Firewalls provide protection for the entry and exit points of computer networks. There are two types of firewalls: packet filtering firewalls and application-level gateways. Packet filtering firewalls make filtering decisions based on IP addresses and port numbers, blocking or allowing network traffic based on these attributes. Application-level gateways provide additional security by only allowing authenticated internal users to access specific external applications and preventing external clients from entering the internal network. Firewalls help secure computer networks by controlling inbound and outbound network traffic.

1. Access Control: Firewalls

2. Introduction
Good Guys
Bad Guys
• There are two kind of people
• For both of them there is a Single point
entry/exit.
• Protection is to be given to this entry/exit
point.
• This protection in the field of computer
network is given by the “Firewall”.

3. What is Firewall??
• In a computer network when the traffic
entering/leaving a network is security
checked, logged and/or forwarded it is done
at a device called “Firewall”.
• Hardware + Software(isolating the internal
network from internet at large)=Firewall.

4. Firewall are of
two types
Packet Filtering
Firewall
Application Level
Gateways

5. Packet Filtering
Internal
Network
• Filtering Decision is taken based on:
• IP source or destination address
• TCP or UDP source and destination port
• ICMP message type.
• Connection initialization datagrams using the TCP SYN
or ACK bits.
Gateway
Router
(Packet
Filtering)
ISP

6. • Filter can block all UDP an Tel-net connections.
• By this method no one can go out and no one can come
in. This is the process called filtering UDP. The filtering
Telnet is also popular as it prevents outsiders.
• A filtering policy is based on the combination of
addresses and port numbers.
• Another filtering policy is based on whether or not to set
the TCP ACK bit. This trick is quite useful if an
organization wants too let its internal clients connect to
external serves but to prevent external client form
connecting to internal server.
• These policy have pitfall which is described in the
example of alice and bob in Pg. 720.

7. Application Gateway
• Want to provide service for some users? These servers
need to be authenticated.
• Here the policy is designed based on the application
data.
Application
data
Application
Specific
Server
Internet
• Allows only a restricted set of internal users to Telnet
outside and prevents all external clients to get inside.
• First the user who want to browse out has to
authenticate himself.
• The Application specific server validates it and allow
access.

8. • If user has the permission then the gateway
– Prompts the user to provide the website details.
– Sets up the connection with the website.
– Checks the safety in the communication between these two.
• Disadvantage:
– Each application need a gateway.
– Work is more due to individual gateway.