SlideShare a Scribd company logo

Firewall

Devashree Kumari
Devashree Kumari

Firewall technology emerged in the late 1980s and has evolved through three generations. The first generation used packet filters that inspected packets to block or allow them. The second generation added stateful inspection to track the state of connections. The third generation filters at the application layer to understand application protocols. There are different types of firewalls including network layer filters, application layer firewalls, proxies, and network address translation (NAT) which hides protected addresses.

Technology
1 of 11
FIREWALL By: Devashree BCA
Contents..  History 1. First Generation: Packet Filters 2. Second Generation: “Stateful” Filters 3. Third Generation: Application Layer  Types 1. Network layers or packet filters 2. Application layers 3. Proxies 4. Network address Translation
HISTORY  The term firewall originally referred to a wall intended to confine a fire or potential fire within a building. Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment.  Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The predecessors to firewalls for network security were the routers used in the late 1980s.
First Generation: PACKET FILTERS  The first paper published on firewall technology was in 1988, when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. This fairly basic system was the first generation of what is now a highly involved and technical internet security feature. At AT & T Bells Labs, Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based on their original first generation architecture.  Packet filters act by inspecting the "packets" which are transferred between computers on the Internet. If a packet matches the packet filter's set of filtering rules, the packet filter will drop the packet or reject.
Second Generation: STATEFUL FILTERS  From 1989–1990 three colleagues from AT & T Bells Labs, Dave Presetto, Janardan Sharma, and Kshitij Nigam, developed the second generation of firewalls, calling them Circuit-level gateways.  Second-generation firewalls perform the work of their first-generation predecessors but operate up to layer 4 i.e. Transport layer of the OSI model. This is achieved by retaining packets until enough information is available to make a judgment about its state. Known as stateful packet inspection, it records all connections passing through it and determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. Though static rules are still used, these rules can now contain connection state as one of their test criteria.
Third Generation: APPLICATION LAYER  Marcus Ranum, Wei Xu, and Peter Churchyard developed an Application Firewall known as Firewall Toolkit (FWTK). In June 1994, Wei Xu extended the FWTK with the Kernel enhancement of IP filter and socket transparent. This was known as the first transparent Application firewall, released as a commercial product of Gauntlet firewall at Trusted Information Systems. Gauntlet firewall was rated one of the number 1 firewalls during 1995–1998.  The key benefit of application layer filtering is that it can understand certain applications and protocols such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP). This is useful as it is able to detect if an unwanted protocol is attempting to bypass the firewall on an allowed port, or detect if a protocol is being abused in any harmful way.
Types  There are different types of firewalls depending on where the communication is taking place, where the communication is intercepted and the state that is being traced. 1. Network layer or packet filters 2. Application layer 3. Proxies 4. Network address translation
Network layer or packet filters  Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. The term "packet filter" originated in the context of BSD operating systems.
Application-layer  Application-layer firewalls work on the application level of the TCP/IP stack, and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgment to the sender).  On inspecting all packets for improper content, firewalls can restrict or prevent outright the spread of networked computer worms and torjans. The additional inspection criteria can add extra latency to the forwarding of packets to their destination. Also, application firewalls further filter connections by examining the process ID of data packets against a ruleset for the local process involved in the data transmission.
Proxies  A proxy server (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. A proxy server is a gateway from one network to another for a specific network application, in the sense that it functions as a proxy on behalf of the network user.  Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured).
Network address translation  Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range", as defined in RFC 1918. Firewalls often have such functionality to hide the true address of protected hosts.  Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defense against network reconnaissance.

Recommended

Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewalls
FirewallsFirewalls
FirewallsKalluri Madhuri
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
 
Firewall (2)
Firewall (2)Firewall (2)
Firewall (2)marghali
 
VLAN
VLANVLAN
VLANVarsha Honde
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 

Recommended

Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewalls
FirewallsFirewalls
FirewallsKalluri Madhuri
 
Cisco ASA Firewalls
Cisco ASA FirewallsCisco ASA Firewalls
Cisco ASA FirewallsBryley Systems Inc.
 
Firewall (2)
Firewall (2)Firewall (2)
Firewall (2)marghali
 
VLAN
VLANVLAN
VLANVarsha Honde
 
Firewall
FirewallFirewall
Firewallnayakslideshare
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationTayabaZahid
 
Firewall Security Definition
Firewall Security DefinitionFirewall Security Definition
Firewall Security DefinitionPatten John
 
Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Securityiberrywifisecurity
 
Ccna
CcnaCcna
CcnaAdityaKumar1548
 
CCNA Course Training Presentation
CCNA Course Training PresentationCCNA Course Training Presentation
CCNA Course Training PresentationRohit Singh
 
Vlan
VlanVlan
VlanMayank Saxena
 
Vlan
Vlan Vlan
Vlan sanss40
 
What is firewall
What is firewallWhat is firewall
What is firewallHarshana Jayarathna
 
Firewall basics
Firewall basicsFirewall basics
Firewall basicsFredrick Hall
 
Port forwarding
Port forwardingPort forwarding
Port forwardingRonak Mehta
 
Introduction to network switches
Introduction to network switchesIntroduction to network switches
Introduction to network switchesNetProtocol Xpert
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Network types & its topology
Network types & its topologyNetwork types & its topology
Network types & its topologyDEVI NATARAJAN
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.pptssuser530a07
 
Proxy Presentation
Proxy PresentationProxy Presentation
Proxy Presentationprimeteacher32
 
Firewall
Firewall Firewall
Firewall Amuthavalli Nachiyar
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
ccna project
ccna projectccna project
ccna projectAmardeep Singh Brar
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacksprimeteacher32
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 
Firewall
FirewallFirewall
FirewallPankaj Kumawat
 
Firewall
FirewallFirewall
FirewallNetwax Lab
 

More Related Content

What's hot

CCNA Course Training Presentation
CCNA Course Training PresentationCCNA Course Training Presentation
CCNA Course Training PresentationRohit Singh
 
Introduction to network switches
Introduction to network switchesIntroduction to network switches
Introduction to network switchesNetProtocol Xpert
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Network types & its topology
Network types & its topologyNetwork types & its topology
Network types & its topologyDEVI NATARAJAN
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)Papun Papun
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)Jainam Shah
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsAnthony Daniel
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallCisco Canada
 

What's hot (20)

Types Of Firewall Security
Types Of Firewall SecurityTypes Of Firewall Security
Types Of Firewall Security
 
Ccna
CcnaCcna
Ccna
 
CCNA Course Training Presentation
CCNA Course Training PresentationCCNA Course Training Presentation
CCNA Course Training Presentation
 
Vlan
VlanVlan
Vlan
 
Vlan
Vlan Vlan
Vlan
 
What is firewall
What is firewallWhat is firewall
What is firewall
 
Firewall basics
Firewall basicsFirewall basics
Firewall basics
 
Port forwarding
Port forwardingPort forwarding
Port forwarding
 
Introduction to network switches
Introduction to network switchesIntroduction to network switches
Introduction to network switches
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network types & its topology
Network types & its topologyNetwork types & its topology
Network types & its topology
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Proxy Presentation
Proxy PresentationProxy Presentation
Proxy Presentation
 
Firewall
Firewall Firewall
Firewall
 
Intrusion prevention system(ips)
Intrusion prevention system(ips)Intrusion prevention system(ips)
Intrusion prevention system(ips)
 
Firewall ( Cyber Security)
Firewall ( Cyber Security)Firewall ( Cyber Security)
Firewall ( Cyber Security)
 
ccna project
ccna projectccna project
ccna project
 
Wireless Attacks
Wireless AttacksWireless Attacks
Wireless Attacks
 
Next generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefitsNext generation firewall(ngfw)feature and benefits
Next generation firewall(ngfw)feature and benefits
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 

Similar to Firewall

FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALASaikiran Panjala
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationKaveh Khosravi
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxVivekTripathi684438
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet BawaPuneet Bawa
 

Similar to Firewall (20)

Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
FIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALAFIREWALLS BY SAIKIRAN PANJALA
FIREWALLS BY SAIKIRAN PANJALA
 
Firewalls
FirewallsFirewalls
Firewalls
 
Watchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetationWatchguard Firewall overview and implemetation
Watchguard Firewall overview and implemetation
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall
FirewallFirewall
Firewall
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Firewall
FirewallFirewall
Firewall
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Firewall
FirewallFirewall
Firewall
 
Firewall
FirewallFirewall
Firewall
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
 
Firewalls by Puneet Bawa
Firewalls by Puneet BawaFirewalls by Puneet Bawa
Firewalls by Puneet Bawa
 
Firewall
FirewallFirewall
Firewall
 

Recently uploaded

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform EngineeringJemma Hussein Allen
 
КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...
КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...
КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...QADay
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
UiPath New York Community Day in-person event
UiPath New York Community Day in-person eventUiPath New York Community Day in-person event
UiPath New York Community Day in-person eventDianaGray10
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»QADay
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
 

Recently uploaded (20)

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...
КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...
КАТЕРИНА АБЗЯТОВА «Ефективне планування тестування ключові аспекти та практ...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
UiPath New York Community Day in-person event
UiPath New York Community Day in-person eventUiPath New York Community Day in-person event
UiPath New York Community Day in-person event
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 

Firewall

  • 2. Contents..  History 1. First Generation: Packet Filters 2. Second Generation: “Stateful” Filters 3. Third Generation: Application Layer  Types 1. Network layers or packet filters 2. Application layers 3. Proxies 4. Network address Translation
  • 3. HISTORY  The term firewall originally referred to a wall intended to confine a fire or potential fire within a building. Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment.  Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The predecessors to firewalls for network security were the routers used in the late 1980s.
  • 4. First Generation: PACKET FILTERS  The first paper published on firewall technology was in 1988, when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. This fairly basic system was the first generation of what is now a highly involved and technical internet security feature. At AT & T Bells Labs, Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based on their original first generation architecture.  Packet filters act by inspecting the "packets" which are transferred between computers on the Internet. If a packet matches the packet filter's set of filtering rules, the packet filter will drop the packet or reject.
  • 5. Second Generation: STATEFUL FILTERS  From 1989–1990 three colleagues from AT & T Bells Labs, Dave Presetto, Janardan Sharma, and Kshitij Nigam, developed the second generation of firewalls, calling them Circuit-level gateways.  Second-generation firewalls perform the work of their first-generation predecessors but operate up to layer 4 i.e. Transport layer of the OSI model. This is achieved by retaining packets until enough information is available to make a judgment about its state. Known as stateful packet inspection, it records all connections passing through it and determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. Though static rules are still used, these rules can now contain connection state as one of their test criteria.
  • 6. Third Generation: APPLICATION LAYER  Marcus Ranum, Wei Xu, and Peter Churchyard developed an Application Firewall known as Firewall Toolkit (FWTK). In June 1994, Wei Xu extended the FWTK with the Kernel enhancement of IP filter and socket transparent. This was known as the first transparent Application firewall, released as a commercial product of Gauntlet firewall at Trusted Information Systems. Gauntlet firewall was rated one of the number 1 firewalls during 1995–1998.  The key benefit of application layer filtering is that it can understand certain applications and protocols such as File Transfer Protocol (FTP), Domain Name System (DNS), or Hypertext Transfer Protocol (HTTP). This is useful as it is able to detect if an unwanted protocol is attempting to bypass the firewall on an allowed port, or detect if a protocol is being abused in any harmful way.
  • 7. Types  There are different types of firewalls depending on where the communication is taking place, where the communication is intercepted and the state that is being traced. 1. Network layer or packet filters 2. Application layer 3. Proxies 4. Network address translation
  • 8. Network layer or packet filters  Network layer firewalls, also called packet filters, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established rule set. The firewall administrator may define the rules; or default rules may apply. The term "packet filter" originated in the context of BSD operating systems.
  • 9. Application-layer  Application-layer firewalls work on the application level of the TCP/IP stack, and may intercept all packets traveling to or from an application. They block other packets (usually dropping them without acknowledgment to the sender).  On inspecting all packets for improper content, firewalls can restrict or prevent outright the spread of networked computer worms and torjans. The additional inspection criteria can add extra latency to the forwarding of packets to their destination. Also, application firewalls further filter connections by examining the process ID of data packets against a ruleset for the local process involved in the data transmission.
  • 10. Proxies  A proxy server (running either on dedicated hardware or as software on a general-purpose machine) may act as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. A proxy server is a gateway from one network to another for a specific network application, in the sense that it functions as a proxy on behalf of the network user.  Proxies make tampering with an internal system from the external network more difficult and misuse of one internal system would not necessarily cause a security breach exploitable from outside the firewall (as long as the application proxy remains intact and properly configured).
  • 11. Network address translation  Firewalls often have network address translation (NAT) functionality, and the hosts protected behind a firewall commonly have addresses in the "private address range", as defined in RFC 1918. Firewalls often have such functionality to hide the true address of protected hosts.  Originally, the NAT function was developed to address the limited number of IPv4 routable addresses that could be used or assigned to companies or individuals as well as reduce both the amount and therefore cost of obtaining enough public addresses for every computer in an organization. Hiding the addresses of protected devices has become an increasingly important defense against network reconnaissance.