SlideShare a Scribd company logo

Tech 101: Understanding Firewalls

Download as PPT, PDF
Likan Patra
Likan Patra

In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on a rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.

Technology
1 of 30
““Firewall”Firewall”
OutlineOutline  1. Introduction to Firewall1. Introduction to Firewall  2.why firewalls are needed ?2.why firewalls are needed ?  3. Types of Firewall3. Types of Firewall  4. Hardware vs. Software firewalls4. Hardware vs. Software firewalls  5. what it protects you from ?5. what it protects you from ?  6. Making Firewall Fit6. Making Firewall Fit  5. Appropriate Use Of Firewall5. Appropriate Use Of Firewall  6. Personal Firewall6. Personal Firewall  7.Firewall Security Policy7.Firewall Security Policy characteristicscharacteristics  8. Issues and problems with firewalls8. Issues and problems with firewalls  9. Conclusion9. Conclusion
IntroductionIntroduction  A firewall is simply a program orA firewall is simply a program or hardware device that filters thehardware device that filters the information coming through theinformation coming through the Internet connection into your privateInternet connection into your private network or computer system. If annetwork or computer system. If an incoming packet of information isincoming packet of information is flagged by the filters, it is not allowedflagged by the filters, it is not allowed through.through.
What is a Firewall ?What is a Firewall ?
Why Firewalls are Needed  Prevent attacks from untrustedPrevent attacks from untrusted networksnetworks  Protect data integrity of criticalProtect data integrity of critical informationinformation  Preserve customer and partnerPreserve customer and partner confidenceconfidence
There are threeThere are three common types ofcommon types of firewallsfirewalls  Packet-Filtering RouterPacket-Filtering Router  Application Level GatewayApplication Level Gateway  Circuit Level GatewayCircuit Level Gateway
 Packets examined at the network layerPackets examined at the network layer  Useful “first line” of defense - commonly deployedUseful “first line” of defense - commonly deployed on routerson routers  Simple accept or reject decision modelSimple accept or reject decision model  No awareness of higher protocol layersNo awareness of higher protocol layers Packet Filtering RouterPacket Filtering Router Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Presentations Sessions Transport Applications Network Network
Firewall – PacketFirewall – Packet FilteringFiltering  Set of rules that either allow or disallowSet of rules that either allow or disallow traffic to flow through the firewalltraffic to flow through the firewall  Can filter based on any information in theCan filter based on any information in the Packet HeaderPacket Header – IP Source AddressIP Source Address – IP destination addressIP destination address – ProtocolProtocol – Source PortSource Port – Destination PortDestination Port – Message typeMessage type – Interface the packets arrive on and leaveInterface the packets arrive on and leave
Figure:Figure: Packet FilteringPacket Filtering routerrouter
AdvantagesAdvantages  Application independent - only examines packet atApplication independent - only examines packet at the network layerthe network layer  High performance - simple rules that require littleHigh performance - simple rules that require little processing and decision making beyond what isprocessing and decision making beyond what is normally done for routing decisionsnormally done for routing decisions  Scalable - low overhead of filtering means that largeScalable - low overhead of filtering means that large amounts of traffic can be handledamounts of traffic can be handled  Transparent - user’s don’t need to provideTransparent - user’s don’t need to provide additional passwords or use special commands toadditional passwords or use special commands to initiate connectionsinitiate connections
DisadvantagesDisadvantages Examines and filters only at the networkExamines and filters only at the network layer - no application level awarenesslayer - no application level awareness or state context is maintainedor state context is maintained  Security is weak - the state of a givenSecurity is weak - the state of a given connection is not maintained making itconnection is not maintained making it easier to exploit networking protocolseasier to exploit networking protocols and applicationsand applications
Application Gateway orApplication Gateway or ProxyProxy Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network NetworkNetwork Presentations Sessions Transport Applications  Packets examined at the application layerPackets examined at the application layer  Application/Content filtering possible - preventApplication/Content filtering possible - prevent FTP “put” commands, for exampleFTP “put” commands, for example  Modest performanceModest performance  Scalability limitedScalability limited
Firewalls -Firewalls - ApplicationApplication Level Gateway (or Proxy)Level Gateway (or Proxy)
Application LevelApplication Level GatewayGateway AdvantagesAdvantages  Provide good security -Provide good security - connections are terminated and re-connections are terminated and re- initiated, ensuring that all datainitiated, ensuring that all data payloads are inspected at thepayloads are inspected at the application layerapplication layer  Full application layer awareness -Full application layer awareness - inspecting the data payload at theinspecting the data payload at the application layer provides for thoroughapplication layer provides for thorough translation of the contents of thetranslation of the contents of the
DisadvantagesDisadvantages  Screens limited number of applications -Screens limited number of applications - requires separate proxy for each newrequires separate proxy for each new serviceservice (slow to respond to new(slow to respond to new and emerging protocols) -and emerging protocols) - proxyproxy mustmust be compiled for each platformbe compiled for each platform supportedsupported  Connectivity and transparency areConnectivity and transparency are brokenbroken  Poor performance - many data copies &Poor performance - many data copies & context switches must occur for the packetcontext switches must occur for the packet
Circuit Level GatewayCircuit Level Gateway Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Network Network Presentations Sessions Transport INSPECT Engine Applications Dynamic StateDynamic State TablesTablesDynamic StateDynamic State TablesTablesDynamic State Tables  It. is also known as stateful inspectionIt. is also known as stateful inspection  Packets Inspected between data link layer and network layer in the OSPackets Inspected between data link layer and network layer in the OS kernelkernel  State tables are created to maintain connection contextState tables are created to maintain connection context  Invented by Check PointInvented by Check Point
Firewalls -Firewalls - Circuit LevelCircuit Level GatewayGateway
Hardware vs. SoftwareHardware vs. Software FirewallsFirewalls  Hardware FirewallsHardware Firewalls – Protect an entire networkProtect an entire network – Implemented on the router levelImplemented on the router level – Usually more expensive, harder toUsually more expensive, harder to configureconfigure  Software FirewallsSoftware Firewalls – Protect a single computerProtect a single computer – Usually less expensive, easier toUsually less expensive, easier to configureconfigure
What it Protects youWhat it Protects you fromfrom  Application backdoorsApplication backdoors  SMTP session hijackingSMTP session hijacking  Operating system bugsOperating system bugs  Denial of serviceDenial of service  Remote LoginRemote Login  E-mail bombsE-mail bombs  MacrosMacros  VirusesViruses  SpamSpam
Making Firewall FitMaking Firewall Fit  Firewalls are customizable. ThisFirewalls are customizable. This means that you can add or removemeans that you can add or remove filters based on several conditions.filters based on several conditions. Some of these are:Some of these are:  IP addressesIP addresses  Domain namesDomain names  ProtocolsProtocols  PortsPorts
Appropriate use ofAppropriate use of firewallfirewall  Firewalls are applicable when – – When there is two networks that have a distinct trust factor (friend/foe). – When network topology is designed to flow all traffic thru a single interface which connects to the firewall (i.e. protected networks connection must terminate behind firewall). – When there is need for extra layer of protection for certain applications.
WhatWhat a personal firewall can do ?a personal firewall can do ?  Stop hackers from accessing yourStop hackers from accessing your computercomputer  Protects your personal informationProtects your personal information  Blocks “pop up” ads and certainBlocks “pop up” ads and certain cookiescookies  Determines which programs canDetermines which programs can access the Internetaccess the Internet
What a personal firewallWhat a personal firewall cannot do ?cannot do ?  Cannot prevent e-mail virusesCannot prevent e-mail viruses – Only an antivirus product with updatedOnly an antivirus product with updated definitions can prevent e-mail virusesdefinitions can prevent e-mail viruses  After setting it initially, you can forgetAfter setting it initially, you can forget about itabout it – The firewall will require periodic updatesThe firewall will require periodic updates to the rulesets and the software itselfto the rulesets and the software itself
Windows XP FirewallWindows XP Firewall  Currently *not* enabled by defaultCurrently *not* enabled by default  Enable under Start -> Settings ->Enable under Start -> Settings -> Control PanelControl Panel  Select Local Area ConnectionSelect Local Area Connection  Select the Properties buttonSelect the Properties button  Click the “Advanced” tabClick the “Advanced” tab
Windows XP firewallWindows XP firewall
Firewall Security PolicyFirewall Security Policy characteristicscharacteristics  Defines network use and responsibilities for:Defines network use and responsibilities for: – UsersUsers – ManagementManagement – Network administratorsNetwork administrators  Identifies who is allowed use of network resourcesIdentifies who is allowed use of network resources  Defines who is authorized to grant/deny accessDefines who is authorized to grant/deny access  Defines auditing requirementsDefines auditing requirements  Defines recovery planDefines recovery plan
Issues and problemsIssues and problems with firewallswith firewalls  Restricted access to desirableRestricted access to desirable servicesservices  Large potential for back doorsLarge potential for back doors  Little protection for insider attackLittle protection for insider attack and other issues.and other issues.
ConclusionsConclusions  Now a days firewalls comes withNow a days firewalls comes with built in virus scanning facilities, thebuilt in virus scanning facilities, the disadvantage is they can not scandisadvantage is they can not scan attach application or files so still theattach application or files so still the computer systems are vulnerable tocomputer systems are vulnerable to virus those comes with them. The newvirus those comes with them. The new invention need to over come thisinvention need to over come this problem.problem.
Thank You!Thank You!

Recommended

Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
Anthony Daniel
 
summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer
Dheeraj Giri
 
Firewalls
FirewallsFirewalls
Firewalls
vaishnavi
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
Hem Pokhrel
 
What is firewall
What is firewallWhat is firewall
What is firewall
Harshana Jayarathna
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
Cisco Mobility
 

Recommended

Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
Anthony Daniel
 
summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer summer training report on Computer network and Cisco packet tracer
summer training report on Computer network and Cisco packet tracer
Dheeraj Giri
 
Firewalls
FirewallsFirewalls
Firewalls
vaishnavi
 
Firewall and It's Types
Firewall and It's TypesFirewall and It's Types
Firewall and It's Types
Hem Pokhrel
 
What is firewall
What is firewallWhat is firewall
What is firewall
Harshana Jayarathna
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Wireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best PracticesWireless LAN Security, Policy, and Deployment Best Practices
Wireless LAN Security, Policy, and Deployment Best Practices
Cisco Mobility
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
poorvavyas4
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
Mohammed Maajidh
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
sonangrai
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetCCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - Ethernet
Vuz Dở Hơi
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
Vikram Khanna
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPN
Farah M. Altufaili
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Firewall
FirewallFirewall
Firewall
Mudasser Afzal
 
Firewall
FirewallFirewall
Firewall
Nilkanth Shingala
 
Vpn ppt
Vpn pptVpn ppt
Vpn pptNikhila Pothukuchi
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
COMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICES
COMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICESCOMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICES
COMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICES
COMSATS Institute of Information Technology
 
Firewall
FirewallFirewall
FirewallApo
 
Firewall
FirewallFirewall
FirewallApo
 

More Related Content

What's hot

Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
poorvavyas4
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
gaurav96raj
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
Mohammed Maajidh
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
Rahmat Suhatman
 
FireWall
FireWallFireWall
FireWallrubal_9
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
sonangrai
 
Wlan security
Wlan securityWlan security
Wlan security
Sajan Sahu
 
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetCCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - Ethernet
Vuz Dở Hơi
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
Vikram Khanna
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPN
Farah M. Altufaili
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationNCS Computech Ltd.
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
iberrywifisecurity
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
Coder Tech
 
Firewall
FirewallFirewall
Firewall
Mudasser Afzal
 
Firewall
FirewallFirewall
Firewall
Nilkanth Shingala
 
Network security
Network securityNetwork security
Network security
quest university nawabshah
 
COMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICES
COMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICESCOMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICES
COMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICES
COMSATS Institute of Information Technology
 

What's hot (20)

Firewall
FirewallFirewall
Firewall
 
Firewall security in computer network
Firewall security in computer networkFirewall security in computer network
Firewall security in computer network
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Network Security Fundamentals
Network Security FundamentalsNetwork Security Fundamentals
Network Security Fundamentals
 
FireWall
FireWallFireWall
FireWall
 
Vpn(virtual private network)
Vpn(virtual private network)Vpn(virtual private network)
Vpn(virtual private network)
 
Wlan security
Wlan securityWlan security
Wlan security
 
Dmz
Dmz Dmz
Dmz
 
CCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - EthernetCCNAv5 - S1: Chapter 5 - Ethernet
CCNAv5 - S1: Chapter 5 - Ethernet
 
Firewalls in network security
Firewalls in network securityFirewalls in network security
Firewalls in network security
 
Virtual Private Network VPN
Virtual Private Network VPNVirtual Private Network VPN
Virtual Private Network VPN
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Vpn ppt
Vpn pptVpn ppt
Vpn ppt
 
Network security
Network securityNetwork security
Network security
 
COMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICES
COMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICESCOMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICES
COMUNICATION NETWORK NETWORK TOPOLOGY NETWORK CABLES NETWORK DEVICES
 

Viewers also liked

Firewall
FirewallFirewall
FirewallApo
 
Firewall
FirewallFirewall
FirewallApo
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
Divya Jyoti
 
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
Serhad MAKBULOĞLU, MBA
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Advance firewalls
Advance firewallsAdvance firewalls
Advance firewalls
Subi Mastermind
 
Site to Site VPN Using TMG Firewall. University Final Presentation.
Site to Site VPN Using TMG Firewall. University Final Presentation.Site to Site VPN Using TMG Firewall. University Final Presentation.
Site to Site VPN Using TMG Firewall. University Final Presentation.
Muhammad Farooq Hussain
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
PROBOTEK
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
Girija Sankar Dash
 
Web Security
Web SecurityWeb Security
Web Security
Dipika Bambhaniya
 
Android Firewall project
Android Firewall projectAndroid Firewall project
Android Firewall project
Karunakar Singh Thakur
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
Group of company MUK
 
checkpoint
checkpointcheckpoint
checkpoint
Mayank Dhingra
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
sushmil123
 
Vpn
VpnVpn
Vpn
Kajal Thakkar
 
Firewall
Firewall Firewall
Firewall
Amuthavalli Nachiyar
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 

Viewers also liked (20)

Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Introduction to firewalls
Introduction to firewallsIntroduction to firewalls
Introduction to firewalls
 
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
Windows Server 2012 Developer Preview Active Directory Kurulum ve Gelen Yenil...
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsür
 
Advance firewalls
Advance firewallsAdvance firewalls
Advance firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Site to Site VPN Using TMG Firewall. University Final Presentation.
Site to Site VPN Using TMG Firewall. University Final Presentation.Site to Site VPN Using TMG Firewall. University Final Presentation.
Site to Site VPN Using TMG Firewall. University Final Presentation.
 
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...Kingston University Thesis - Design and Implementation of a Secure Web Applic...
Kingston University Thesis - Design and Implementation of a Secure Web Applic...
 
Firewall girija ppt
Firewall girija pptFirewall girija ppt
Firewall girija ppt
 
Web Security
Web SecurityWeb Security
Web Security
 
Checkpoint r77
Checkpoint r77Checkpoint r77
Checkpoint r77
 
Android Firewall project
Android Firewall projectAndroid Firewall project
Android Firewall project
 
Check Point NGFW
Check Point NGFWCheck Point NGFW
Check Point NGFW
 
checkpoint
checkpointcheckpoint
checkpoint
 
Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies Checkpoint Firewall for Dummies
Checkpoint Firewall for Dummies
 
Vpn
VpnVpn
Vpn
 
Firewall
Firewall Firewall
Firewall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Firewalls
FirewallsFirewalls
Firewalls
 

Similar to Tech 101: Understanding Firewalls

Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.ppt
AkshitRana31
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
Karnav Rana
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Day4
Day4Day4
Day4
Jai4uk
 
Firewall
FirewallFirewall
Firewall
ArchanaMani2
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
lamtran367679
 
Firewall
FirewallFirewall
Firewall
reddivarihareesh
 
Firewall
FirewallFirewall
Firewall
syeda zoya mehdi
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
Vishal Kumar
 
Firewall
FirewallFirewall
Firewall
ilashanawaz
 
Firewalls
FirewallsFirewalls
Firewalls
Akhil Sharma
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
ImXaib
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
skknowledge
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
VC Infotech
 

Similar to Tech 101: Understanding Firewalls (20)

Unit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.pptUnit II Chapter 6 firewalls.ppt
Unit II Chapter 6 firewalls.ppt
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Day4
Day4Day4
Day4
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls-Intro
Firewalls-IntroFirewalls-Intro
Firewalls-Intro
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Marrion Kujinga ; Firewalls
Marrion Kujinga ; FirewallsMarrion Kujinga ; Firewalls
Marrion Kujinga ; Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Firewall.pdf
Firewall.pdfFirewall.pdf
Firewall.pdf
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
Firewall ppt
Firewall pptFirewall ppt
Firewall ppt
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 

More from Likan Patra

Sewn Product Machinary & Equipments
Sewn Product Machinary & EquipmentsSewn Product Machinary & Equipments
Sewn Product Machinary & Equipments
Likan Patra
 
SMArt Contest- Smart Quiz Questions
SMArt Contest- Smart Quiz QuestionsSMArt Contest- Smart Quiz Questions
SMArt Contest- Smart Quiz Questions
Likan Patra
 
RC Shri Jagannath Dham- Club Activity Report 2014-15
RC Shri Jagannath Dham- Club Activity Report 2014-15RC Shri Jagannath Dham- Club Activity Report 2014-15
RC Shri Jagannath Dham- Club Activity Report 2014-15
Likan Patra
 
Quiz about Google and its Products
Quiz about Google and its ProductsQuiz about Google and its Products
Quiz about Google and its Products
Likan Patra
 
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
Likan Patra
 
Everything you want to know about Liquid Lenses
Everything you want to know about Liquid LensesEverything you want to know about Liquid Lenses
Everything you want to know about Liquid Lenses
Likan Patra
 
Seminar on Cyber Crime
Seminar on Cyber CrimeSeminar on Cyber Crime
Seminar on Cyber Crime
Likan Patra
 
What is Optical fiber ?
What is Optical fiber ?What is Optical fiber ?
What is Optical fiber ?
Likan Patra
 
Holographic Data Storage
Holographic Data StorageHolographic Data Storage
Holographic Data Storage
Likan Patra
 
A Technical Seminar on OSI model
A Technical Seminar on OSI modelA Technical Seminar on OSI model
A Technical Seminar on OSI model
Likan Patra
 
Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?
Likan Patra
 
Computer Tomography (CT Scan)
Computer Tomography (CT Scan)Computer Tomography (CT Scan)
Computer Tomography (CT Scan)
Likan Patra
 
Akshaya patra foundation - In Depth
Akshaya patra foundation - In DepthAkshaya patra foundation - In Depth
Akshaya patra foundation - In Depth
Likan Patra
 
So, He got a JOB through LinkedIn
So, He got a JOB through LinkedInSo, He got a JOB through LinkedIn
So, He got a JOB through LinkedIn
Likan Patra
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
Likan Patra
 
Blue ray disc seminar representation
Blue ray disc seminar representationBlue ray disc seminar representation
Blue ray disc seminar representationLikan Patra
 
Brain finger printing
Brain finger printingBrain finger printing
Brain finger printingLikan Patra
 
Audio watermarking
Audio watermarkingAudio watermarking
Audio watermarkingLikan Patra
 

More from Likan Patra (20)

Sewn Product Machinary & Equipments
Sewn Product Machinary & EquipmentsSewn Product Machinary & Equipments
Sewn Product Machinary & Equipments
 
SMArt Contest- Smart Quiz Questions
SMArt Contest- Smart Quiz QuestionsSMArt Contest- Smart Quiz Questions
SMArt Contest- Smart Quiz Questions
 
RC Shri Jagannath Dham- Club Activity Report 2014-15
RC Shri Jagannath Dham- Club Activity Report 2014-15RC Shri Jagannath Dham- Club Activity Report 2014-15
RC Shri Jagannath Dham- Club Activity Report 2014-15
 
Quiz about Google and its Products
Quiz about Google and its ProductsQuiz about Google and its Products
Quiz about Google and its Products
 
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
e-ENERGY METERING BOX (Smart Meter by KPMP Electronics)
 
Everything you want to know about Liquid Lenses
Everything you want to know about Liquid LensesEverything you want to know about Liquid Lenses
Everything you want to know about Liquid Lenses
 
Seminar on Cyber Crime
Seminar on Cyber CrimeSeminar on Cyber Crime
Seminar on Cyber Crime
 
What is Optical fiber ?
What is Optical fiber ?What is Optical fiber ?
What is Optical fiber ?
 
Holographic Data Storage
Holographic Data StorageHolographic Data Storage
Holographic Data Storage
 
A Technical Seminar on OSI model
A Technical Seminar on OSI modelA Technical Seminar on OSI model
A Technical Seminar on OSI model
 
Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?Who are the INTERNET SERVICE PROVIDERS?
Who are the INTERNET SERVICE PROVIDERS?
 
Computer Tomography (CT Scan)
Computer Tomography (CT Scan)Computer Tomography (CT Scan)
Computer Tomography (CT Scan)
 
Akshaya patra foundation - In Depth
Akshaya patra foundation - In DepthAkshaya patra foundation - In Depth
Akshaya patra foundation - In Depth
 
So, He got a JOB through LinkedIn
So, He got a JOB through LinkedInSo, He got a JOB through LinkedIn
So, He got a JOB through LinkedIn
 
4g technology
4g technology4g technology
4g technology
 
Qr code (quick response code)
Qr code (quick response code)Qr code (quick response code)
Qr code (quick response code)
 
Blue ray disc seminar representation
Blue ray disc seminar representationBlue ray disc seminar representation
Blue ray disc seminar representation
 
Brain finger printing
Brain finger printingBrain finger printing
Brain finger printing
 
Audio watermarking
Audio watermarkingAudio watermarking
Audio watermarking
 
Atm security
Atm securityAtm security
Atm security
 

Recently uploaded

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 

Recently uploaded (20)

Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 

Tech 101: Understanding Firewalls

  • 2. OutlineOutline  1. Introduction to Firewall1. Introduction to Firewall  2.why firewalls are needed ?2.why firewalls are needed ?  3. Types of Firewall3. Types of Firewall  4. Hardware vs. Software firewalls4. Hardware vs. Software firewalls  5. what it protects you from ?5. what it protects you from ?  6. Making Firewall Fit6. Making Firewall Fit  5. Appropriate Use Of Firewall5. Appropriate Use Of Firewall  6. Personal Firewall6. Personal Firewall  7.Firewall Security Policy7.Firewall Security Policy characteristicscharacteristics  8. Issues and problems with firewalls8. Issues and problems with firewalls  9. Conclusion9. Conclusion
  • 3. IntroductionIntroduction  A firewall is simply a program orA firewall is simply a program or hardware device that filters thehardware device that filters the information coming through theinformation coming through the Internet connection into your privateInternet connection into your private network or computer system. If annetwork or computer system. If an incoming packet of information isincoming packet of information is flagged by the filters, it is not allowedflagged by the filters, it is not allowed through.through.
  • 4. What is a Firewall ?What is a Firewall ?
  • 5.
  • 6. Why Firewalls are Needed  Prevent attacks from untrustedPrevent attacks from untrusted networksnetworks  Protect data integrity of criticalProtect data integrity of critical informationinformation  Preserve customer and partnerPreserve customer and partner confidenceconfidence
  • 7. There are threeThere are three common types ofcommon types of firewallsfirewalls  Packet-Filtering RouterPacket-Filtering Router  Application Level GatewayApplication Level Gateway  Circuit Level GatewayCircuit Level Gateway
  • 8.  Packets examined at the network layerPackets examined at the network layer  Useful “first line” of defense - commonly deployedUseful “first line” of defense - commonly deployed on routerson routers  Simple accept or reject decision modelSimple accept or reject decision model  No awareness of higher protocol layersNo awareness of higher protocol layers Packet Filtering RouterPacket Filtering Router Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Presentations Sessions Transport Applications Network Network
  • 9. Firewall – PacketFirewall – Packet FilteringFiltering  Set of rules that either allow or disallowSet of rules that either allow or disallow traffic to flow through the firewalltraffic to flow through the firewall  Can filter based on any information in theCan filter based on any information in the Packet HeaderPacket Header – IP Source AddressIP Source Address – IP destination addressIP destination address – ProtocolProtocol – Source PortSource Port – Destination PortDestination Port – Message typeMessage type – Interface the packets arrive on and leaveInterface the packets arrive on and leave
  • 10. Figure:Figure: Packet FilteringPacket Filtering routerrouter
  • 11. AdvantagesAdvantages  Application independent - only examines packet atApplication independent - only examines packet at the network layerthe network layer  High performance - simple rules that require littleHigh performance - simple rules that require little processing and decision making beyond what isprocessing and decision making beyond what is normally done for routing decisionsnormally done for routing decisions  Scalable - low overhead of filtering means that largeScalable - low overhead of filtering means that large amounts of traffic can be handledamounts of traffic can be handled  Transparent - user’s don’t need to provideTransparent - user’s don’t need to provide additional passwords or use special commands toadditional passwords or use special commands to initiate connectionsinitiate connections
  • 12. DisadvantagesDisadvantages Examines and filters only at the networkExamines and filters only at the network layer - no application level awarenesslayer - no application level awareness or state context is maintainedor state context is maintained  Security is weak - the state of a givenSecurity is weak - the state of a given connection is not maintained making itconnection is not maintained making it easier to exploit networking protocolseasier to exploit networking protocols and applicationsand applications
  • 13. Application Gateway orApplication Gateway or ProxyProxy Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network NetworkNetwork Presentations Sessions Transport Applications  Packets examined at the application layerPackets examined at the application layer  Application/Content filtering possible - preventApplication/Content filtering possible - prevent FTP “put” commands, for exampleFTP “put” commands, for example  Modest performanceModest performance  Scalability limitedScalability limited
  • 14. Firewalls -Firewalls - ApplicationApplication Level Gateway (or Proxy)Level Gateway (or Proxy)
  • 15. Application LevelApplication Level GatewayGateway AdvantagesAdvantages  Provide good security -Provide good security - connections are terminated and re-connections are terminated and re- initiated, ensuring that all datainitiated, ensuring that all data payloads are inspected at thepayloads are inspected at the application layerapplication layer  Full application layer awareness -Full application layer awareness - inspecting the data payload at theinspecting the data payload at the application layer provides for thoroughapplication layer provides for thorough translation of the contents of thetranslation of the contents of the
  • 16. DisadvantagesDisadvantages  Screens limited number of applications -Screens limited number of applications - requires separate proxy for each newrequires separate proxy for each new serviceservice (slow to respond to new(slow to respond to new and emerging protocols) -and emerging protocols) - proxyproxy mustmust be compiled for each platformbe compiled for each platform supportedsupported  Connectivity and transparency areConnectivity and transparency are brokenbroken  Poor performance - many data copies &Poor performance - many data copies & context switches must occur for the packetcontext switches must occur for the packet
  • 17. Circuit Level GatewayCircuit Level Gateway Applications Presentations Sessions Transport Data Link Physical Data Link Physical Applications Presentations Sessions Transport Data Link Physical Network Network Network Presentations Sessions Transport INSPECT Engine Applications Dynamic StateDynamic State TablesTablesDynamic StateDynamic State TablesTablesDynamic State Tables  It. is also known as stateful inspectionIt. is also known as stateful inspection  Packets Inspected between data link layer and network layer in the OSPackets Inspected between data link layer and network layer in the OS kernelkernel  State tables are created to maintain connection contextState tables are created to maintain connection context  Invented by Check PointInvented by Check Point
  • 18. Firewalls -Firewalls - Circuit LevelCircuit Level GatewayGateway
  • 19. Hardware vs. SoftwareHardware vs. Software FirewallsFirewalls  Hardware FirewallsHardware Firewalls – Protect an entire networkProtect an entire network – Implemented on the router levelImplemented on the router level – Usually more expensive, harder toUsually more expensive, harder to configureconfigure  Software FirewallsSoftware Firewalls – Protect a single computerProtect a single computer – Usually less expensive, easier toUsually less expensive, easier to configureconfigure
  • 20. What it Protects youWhat it Protects you fromfrom  Application backdoorsApplication backdoors  SMTP session hijackingSMTP session hijacking  Operating system bugsOperating system bugs  Denial of serviceDenial of service  Remote LoginRemote Login  E-mail bombsE-mail bombs  MacrosMacros  VirusesViruses  SpamSpam
  • 21. Making Firewall FitMaking Firewall Fit  Firewalls are customizable. ThisFirewalls are customizable. This means that you can add or removemeans that you can add or remove filters based on several conditions.filters based on several conditions. Some of these are:Some of these are:  IP addressesIP addresses  Domain namesDomain names  ProtocolsProtocols  PortsPorts
  • 22. Appropriate use ofAppropriate use of firewallfirewall  Firewalls are applicable when – – When there is two networks that have a distinct trust factor (friend/foe). – When network topology is designed to flow all traffic thru a single interface which connects to the firewall (i.e. protected networks connection must terminate behind firewall). – When there is need for extra layer of protection for certain applications.
  • 23. WhatWhat a personal firewall can do ?a personal firewall can do ?  Stop hackers from accessing yourStop hackers from accessing your computercomputer  Protects your personal informationProtects your personal information  Blocks “pop up” ads and certainBlocks “pop up” ads and certain cookiescookies  Determines which programs canDetermines which programs can access the Internetaccess the Internet
  • 24. What a personal firewallWhat a personal firewall cannot do ?cannot do ?  Cannot prevent e-mail virusesCannot prevent e-mail viruses – Only an antivirus product with updatedOnly an antivirus product with updated definitions can prevent e-mail virusesdefinitions can prevent e-mail viruses  After setting it initially, you can forgetAfter setting it initially, you can forget about itabout it – The firewall will require periodic updatesThe firewall will require periodic updates to the rulesets and the software itselfto the rulesets and the software itself
  • 25. Windows XP FirewallWindows XP Firewall  Currently *not* enabled by defaultCurrently *not* enabled by default  Enable under Start -> Settings ->Enable under Start -> Settings -> Control PanelControl Panel  Select Local Area ConnectionSelect Local Area Connection  Select the Properties buttonSelect the Properties button  Click the “Advanced” tabClick the “Advanced” tab
  • 27. Firewall Security PolicyFirewall Security Policy characteristicscharacteristics  Defines network use and responsibilities for:Defines network use and responsibilities for: – UsersUsers – ManagementManagement – Network administratorsNetwork administrators  Identifies who is allowed use of network resourcesIdentifies who is allowed use of network resources  Defines who is authorized to grant/deny accessDefines who is authorized to grant/deny access  Defines auditing requirementsDefines auditing requirements  Defines recovery planDefines recovery plan
  • 28. Issues and problemsIssues and problems with firewallswith firewalls  Restricted access to desirableRestricted access to desirable servicesservices  Large potential for back doorsLarge potential for back doors  Little protection for insider attackLittle protection for insider attack and other issues.and other issues.
  • 29. ConclusionsConclusions  Now a days firewalls comes withNow a days firewalls comes with built in virus scanning facilities, thebuilt in virus scanning facilities, the disadvantage is they can not scandisadvantage is they can not scan attach application or files so still theattach application or files so still the computer systems are vulnerable tocomputer systems are vulnerable to virus those comes with them. The newvirus those comes with them. The new invention need to over come thisinvention need to over come this problem.problem.