vector groups
Three phase vector groupsMUHAMMAD USMAN
 
Introduction to Arduino
Introduction to ArduinoIntroduction to Arduino
Introduction to Arduinoyeokm1
 
Skateboarding (1)
Skateboarding (1)Skateboarding (1)
Skateboarding (1)davidpro123
 

Viewers also liked (17)

Переговори - як підготвуватися та отримати максимальлний результат
Переговори - як підготвуватися та отримати максимальлний результатПереговори - як підготвуватися та отримати максимальлний результат
Переговори - як підготвуватися та отримати максимальлний результат
 
Aprentacao projetor
Aprentacao projetorAprentacao projetor
Aprentacao projetor
 
908140239254 pay slipreport
908140239254 pay slipreport908140239254 pay slipreport
908140239254 pay slipreport
 
Особенности использования машинного обучения при защите от DDoS-атак
Особенности использования машинного обучения при защите от DDoS-атакОсобенности использования машинного обучения при защите от DDoS-атак
Особенности использования машинного обучения при защите от DDoS-атак
 
Lviv PM Club (January) Роман Грисьо - як ефективний інструмент управління ко...
Lviv PM Club (January) Роман Грисьо - як ефективний інструмент управління ко...Lviv PM Club (January) Роман Грисьо - як ефективний інструмент управління ко...
Lviv PM Club (January) Роман Грисьо - як ефективний інструмент управління ко...
 
Competitive Analysis 2
Competitive Analysis 2Competitive Analysis 2
Competitive Analysis 2
 
Geometry hunt in our school
Geometry hunt in our schoolGeometry hunt in our school
Geometry hunt in our school
 
Service Provider Deployment of DDoS Mitigation
Service Provider Deployment of DDoS MitigationService Provider Deployment of DDoS Mitigation
Service Provider Deployment of DDoS Mitigation
 
Event introduction - Microsoft for Charities Event Ireland
Event introduction - Microsoft for Charities Event IrelandEvent introduction - Microsoft for Charities Event Ireland
Event introduction - Microsoft for Charities Event Ireland
 
Μεταφορά στα φυτά
Μεταφορά στα φυτάΜεταφορά στα φυτά
Μεταφορά στα φυτά
 
OTF Connect Webinar - Exploring Proportional Reasoning Through a 4-Part Math ...
OTF Connect Webinar - Exploring Proportional Reasoning Through a 4-Part Math ...OTF Connect Webinar - Exploring Proportional Reasoning Through a 4-Part Math ...
OTF Connect Webinar - Exploring Proportional Reasoning Through a 4-Part Math ...
 
Затяжной спад в экономике: Что предпринимают потребители и бизнес в России
Затяжной спад в экономике: Что предпринимают потребители и бизнес в РоссииЗатяжной спад в экономике: Что предпринимают потребители и бизнес в России
Затяжной спад в экономике: Что предпринимают потребители и бизнес в России
 
Three phase vector groups
Three phase vector groupsThree phase vector groups
Three phase vector groups
 
Introduction to Arduino
Introduction to ArduinoIntroduction to Arduino
Introduction to Arduino
 
Firewall
FirewallFirewall
Firewall
 
Περσέας και Μέδουσα
Περσέας και ΜέδουσαΠερσέας και Μέδουσα
Περσέας και Μέδουσα
 
Skateboarding (1)
Skateboarding (1)Skateboarding (1)
Skateboarding (1)
 

Similar to Firewall & its Services

The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallVishal Kumar
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptxkarthikvcyber
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Securityphanleson
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix FirewallSouvik Santra
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxsaad504633
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation9921103075
 
firrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptxfirrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptxfatimagull32
 

Similar to Firewall & its Services (20)

The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security concepts
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
Firewalls
FirewallsFirewalls
Firewalls
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Ch18 Internet Security
Ch18 Internet SecurityCh18 Internet Security
Ch18 Internet Security
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix Firewall
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
 
Firewall
FirewallFirewall
Firewall
 
Network security
Network securityNetwork security
Network security
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
Firewall
Firewall Firewall
Firewall
 
CCNA 1
CCNA 1CCNA 1
CCNA 1
 
Module 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 PresentationModule 7 Firewalls Part - 2 Presentation
Module 7 Firewalls Part - 2 Presentation
 
firrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptxfirrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptx
 
PT.pptx
PT.pptxPT.pptx
PT.pptx
 
Day4
Day4Day4
Day4
 

Recently uploaded

办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 

Recently uploaded (20)

办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 

Firewall & its Services

  • 1. N A V D E E P S I N G H Firewall & its Services
  • 2. What is a Firewall ?  Firewall is a device or a software feature designed to control the flow of trafic into and out-of a network.  Firewall interconnects networks with different trust.  Firewall implements and enforces a security policy between networks.
  • 3. Firewall Zones Trusted Zone Untrusted Zone Demilitarized Zone(DMZ)
  • 4. Firewall Zones Trusted Zone  By default the LAN is trusted.  Trusted zone contains a numerical value of 100 which means highest level of trust. Untrusted Zone  Untrusted zone contains a numerical value of 0 which means lowest level of trust.  A WAN port can only be mapped to an Untrusted Zone.
  • 5. Firewall Zones Demilitarized Zone  DMZs are less trusted zones  Public Zone is demilitarized zone and has a trust value of 50
  • 6. Types of Firewalls Software Based Firewalls  Run as additional program on Personal Computers  Known as Personal Firewalls  Most of the SBFs get automatically configured and updated after installation.  Examples of SBFs are:- Windows Firewall, Kaspersky Firewall, Zone Alarm Pro Firewall  Also there are some open source firewall available. Exa:- OpenWRT, PfSense, Untangle Gateway, IPcop.
  • 7. Types of Firewalls Hardware Based Firewalls  Hardware based firewalls are the first line of defense against the cyber attacks.  HBFs are more expensive as compared to SBFs.  Traditionally HBFs were only used to carry out Packet Filtering.  Today HBFs have built-in Intrusion Prevention System and Intrusion Detection System IPS/IDPS  When IDPS detects a malicious activity it sends a signal, drops the packet, blocks the IP and resets the connection.  Some Hardware Based Firewall providers are:  CISCO  ProSafe  D-Link  SonicWall  Netgear
  • 8. Cisco Firewalls Cisco Firepower 9300 (Latest Series-9000 & 4100)  1.2 Tbps clustered throughput  57 million concurrent connections, with application control  500,000 new connections per second  High-end Next Gen. Firewall (NGFW)
  • 9. Firewall Services The following services are provided by Firewalls:  Packet Filtering  Stateful packet Inspection  Proxying  Authentication  Logging  Content Filtering  Network Address Translation
  • 10. Packet Filtering  Each incoming data packet is examined by the firewall.  The header of the each packet is compared to the pre- configured set of rules.  An allow or deny decision is made based on the results.  Rules of packet filtering are:  Protocol Type (TCP,IP,UDP,ICMP,ESP,etc)  Source Address  Source Port  Destination Address  Destination Port
  • 11. Packet Filtering  Packet Filtering Firewalls works on the Network Layer (layer 3) and Transport Layer (layer 4) of the OSI model of reference.
  • 12. Stateful Packet Inspection  All packets are examined and the header information is stored in dynamic state session table.  State table is used verify the data packets from the same connection.  The rules of stateful packet inspection are:  Protocol Type (TCP,IP,UDP,ICMP,ESP,etc)  Source Address  Source Port  Destination Address  Destination Port  Connection State
  • 13. Stateful Packet Inspection  In Stateful Packet Inspection technique the firewall examines the headers of all incoming data packets from the level of network layer to the application layer of the OSI Model of reference.
  • 14. Proxy Services  Proxy/Application gateway acts as an intermediate between the connections.  Each connection can only communicate with other by going through the proxy/application gateway.  Proxy/Application gateway operates at the Application layer (Layer 7) of the OSI Model of reference.  When a client issues a request from an untrusted network, a connection is established between the client and proxy/gateway. The proxy/gateway compares the request to the set of rules, if finds the request valid, it sends a connection request to the destination on the behalf of the client.
  • 15. Proxy Services Proxy Servers also provide some other services:  Logging:-Proxy servers makes log of the each communication.  Content Filtering  Authentication
  • 16. NAT(Network Address Translation)  NAT is a method that enables hosts on private networks to communicate with hosts on the Internet.  NAT is mostly used to translate between public address and private address.  NAT can be also used for Public to Public Address Translation and Private to Private Address Translation.  NAT hides the IP address and IP address structure of the internal network.  In NAT the actual IP address/port used in an internal network is translated to the outside IP address/outside port.  This is done by replacing the local IP address from the header of the data packet with the outside IP address.
  • 17. Types of NAT Static NAT  Static NAT performs one to one translation between two addresses or between a port on one address to a port on another address.
  • 18. Types of NAT Static NAT  Static NAT maps a block on external IP addresses to the same size block of internal IP addresses.  NAT maps a specific port to come through the firewall rather than all ports.  Static NAT allows the internal client to maintain their set-up information.  Multiple ISP’s can be enlisted to provide a degree of fault-tolerant access to the system. If network performance or quality degrades, connections can be swapped to another supplier.
  • 19. Dynamic NAT  Dynamic does not perform one to one translation but instead maps a group on internal IP addresses to a pool of external IP addresses.
  • 20. Dynamic NAT  These mappings can be set to expire if they are not used within a programmable period of time.  Dynamic NAT works as firewall between internal network and the outside network or internet.  Dynamic NAT only allows the connections that originate inside the internal domain.  A computer on an external network can not connect to one of the internal servers unless the internal node has initiated the contact.
  • 21. Load Sharing NAT  Load Sharing NAT(LSNAT) distributes a session load across a pool of servers.  LSNAT is most often used in embedded server farms where a single blade server is unable to handle the increasing number of clients or sessions.
  • 22. References  Intro_firewalls by Aaron Balchunas (routeralely.com)  University of Cambridge-University Information Services (Academic & Infrastructure)-” Firewalls and Network Address Translation”.  CISCO-Security Guide, Cisco ACE Application Control Engine-”Configuring Network Address Translation”  University of Virginia-Department of Computer Science- ”module17-nat”  CISCO NGFW-product guide-Firepower 9300 -“at-a- glance-c45-734810.pdf”, Title “Threat-Centric Security for Service Providers “