The document discusses firewalls, describing their purpose of controlling network traffic flow. It outlines different firewall environments like DMZ and intranets. It also categorizes firewall types as packet filters, circuit-level, application-level, and stateful multilayer. Finally, it notes that firewalls will continue advancing with more sophisticated attacks and some may integrate virus scanning in the future.
3. Introduction
• Firewalls control the flow of network traffic
• Firewalls have applicability in networks wh
ere there is no internet connectivity
• Firewalls operate on number of layers
• Can also act as VPN gateways
• Active content filtering technologies
4. Firewall Environments
• There are different types of environments w
here a firewall can be implemented.
• Simple environment can be a packet filter fi
rewall
• Complex environments can be several firew
alls and proxies
5. DMZ Environment
• Can be created out of a network connecting
two firewalls
• Boundary router filter packets protecting ser
ver
• First firewall provide access control and pr
otection from server if they are hacked
7. VPN
• VPN is used to provide secure network link
s across networks
• VPN is constructed on top of existing netwo
rk media and protocols
• On protocol level IPsec is the first choice
• Other protocols are PPTP, L2TP
9. Intranets
• An intranet is a network that employs the sa
me types of services, applications, and proto
cols present in an Internet implementation,
without involving external connectivity
• Intranets are typically implemented behind f
irewall environments.
11. Extranets
• Extranet is usually a business-to-business in
tranet
• Controlled access to remote users via some
form of authentication and encryption such
as provided by a VPN
• Extranets employ TCP/IP protocols, along
with the same standard applications and ser
vices
12. Type is Firewalls
• Firewalls fall into four broad categories
• Packet filters
• Circuit level
• Application level
• Stateful multilayer
13. Packet Filter
• Work at the network level of the OSI model
• Each packet is compared to a set of criteria
before it is forwarded
• Packet filtering firewalls is low cost and lo
w impact on network performance
15. Circuit level
• Circuit level gateways work at the session la
yer of the OSI model, or the TCP layer of T
CP/IP
• Monitor TCP handshaking between packets
to determine whether a requested session is
legitimate.
17. Application Level
• Application level gateways, also called prox
ies, are similar to circuit-level gateways exc
ept that they are application specific
• Gateway that is configured to be a web prox
y will not allow any ftp, gopher, telnet or ot
her traffic through
19. Stateful Multilayer
• Stateful multilayer inspection firewalls com
bine the aspects of the other three types of fi
rewalls
• They filter packets at the network layer, det
ermine whether session packets are legitima
te and evaluate contents of packets at the ap
plication layer
22. Future of Firewalls
• Firewalls will continue to advance as the attacks o
n IT infrastructure become more and more sophisti
cated
• More and more client and server applications are c
oming with native support for proxied environmen
ts
• Firewalls that scan for viruses as they enter the net
work and several firms are currently exploring this
idea, but it is not yet in wide use
23. Conclusion
• It is clear that some form of security for priv
ate networks connected to the Internet is ess
ential
• A firewall is an important and necessary par
t of that security, but cannot be expected to
perform all the required security functions.