SlideShare a Scribd company logo

Firewall

Download as PPTX, PDF
Idris Shah
Idris Shah
Technology
1 of 16
FIREWALL IDRIS SHAH CIT/20/12
What is a Firewall? • A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through
Why firewalls • Protect local systems • Protect network based security threats • Provide secured and controlled access to internet • Provide restricted and controlled access from internet to local servers Firewall characteristics • All traffic from outside to inside and vice versa must pass through firewall • Only authorised traffic allowed to pass • Firewall itself immune to penetration
Types of firewall • Packet filtering firewall  applies set of rules to each incoming IP packet and then forwards or discards it.  Typically based on ip addresses and port numbers
 Filter packets going in both directions  Packet filter set up as list of rules based on matches to fields in TCP or IP header  Two default policies( discard or forward). Attacks • IP spoofing • Source routing attack • Tiny fragment attack-first fragment of packet must have predefined amount of transport header.
advantages • Simplicity • Transparency-need not know about presence of firewall • High speed Disadvantages 1.Difficulty of setting up packet filter rules-large routing tables 2. Lack of authentication
Application level gateway • Also called proxy server-typically a computer • It is service specific • Acts as a relay of application level traffic
Advantages • Higher security than packet filters • Only need to scrutinise few allowable applications • Easy to log and audit all incoming traffic- bactracking Disadvantages Additional processing overhead on each connection Slower as computers not routers
Circuit level gateway
• More like tunelling • Standalone system, or specialised function performed by application level gateway • Does not permit end-to-end TCP connection , rather gateway sets up two TCP connections • Security function consists of determining which connections will be allowed
Bastion Host • It is a system identified by firewall administrator as critical point in network security • Executes secure version of its OS and is trusted • Consists of services which are essential • Requires additional authentication before access is allowed
Firewall configurations • In addition to use of simple configuration of single system, more complex configurations are possible as:  Single homed host  Dual-homed host  Screened subnet
Single homed host • Only packets from and to bastion host allowed to pass through router • Bastion host performs authentication and proxy functions Greater security because: • Implements packet and application level filtering • Intruder has to penetrate two seperate systems
Dual homed host • Packet filtering router not completely compromised • Traffic between internet and hosts on private network has to flow through bastion host • DMZ-CONTAINS INFO WHICH CAN BE ACCESSED FROM OUTSIDE
Screened subnet • Most secure • Two packet filtering routers used • Creation of isolated subnetwork • Inside router accepts packets only from bastion host
Firewall Limitations • cannot protect from attacks bypassing it • cannot protect against internal threats – e.g. disgruntled employee-intrusion detection systems which looks for statistical anamoly. Install personal firewall on desktops • cannot protect against transfer of all virus infected programs or files – because of huge range of O/S & file types

Recommended

Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Seminar
SeminarSeminar
SeminarAbhinav Kushwah
 
Firewall Basing
Firewall BasingFirewall Basing
Firewall BasingPina Parmar
 
Firewalls
FirewallsFirewalls
FirewallsIGZ Software house
 
Firewalls
FirewallsFirewalls
FirewallsJyoti Akhter
 
Firewall fundamentals
Firewall fundamentalsFirewall fundamentals
Firewall fundamentalsThang Man
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 

Recommended

Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Seminar
SeminarSeminar
SeminarAbhinav Kushwah
 
Firewall Basing
Firewall BasingFirewall Basing
Firewall BasingPina Parmar
 
Firewalls
FirewallsFirewalls
FirewallsIGZ Software house
 
Firewalls
FirewallsFirewalls
FirewallsJyoti Akhter
 
Firewall fundamentals
Firewall fundamentalsFirewall fundamentals
Firewall fundamentalsThang Man
 
Firewall and its types and function
Firewall and its types and functionFirewall and its types and function
Firewall and its types and functionNisarg Amin
 
Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Cyber Security - Firewall and Packet Filters
Cyber Security - Firewall and Packet Filters Radhika Talaviya
 
Firewall
FirewallFirewall
FirewallApo
 
firewalls
firewallsfirewalls
firewallsahmedOday
 
Firewalls
FirewallsFirewalls
FirewallsAkhil Sharma
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Securitylalithambiga kamaraj
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introductionRaghava Sharma
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Firewalls
FirewallsFirewalls
FirewallsShreya Singireddy
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
E firewalls
E firewallsE firewalls
E firewallsAbhiroop Ghatak
 
What is firewall
What is firewallWhat is firewall
What is firewallHarshana Jayarathna
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Firewalls
FirewallsFirewalls
Firewallsvaishnavi
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix FirewallSouvik Santra
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Firewall
FirewallFirewall
Firewalllmbriscoe
 
Firewall
FirewallFirewall
FirewallSaurabh Chauhan
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
Firewall
FirewallFirewall
FirewallTapan Khilar
 

More Related Content

What's hot

Firewall
FirewallFirewall
FirewallApo
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introductionRaghava Sharma
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurationsStudent
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture Yovan Chandel
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewallsSapna Kumari
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix FirewallSouvik Santra
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 

What's hot (20)

Firewall
FirewallFirewall
Firewall
 
firewalls
firewallsfirewalls
firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Firewall management introduction
Firewall management introductionFirewall management introduction
Firewall management introduction
 
Firewall & its configurations
Firewall & its configurationsFirewall & its configurations
Firewall & its configurations
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall Architecture
Firewall Architecture Firewall Architecture
Firewall Architecture
 
E firewalls
E firewallsE firewalls
E firewalls
 
What is firewall
What is firewallWhat is firewall
What is firewall
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
 
Firewalls
FirewallsFirewalls
Firewalls
 
network security, group policy and firewalls
network security, group policy and firewallsnetwork security, group policy and firewalls
network security, group policy and firewalls
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
 
Internetworking With Pix Firewall
Internetworking With Pix FirewallInternetworking With Pix Firewall
Internetworking With Pix Firewall
 
FireWall
FireWallFireWall
FireWall
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 

Similar to Firewall

BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8limsh
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Network defenses
Network defensesNetwork defenses
Network defensesG Prachi
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ finalpg13tarun_g
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewallsDivya Jyoti
 
Access Control Firewall
Access Control FirewallAccess Control Firewall
Access Control Firewallkaranwayne
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocolsOnline
 
Unit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).pptUnit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).pptAnuReddy68
 
Firewalls.ppt
Firewalls.pptFirewalls.ppt
Firewalls.pptKaushal72
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 

Similar to Firewall (20)

BAIT1103 Chapter 8
BAIT1103 Chapter 8BAIT1103 Chapter 8
BAIT1103 Chapter 8
 
Firewall
FirewallFirewall
Firewall
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Network defenses
Network defensesNetwork defenses
Network defenses
 
Section c group2_firewall_ final
Section c group2_firewall_ finalSection c group2_firewall_ final
Section c group2_firewall_ final
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Types
 
Firewall
FirewallFirewall
Firewall
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Firewall
FirewallFirewall
Firewall
 
Network security
Network security Network security
Network security
 
Access Control Firewall
Access Control FirewallAccess Control Firewall
Access Control Firewall
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Unit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).pptUnit 5.3_Firewalls (1).ppt
Unit 5.3_Firewalls (1).ppt
 
Firewalls.ppt
Firewalls.pptFirewalls.ppt
Firewalls.ppt
 
Advance firewalls
Advance firewallsAdvance firewalls
Advance firewalls
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Firewalls.ppt
Firewalls.pptFirewalls.ppt
Firewalls.ppt
 

Recently uploaded

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 

Recently uploaded (20)

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 

Firewall

  • 2. What is a Firewall? • A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through
  • 3. Why firewalls • Protect local systems • Protect network based security threats • Provide secured and controlled access to internet • Provide restricted and controlled access from internet to local servers Firewall characteristics • All traffic from outside to inside and vice versa must pass through firewall • Only authorised traffic allowed to pass • Firewall itself immune to penetration
  • 4. Types of firewall • Packet filtering firewall  applies set of rules to each incoming IP packet and then forwards or discards it.  Typically based on ip addresses and port numbers
  • 5.  Filter packets going in both directions  Packet filter set up as list of rules based on matches to fields in TCP or IP header  Two default policies( discard or forward). Attacks • IP spoofing • Source routing attack • Tiny fragment attack-first fragment of packet must have predefined amount of transport header.
  • 6. advantages • Simplicity • Transparency-need not know about presence of firewall • High speed Disadvantages 1.Difficulty of setting up packet filter rules-large routing tables 2. Lack of authentication
  • 7. Application level gateway • Also called proxy server-typically a computer • It is service specific • Acts as a relay of application level traffic
  • 8. Advantages • Higher security than packet filters • Only need to scrutinise few allowable applications • Easy to log and audit all incoming traffic- bactracking Disadvantages Additional processing overhead on each connection Slower as computers not routers
  • 10. • More like tunelling • Standalone system, or specialised function performed by application level gateway • Does not permit end-to-end TCP connection , rather gateway sets up two TCP connections • Security function consists of determining which connections will be allowed
  • 11. Bastion Host • It is a system identified by firewall administrator as critical point in network security • Executes secure version of its OS and is trusted • Consists of services which are essential • Requires additional authentication before access is allowed
  • 12. Firewall configurations • In addition to use of simple configuration of single system, more complex configurations are possible as:  Single homed host  Dual-homed host  Screened subnet
  • 13. Single homed host • Only packets from and to bastion host allowed to pass through router • Bastion host performs authentication and proxy functions Greater security because: • Implements packet and application level filtering • Intruder has to penetrate two seperate systems
  • 14. Dual homed host • Packet filtering router not completely compromised • Traffic between internet and hosts on private network has to flow through bastion host • DMZ-CONTAINS INFO WHICH CAN BE ACCESSED FROM OUTSIDE
  • 15. Screened subnet • Most secure • Two packet filtering routers used • Creation of isolated subnetwork • Inside router accepts packets only from bastion host
  • 16. Firewall Limitations • cannot protect from attacks bypassing it • cannot protect against internal threats – e.g. disgruntled employee-intrusion detection systems which looks for statistical anamoly. Install personal firewall on desktops • cannot protect against transfer of all virus infected programs or files – because of huge range of O/S & file types