The document discusses different types of firewalls, their purposes, and characteristics. It describes how firewalls establish controlled links between networks to protect internal systems from external threats while allowing authorized access. Packet filters, application-level proxies, and circuit-level gateways are firewalls that operate at different layers of the OSI model and have varying levels of security and performance impacts. The document also explains what a DMZ is and the purpose it serves in network security architectures.

1. FIREWALL
BY Mr Tapan Kumar Khilar

2. 2
Firewalls
Effective means of protection a local
system or network of systems from
network-based security threats while
affording access to the outside world via
WAN`s or the Internet

3. Benefits to using a firewall
– · Protect your network or PC
– · Prevent viruses and worms on your network
– · Prevent malicious attackers from getting
into your network
– · Prevent ad-ware, malware, and spyware
– · Prevent loss of sensitive or valuable
company information
– · Prevent Denial of Service (DoS) attacks
– · Authenticate users, log users (accounting),
and authorize users only for certain
content or applications

4. Firewall Design
Principles
• The firewall is inserted between the
premises network and the Internet
• Aims:
– Establish a controlled link
– Protect the premises network from
Internet-based attacks
– Provide a single choke point

5. Firewall Characteristics
• Design goals:
– All traffic from inside to outside must
pass through the firewall (physically
blocking all access to the local network
except via the firewall)
– Only authorized traffic (defined by the
local security police) will be allowed to
pass

6. Firewall Characteristics
• Design goals:
– The firewall itself is immune to
penetration (use of trusted system with
a secure operating system)

7. Firewall Characteristics
• Service control
– Determines the types of Internet services
that can be accessed.
• Log Record
– Record all activity into log.

8. Generation of Firewalls
– Application-based
(Windows firewall)
– Hardware based
i- Packet filter(stateful & stateless)
iii-Application – level firewall(proxy)
iii-NAT Firewall

9. What is Windows Firewall?
• Windows Firewall helps protecting your
computer by preventing unauthorized users
from gaining access to your computer through a
network or internet. OR
Windows Firewall with Advanced Security includes
a stateful firewall that allows you to determine
which network traffic is permitted to pass
between your computer and the network.
GO BACK

10. What does it do
• Firewall prevents hackers or malicious
programs, worms from gaining access to
your computer through internet or network.
• Firewall restricts these hackers and malicious
programs based on the predefined rules or
firewall settings.
• Ask for your permission to block or unblock
certain connection requests.
• Create a record (a security log)
GO BACK

11. What does it do

12. Types of Firewalls
• Packet-filtering Router

13. Hardware firewall
• Packet-filtering Router(stateless)
– Applies a set of rules to each incoming IP
packet and then forwards or discards the
packet
– Filter packets going in both directions
– work at the network level
– The packet filter is typically set up as a list of
rules based on matches to fields in the IP or
TCP header
– Two default policies (discard or forward)
– Work in physical,datalink and network layer in
osi.

14. • Advantages:
– Simplicity
– Transparency to users
– High speed
– low impact on network performance.
• Disadvantages:
– Difficulty of setting up packet filter rules
– Lack of Authentication

15. • Application-level Gateway

16. • Application-level Gateway
– Also called proxy server
– Acts as a relay of application-level traffic
– Incoming or outgoing packets cannot
access services for which there is no
proxy
– filter application specific commands
– can also be used to log user activity and
logins.
– work at the application layer

17. Types of Firewalls
• Advantages:
– Higher security than packet filters
– Only need to scrutinize a few allowable
applications
– Easy to log and audit all incoming traffic
• Disadvantages:
– having a significant impact on network
performance, not transparent to end users
and require manual configuration of each
client computer.

18. Types of Firewalls
• Circuit-level Gateway

19. Types of Firewalls
• Circuit-level Gateway
– Stand-alone system .
– Specialized function performed by an
Application-level Gateway
– Sets up two TCP connections
– The gateway typically relays TCP segments
from one connection to the other without
examining the contents
– work at the session layer

20. Types of Firewalls
• Circuit-level Gateway
– The security function consists of
determining which connections will be
allowed
– Typically use is a situation in which the
system administrator trusts the internal
users
– An example is the SOCKS package

21. Advantage:-
 Relatively inexpensive
 Hiding information about the private network
Disadvantages:
they do not filter individual packets.

22. DMZ (demilitarized zone)
In computer networks, a DMZ (demilitarized zone)
is a physical or logical sub-network that separates
an internal local area network (LAN) from other
untrusted networks, usually the Internet.
External-facing servers, resources and services are
located in the DMZ so they are accessible from the
Internet but the rest of the internal LAN remains
unreachable.
This provides an additional layer of security to the
LAN as it restricts the ability of hackers to directly
access internal servers and data via the Internet.

23. DMZ
Any service that is being provided to users on the
Internet should be placed in the DMZ. The most
common of these services are: Web,
Mail, DNS, FTP, and VoIP. The systems running
these services in the DMZ are reachable
by hackers and cybercriminals around the world
and need to be hardened to withstand constant
attack.