This document discusses different types of firewalls and how they work. It begins by explaining that firewalls come in many shapes and sizes, and sometimes a firewall is a collection of computers. All communication must pass through the firewall. It then discusses packet filters, stateful packet inspection engines, application gateways, and circuit-level gateways. Packet filters use transport layer information like IP addresses and port numbers to filter traffic. Stateful packet filters track client-server sessions to match return packets. Application gateways run proxy programs that filter traffic at the application layer. Circuit-level gateways filter traffic at the circuit level. A combination of these is known as a dynamic packet filter. The document also discusses additional firewall functions like network address

1. FIREWALLS
PRESENTED BY,
R.RAMADEVI,
II – M. SC(CS&IT).

2. UNDERSTANDING FIREWALLS
• Firewalls come in many different shapes and size and sometime the firewall
is actually a collection of several different computer.
• All communication must pass through the firewall.The effectiveness of the
firewall is greatly reduced if an alternative network routing path
• The firewall permits only traffic that is authorized.The firewall cannot be
relied upon to differentiate between authorized and unauthorized traffic

3. • The firewall can withstand attacks upon itself.The firewall is relied upon to
stop attacks and nothing is deployed to protect the firewall
• Firewall strengths and weaknesses:
Firewall are singular in purpose .compromises do not need to be made
between security and usability
Firewall are excellent auditor. Plenty of disk space or remote logging
capabilities
Firewall are very good at alerting appropriate people of specified events

4. • Firewall weaknesses:
Firewall are only as effective as the rules they are configured to enforce
Firewall cannot stop social engineering attacks or an authorized user
intentionally using their access for malicious
packet filters
Application gateways
Circuit _ level gateways
Stateful packet _ inspection engines
Combination of above is dynamic packet filter

5. FIREWALLS – PACKET FILTERS

6. FIREWALLS – PACKET FILTERS
• Simplest of components
• Uses transport-layer information only
• IP Source Address, Destination Address
• Protocol/Next Header (TCP, UDP, ICMP, etc)
• TCP or UDP source & destination ports
• TCP Flags (SYN, ACK, FIN, RST, PSH, etc)
• ICMP message type
• Examples
• DNS uses port 53
• No incoming port 53 packets except known trusted servers

7. SECURITY & PERFORMANCE OF PACKET FILTERS
• IP address spoofing
• Fake source address to be trusted
• Add filters on router to block
• Tiny fragment attacks
• Split TCP header info over several tiny packets
• Either discard or reassemble before check
• Degradation depends on number of rules applied at any point
• Order rules so that most common traffic is dealt with first
• Correctness is more important than speed

8. PORT NUMBERING
• TCP connection
• Server port is number less than 1024
• Client port is number between 1024 and 16383
• Permanent assignment
• Ports <1024 assigned permanently
• 20,21 for FTP 23 for Telnet
• 25 for server SMTP 80 for HTTP

9. FIREWALLS – STATEFUL PACKET FILTERS
• Traditional packet filters do not examine higher layer context
• ie matching return packets with outgoing flow
• Stateful packet filters address this need
• They examine each IP packet in context
• Keep track of client-server sessions
• Check each packet validly belongs to one

10. STATEFUL FILTERING

11. FIREWALL OUTLINES
• Packet filtering
• Application gateways
• Circuit gateways
• Combination of above is dynamic packet filter

12. FIREWALL GATEWAYS
• Firewall runs set of proxy programs
• Proxies filter incoming, outgoing packets
• All incoming traffic directed to firewall
• Policy embedded in proxy programs
• Two kinds of proxies
• Application-level gateways/proxies
• Circuit-level gateways/proxies

13. APPLICATION-LEVEL FILTERING
• Has full access to protocol
• user requests service from proxy
Need separate proxies for each service
• E.g., SMTP (E-Mail),NNTP (Net news)

14. FIREWALLS - CIRCUIT LEVEL GATEWAY,
SCREENED HOST ARCHITECTURE

15. SCREENED SUBNET USING TWO ROUTERS

16. DYNAMIC PACKET FILTERS
• Most common
• Provide good administrators protection and full transparency
• Network given full control over traffic
• Captures semantics of a connection

17. DYNAMIC PACKET FILTERS

18. DUAL HOMED HOST ARCHITECTURE

19. ADDITIONAL FIREWALL FUNCTIONS
Firewalls are ideally situated for performing several additional function
These function include network address transation(NAT) one ip address to
another details logging of traffic and encryption necessary communication
channel(VPNs)

20. NETWORK ADDRESS TRANSLATION(NAT)
• Static nat
• Dynamic nat
• port address translation
• Auditind and logging
• Virtual private network

21. NETWORK ADDRESS TRANSLATION(NAT)
• NAT is usually implemented in a firewall separately from the policy or rule
set
• It useful to remember that just because a NAT has been defind to translate
addresses between one host and another

22. THANK YOU