June 20 th  2008
Firewall:  Introduction to the past Idea came from construction industry in 19 th  century. Structure of metal sheets in houses, flights etc were the first physical firewall. Metal sheets protected from fire. In 1980’s Usage of internet was rapidly growing. Businesses established and implemented networks. Difficulties faced ! Huge network data traffic. Allocating the different networks. Solutions ! Procedure of firewall implemented in routers. Networks were controlled.
Firewall: People who made it important. Clifford Stoll a US astronomer and computer expert, discovered that German spies accessing his system. After this incident US started to implement firewall security in the government networks. Bill Cheswick the author of the famous security book “Firewalls and Internet Security” set up a simple electronic jail to observe an attacker. He devoted himself and brought a huge impact on awareness of firewall and internet and network security. Robert Tappan Morris created Morris Worm which was the virus that awakened all the network administrators and made them think of the importance of firewall. The networks administrators weren’t expecting anything like this. The worm spread around networks around the world. 10% of the internet was infected.
A Firewall A program or a hardware device. Filters packets. Unauthorized and authorized data goes through the filter. Unauthorized packets or data are blocked in and out of the network. Rules to the firewall are set and updated by the network administrator. Firewall sits between as a barrier between internet and internal network.
Types of firewall There are three types of firewalls.  Personal firewall Organization firewall. Enterprise firewall.
Personal Firewall Mostly found on single computers. Protect the computer in means of software. Hardware can also be used in this type of firewall. Have limited reporting and management features.
Organization firewall Found in organization or an offices. Handles limited number of computers.  50-100pc’s Screens network traffic. Reporting and management capabilities far better than a personal firewall.
Enterprise firewall Compatible for larger organizations. Can handle with thousands of users. Able to report for multiple firewalls. The management tools enable to configure multiple firewalls in a single click.
Generation of firewall Evolved into different faces past decade. Continuation of research on firewall. Implementing the researches. The evolution of firewall and its categories Packet filters Circuit Level Gateways Proxy server/Application layer Stateful filters
Packet filters Developed by Digital Equipment Corporation in 1988. Known to be the first filter system of its own kind. Bill Cheswick and Steve Bellovin researched and developed a working model of packet filters. Packet filters inspects the packets. If the packets doesn't meet up with filtering rules. It is either rejected or dropped. Packet filters doesn't check whether the packet belongs to local network. It filters the packets based only on information.
Packet filters
Circuit Level Gateways  It works at the session layer of the OSI reference model. Monitors TCP handshaking between packets. Determines whether a request session is valid. Used to hide information about the network. An example of circuit level gateways can be web browsing. As it only depends on the packets between web browser and the internet
Circuit Level Gateways
Proxy server/Application layer Proxy server firewalls are also known as application layer firewall. AT&T Bell Laboratories developed the system. It requires separate network service configuration on the firewall. The rules for the services must be specified by network administrators. For example a firewall that supports HTTP, FTP and SMTP will not support Telnet, as telnet rules are not specified in the firewall.
Proxy server/Application layer
Stateful filters It provides more protection than other filters. Uses methods from other filters. Multiple packet filtering. Denial-of-service attacks and other hacks can be reduced.
The Firewall Topology Different ways firewall can be set up on a network. Can have a very simple setup which is enough for protecting personal computer. More complicated setup which will provide more protection and security for huge networks. Firewall topology comes in three types, they are Dual homed gateway firewalls. Screened host firewalls. Screened subnet firewalls.
Dual homed gateway firewalls Found in small networks at home etc. Provides internal and external protection for local networks.  Does not allow forwarding of IP packets. Can filter multiple packets with a packet filtering router for more additional protection
Dual homed gateway firewalls
Screened host firewalls Found in organizations and businesses. Mainly secured with Bastion Host and Router. Bastion Host : Consist of bastion software which can scan. Checks and scan with applications only. Consists of two network cards. Scans all the incoming and outgoing information and packets. Router : Filters the information in data packets. Rout the data to the location.
Screened host firewalls
Screened subnet firewalls Found in enterprises. Uses a combination of two screening routers. Which are Internal and External screening routers. External Screening Router : Separates internet from public accessibility to the internal subnet. Blocks the packets which are directly addressed to the internal hosts. Blocks packets for unauthorized services. Packets that can pass through are those packets which has the source or destination IP same as the firewalls IP. Internal Screening Router : Separates the hosts that are publicly accessible to the internal network. Blocks all packets except the source or destination IP same as the firewalls IP.  Can be extended according to the services defined by the firewall.
Screened Subnet Firewalls
Choices of firewall Software Firewalls Hardware Firewalls
Software Firewalls Most popular firewall choice for individual computers. Allows controlling functions and protection features. Protect computer against  common trojans, viruses and email worms etc. Blocks unsafe applications from running on the system. May also include privacy controls, web filtering etc. Will only protect the computer installed on.
Some known software firewalls Kaspersky Internet Security: Provides a comprehensive security tool kit. A nicely organized interface. Protects from malware, dos attacks etc. Has a powerful firewall.  Kaspersky Internet Security interface
Some known software firewalls Norton 360: Has the best value for easy use of tools offered, and  overall system performance.  Uses multiple tools to control the firewall.  Norton 360: Firewall Protection Setting interface
Some known software firewalls Zone Alarm Internet Security Suite: Compared to other softwares, one of the best firewall software.  Has light weight software. Best performance at home use. Zone Alarm: Firewall Protection Setting interface
Hardware Firewalls Stand alone hardware component. Comes in broadband routers. It is an important part of network set up and network security. Very effective with little or no configuration. Can protect large businesses and enterprises and protects every computer. Uses packet filtering to examine the header of the packet and determines its source and destination. Using predefined or user created rules it forwards or drops a packet.
Some known hardware firewalls D-Link: D-Link DIR-655 Xtreme N Gigabit Router  Has fast performance.  A combination of latest in built wireless security and intergraded  wireless security wizard is used.  Controlled very easily. DIR 655 : Configuration Page
Some known hardware firewalls Cisco: ASA 5550 Firewall Delivers advanced threat defense service.  Network and application traffic will be protected.  Defensive from worms, virus and network attacks such as denial of services or DDOS.  Spyware and adware protection.  Cisco ASA Software for ASA 5500
Future of firewall Market idea will remain. Hardware components may be included in the future personal computers as personal firewalls.  Supercomputers, Mainframe computers and mini computers may come up with, its own firewall technology in the near future. Influence of viruses and network attacks. Combining firewall
Conclusion Firewall technology has evolved significantly since the days of basic packet filters and network address translation.  A research today makes technology of tomorrows firewall. Firewall comes in different types and topologies.  These types and topologies helps to ensure that networks and networks of networks the internet have a secure connection between each other.  Furthermore local networks are also protected under firewalls which suites for the size of the network.  The future of firewall depends on the hands of todays influences such as network security threats and viruses.

Firewall

  • 1.
  • 2.
    Firewall: Introductionto the past Idea came from construction industry in 19 th century. Structure of metal sheets in houses, flights etc were the first physical firewall. Metal sheets protected from fire. In 1980’s Usage of internet was rapidly growing. Businesses established and implemented networks. Difficulties faced ! Huge network data traffic. Allocating the different networks. Solutions ! Procedure of firewall implemented in routers. Networks were controlled.
  • 3.
    Firewall: People whomade it important. Clifford Stoll a US astronomer and computer expert, discovered that German spies accessing his system. After this incident US started to implement firewall security in the government networks. Bill Cheswick the author of the famous security book “Firewalls and Internet Security” set up a simple electronic jail to observe an attacker. He devoted himself and brought a huge impact on awareness of firewall and internet and network security. Robert Tappan Morris created Morris Worm which was the virus that awakened all the network administrators and made them think of the importance of firewall. The networks administrators weren’t expecting anything like this. The worm spread around networks around the world. 10% of the internet was infected.
  • 4.
    A Firewall Aprogram or a hardware device. Filters packets. Unauthorized and authorized data goes through the filter. Unauthorized packets or data are blocked in and out of the network. Rules to the firewall are set and updated by the network administrator. Firewall sits between as a barrier between internet and internal network.
  • 5.
    Types of firewallThere are three types of firewalls. Personal firewall Organization firewall. Enterprise firewall.
  • 6.
    Personal Firewall Mostlyfound on single computers. Protect the computer in means of software. Hardware can also be used in this type of firewall. Have limited reporting and management features.
  • 7.
    Organization firewall Foundin organization or an offices. Handles limited number of computers. 50-100pc’s Screens network traffic. Reporting and management capabilities far better than a personal firewall.
  • 8.
    Enterprise firewall Compatiblefor larger organizations. Can handle with thousands of users. Able to report for multiple firewalls. The management tools enable to configure multiple firewalls in a single click.
  • 9.
    Generation of firewallEvolved into different faces past decade. Continuation of research on firewall. Implementing the researches. The evolution of firewall and its categories Packet filters Circuit Level Gateways Proxy server/Application layer Stateful filters
  • 10.
    Packet filters Developedby Digital Equipment Corporation in 1988. Known to be the first filter system of its own kind. Bill Cheswick and Steve Bellovin researched and developed a working model of packet filters. Packet filters inspects the packets. If the packets doesn't meet up with filtering rules. It is either rejected or dropped. Packet filters doesn't check whether the packet belongs to local network. It filters the packets based only on information.
  • 11.
  • 12.
    Circuit Level Gateways It works at the session layer of the OSI reference model. Monitors TCP handshaking between packets. Determines whether a request session is valid. Used to hide information about the network. An example of circuit level gateways can be web browsing. As it only depends on the packets between web browser and the internet
  • 13.
  • 14.
    Proxy server/Application layerProxy server firewalls are also known as application layer firewall. AT&T Bell Laboratories developed the system. It requires separate network service configuration on the firewall. The rules for the services must be specified by network administrators. For example a firewall that supports HTTP, FTP and SMTP will not support Telnet, as telnet rules are not specified in the firewall.
  • 15.
  • 16.
    Stateful filters Itprovides more protection than other filters. Uses methods from other filters. Multiple packet filtering. Denial-of-service attacks and other hacks can be reduced.
  • 17.
    The Firewall TopologyDifferent ways firewall can be set up on a network. Can have a very simple setup which is enough for protecting personal computer. More complicated setup which will provide more protection and security for huge networks. Firewall topology comes in three types, they are Dual homed gateway firewalls. Screened host firewalls. Screened subnet firewalls.
  • 18.
    Dual homed gatewayfirewalls Found in small networks at home etc. Provides internal and external protection for local networks. Does not allow forwarding of IP packets. Can filter multiple packets with a packet filtering router for more additional protection
  • 19.
  • 20.
    Screened host firewallsFound in organizations and businesses. Mainly secured with Bastion Host and Router. Bastion Host : Consist of bastion software which can scan. Checks and scan with applications only. Consists of two network cards. Scans all the incoming and outgoing information and packets. Router : Filters the information in data packets. Rout the data to the location.
  • 21.
  • 22.
    Screened subnet firewallsFound in enterprises. Uses a combination of two screening routers. Which are Internal and External screening routers. External Screening Router : Separates internet from public accessibility to the internal subnet. Blocks the packets which are directly addressed to the internal hosts. Blocks packets for unauthorized services. Packets that can pass through are those packets which has the source or destination IP same as the firewalls IP. Internal Screening Router : Separates the hosts that are publicly accessible to the internal network. Blocks all packets except the source or destination IP same as the firewalls IP. Can be extended according to the services defined by the firewall.
  • 23.
  • 24.
    Choices of firewallSoftware Firewalls Hardware Firewalls
  • 25.
    Software Firewalls Mostpopular firewall choice for individual computers. Allows controlling functions and protection features. Protect computer against common trojans, viruses and email worms etc. Blocks unsafe applications from running on the system. May also include privacy controls, web filtering etc. Will only protect the computer installed on.
  • 26.
    Some known softwarefirewalls Kaspersky Internet Security: Provides a comprehensive security tool kit. A nicely organized interface. Protects from malware, dos attacks etc. Has a powerful firewall. Kaspersky Internet Security interface
  • 27.
    Some known softwarefirewalls Norton 360: Has the best value for easy use of tools offered, and overall system performance. Uses multiple tools to control the firewall. Norton 360: Firewall Protection Setting interface
  • 28.
    Some known softwarefirewalls Zone Alarm Internet Security Suite: Compared to other softwares, one of the best firewall software. Has light weight software. Best performance at home use. Zone Alarm: Firewall Protection Setting interface
  • 29.
    Hardware Firewalls Standalone hardware component. Comes in broadband routers. It is an important part of network set up and network security. Very effective with little or no configuration. Can protect large businesses and enterprises and protects every computer. Uses packet filtering to examine the header of the packet and determines its source and destination. Using predefined or user created rules it forwards or drops a packet.
  • 30.
    Some known hardwarefirewalls D-Link: D-Link DIR-655 Xtreme N Gigabit Router Has fast performance. A combination of latest in built wireless security and intergraded wireless security wizard is used. Controlled very easily. DIR 655 : Configuration Page
  • 31.
    Some known hardwarefirewalls Cisco: ASA 5550 Firewall Delivers advanced threat defense service. Network and application traffic will be protected. Defensive from worms, virus and network attacks such as denial of services or DDOS. Spyware and adware protection. Cisco ASA Software for ASA 5500
  • 32.
    Future of firewallMarket idea will remain. Hardware components may be included in the future personal computers as personal firewalls. Supercomputers, Mainframe computers and mini computers may come up with, its own firewall technology in the near future. Influence of viruses and network attacks. Combining firewall
  • 33.
    Conclusion Firewall technologyhas evolved significantly since the days of basic packet filters and network address translation. A research today makes technology of tomorrows firewall. Firewall comes in different types and topologies. These types and topologies helps to ensure that networks and networks of networks the internet have a secure connection between each other. Furthermore local networks are also protected under firewalls which suites for the size of the network. The future of firewall depends on the hands of todays influences such as network security threats and viruses.