SlideShare a Scribd company logo

Firewalls by Puneet Bawa

Download as PPTX, PDF
Puneet Bawa
Puneet Bawa

A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Firewalls have been the first line of defense in network security for over 25 years. They establish a barrier between secured and controlled internal networks that can be trusted and untrusted outside networks, such as the Internet. A firewall can be hardware, software, or both.

Engineering
1 of 30
FIREWALLS BY PUNEET BAWA M.E. (CHITKARA UNIVERSITY, PUNJAB)
What is Firewall? A firewall is a network security system that is designed to monitor outgoing and incoming network traffic. It can be either hardware based or software based.
Design Goals of Firewall The primary goals of a firewall are: *Any traffic going outside the system and moving into the system must pass through the firewall. *Only local security policy authorized traffic will be able to get into and out of the firewall. *Internal threats are often at bay as the firewall provides alert of a possible malware threat.
Techniques in Firewall Firewall provides an additional layer of defense, insulating the internal systems from external networks. Originally, firewalls focused primarily on service control, but they have since evolved to provide all four: 1) SERVICE CONTROL 2) DIRECTION CONTROL 3) USER CONTROL 4) BEHAVIOR CONTROL
Service Control This Control determines the types of internet services that can be accessed, inbound or outbound. Firewall may filter traffic on the basis of IP address, protocol or TCP port number It may provide proxy software that receives and interprets each service request before passing it on. It may host the server software itself such as a web or mail service. For Example: Incoming HTTP Requests – Rejected unless they are directed to an official web server host
Direction Control This Control regulates the direction in which particular service request may be initiated and allowed to flow through firewall
User Control A User control manages or authorizes admission to a service according to which entity is trying to access that specified service .This feature is applied to users inside the firewall perimeter (Internal Users). It may also be applied to incoming traffic from external users. But it requires some form of secure authentication technology.
Behavior Control Controls how particular services are used. For example, the firewall may filter email to eliminate spam or it may enable external access to only a portion of the information on a Local web server. Filtering of email spam attacks – may require examination of Sender’s email address in message headers and message contents.
Firewall Weakness
Weakness and Importance It can't fend off internal attacks As mentioned above, a firewall is created to protect a system from any harmful threats from another network. It acts as a sort of barrier. However, it can't fend off attacks that are launched from within the system that it is supposed to protect. This is quite a common issue. Limited prevention Firewalls are created to prevent intrusions from traffic that only passes through them. This means that it only allows data to pass as long as it adheres to the applied set of rules. If a new virus, that has been undiscovered as yet is not mentioned in the set of rules, the firewall won't even scan it and allow it through.
Weakness and Importance(Contd.) It makes communication insecure If a company allows communication from an outside network, such as the internet, the firewall has no ability to be able to scan and prevent viruses. For instance, if a company has allowed access to receive emails from the outside world, the firewall will easily allow the emails to filter through. Anybody could disguise a virus or a Trojan within the email attachments, and gain access to the network inside, or even destroy the firewall. These are some of the most blatant weaknesses of firewalls that affect day to day usage of the network.
Packet Filtering Firewall
Introduction Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports. Network layer firewalls define packet filtering rule sets, which provide highly efficient security mechanisms. Packet filtering is also known as static filtering.
Information Used Source IP address: The IP address of the system that originated the IP packet. Destination IP address:The IP address of the system the IP packet is trying to reach. Source and destination transport-level address: The transport level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET. IP protocol field: Defines the transport protocol. Interface: For a router with three or more ports, which interface of the router the packet came from or which interface of the router the packet is destined for.
Attacks IP address spoofing: IP address spoofing is the act of falsifying the content in the Source IP header, usually with randomized numbers, either to mask the sender’s identity or to launch a reflected DDoS attack,IP address spoofing is used for two reasons in DDoS attacks: to mask botnet device locations and to stage a reflected assault. Source routing attacks: This means that someone can force their traffic to take a specific path through your network, possisbly bypassing various security stuff. There are very few "legitimate" uses for source routing, the main one being ensuring that people at exchange points are sticking to their agreements
Attacks and CounterMeasures(Contd) Tiny fragment attacks: The intruder uses the IP fragmentation option to create extremely small fragments and force the TCP header information into a separate packet fragment. This attack is designed to circumvent filtering rules that depend on TCP header information. Typically, a packet filter will make a filtering decision on the first fragment of a packet. All subsequent fragments of that packet are filtered out solely on the basis that they are part of the packet whose first fragment was rejected. The attacker hopes that the filtering router examines only the first fragment and that the remaining fragments are passed through. A tiny fragment attack can be defeated by enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header. If the first fragment is rejected, the filter can remember the packet and discard all subsequent fragments.
CIRCUIT LEVEL GATEWAY FIREWALLS
Circuit Level Gateway The circuit level gateway firewalls work at the session layer of the OSI model. They monitor TCP handshaking between the packets to determine if a requested session is legitimate. And the information passed through a circuit level gateway, to the internet, appears to have come from the circuit level gateway. So, there is no way for a remote computer or a host to determine the internal private ip addresses of an organization, for example. This technique is also called Network Address Translation where the private IP addresses originating from the different clients inside the network are all mapped to the public IP address available through the internet service provider and then sent to the outside world (Internet). This way, the packets are tagged with only the Public IP address (Firewall level) and the internal private IP addresses are not exposed to potential intruders.
APPLICATION LEVEL GATEWAY FIREWALLS
Application Level Gateway Application level firewalls decide whether to drop a packet or send them through based on the application information (available in the packet). They do this by setting up various proxies on a single firewall for different applications. Both the client and the server connect to these proxies instead of connecting directly to each other. So, any suspicious data or connections are dropped by these proxies. And since they are application aware, they can handle more complex protocols like H.323, SIP, SQL Net etc. Application level firewalls ensure protocol conformance. For example, attacks over http that violates the protocol policies like sending Non-ASCII data in the header fields or overly long string along with Non-ASCII characters in the host field would be dropped because they have been tampered with, by the intruders.
Application Level Gateway(Cont) Application level firewalls can look in to individual sessions and decide to drop a packet based on information in the application protocol headers or in the application payload. For example, SMTP application proxies can be configured to allow only certain commands like helo, mail from:, rcpt to: etc. to pass through the firewall and block other commands like expn, vrfy etc. which tries to expand a list or verify if that account exists, and are used by attackers and spammers for their vested self interests.
STATEFUL INSPECTION FIREWALLS
Introduction Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall. Stateful inspection has largely replaced an older technology, static packet filtering.
Static vs Dynamic In static packet filtering, only the headers of packets are checked -- which means that an attacker can sometimes get information through the firewall simply by indicating "reply" in the header. Stateful inspection, on the other hand, analyzes packets down to the application layer. By recording session information such as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security posture than a static packet filter can.
Advantage In a firewall that uses stateful inspection, the network administrator can set the parameters to meet specific needs. In a typical network, ports are closed unless an incoming packet requests connection to a specific port and then only that port is opened. This practice prevents port scanning, a well-known hacking technique.
Example
BASTION HOST
Introduction A bastion host is a specialized computer that is deliberately exposed on a public network. From a secured network perspective, it is the only node exposed to the outside world and is therefore very prone to attack. It is placed outside the firewall in single firewall systems or, if a system has two firewalls, it is often placed between the two firewalls or on the public side of a demilitarized zone (DMZ). The bastion host processes and filters all incoming traffic and prevents malicious traffic from entering the network, acting much like a gateway. The most common examples of bastion hosts are mail, domain name system, Web and File Transfer Protocol (FTP) servers. Firewalls and routers can also become bastion hosts.
Explanation The bastion host node is usually a very powerful server with improved security measures and custom software. It often hosts only a single application because it needs to be very good at what it does. The software is usually customized, proprietary and not available to the public. This host is designed to be the strong point in the network to protect the system behind it. Therefore, it often undergoes regular maintenance and audit. Sometimes bastion hosts are used to draw attacks so that the source of the attacks may be traced. To maintain the security of bastion hosts, all unnecessary software, daemons and users are removed. The operating system is continually updated with the latest security updates and an intrusion detection system is installed.
THANK YOU

Recommended

Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configurationMuhammad Baqar Kazmi
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Firewalls
FirewallsFirewalls
FirewallsAkhil Sharma
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)Bhargu Bhargavi
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 

Recommended

Firewall and its configuration
Firewall and its configurationFirewall and its configuration
Firewall and its configurationMuhammad Baqar Kazmi
 
Cyber security tutorial1
Cyber security tutorial1Cyber security tutorial1
Cyber security tutorial1sweta dargad
 
Firewall configuration
Firewall configurationFirewall configuration
Firewall configurationNutan Kumar Panda
 
Firewalls
FirewallsFirewalls
FirewallsAkhil Sharma
 
Firewalls (6)
Firewalls (6)Firewalls (6)
Firewalls (6)Bhargu Bhargavi
 
Firewall and Types of firewall
Firewall and Types of firewallFirewall and Types of firewall
Firewall and Types of firewallCoder Tech
 
Firewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationFirewall, Trusted Systems,IP Security ,ESP Encryption and Authentication
Firewall, Trusted Systems,IP Security ,ESP Encryption and AuthenticationGopal Sakarkar
 
Firewalls
FirewallsFirewalls
FirewallsRam Dutt Shukla
 
What is firewall
What is firewallWhat is firewall
What is firewallHarshana Jayarathna
 
Firewalls
FirewallsFirewalls
FirewallsIsrael Marcus
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Firewall
FirewallFirewall
FirewallAhmed Elnaggar
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Firewalls
FirewallsFirewalls
FirewallsSonali Parab
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Typescrisma baby mathew
 
Firewalls
FirewallsFirewalls
FirewallsUniversity of Central Punjab
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Firewall
FirewallFirewall
FirewallKenny2012
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 
Firewall
FirewallFirewall
FirewallManikyala Rao
 
Netdefender
NetdefenderNetdefender
Netdefenderkrishna Maddikara
 
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxVivekTripathi684438
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 

More Related Content

What's hot

Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip securityrajakhurram
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall BharathiKrishna6
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10koolkampus
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefitsAnthony Daniel
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - IIITAMBEMAHENDRA1
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purposeRohit Phulsunge
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...skpatel91
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsüremin_oz
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filtersMOHIT AGARWAL
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementationajeet singh
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewallskkkseld
 

What's hot (20)

What is firewall
What is firewallWhat is firewall
What is firewall
 
Firewalls
FirewallsFirewalls
Firewalls
 
Lecture 5 ip security
Lecture 5 ip securityLecture 5 ip security
Lecture 5 ip security
 
Firewall & types of Firewall
Firewall & types of Firewall Firewall & types of Firewall
Firewall & types of Firewall
 
Firewall
FirewallFirewall
Firewall
 
Firewals in Network Security NS10
Firewals in Network Security NS10Firewals in Network Security NS10
Firewals in Network Security NS10
 
Network firewall function & benefits
Network firewall function & benefitsNetwork firewall function & benefits
Network firewall function & benefits
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall and its Types
Firewall and its TypesFirewall and its Types
Firewall and its Types
 
Firewalls
FirewallsFirewalls
Firewalls
 
Introduction to Cyber security module - III
Introduction to Cyber security module - IIIIntroduction to Cyber security module - III
Introduction to Cyber security module - III
 
Firewall and its purpose
Firewall and its purposeFirewall and its purpose
Firewall and its purpose
 
Firewall
FirewallFirewall
Firewall
 
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
Detection of Idle Stealth Port Scan Attack in Network Intrusion Detection Sys...
 
Firewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsürFirewall presentation m. emin özgünsür
Firewall presentation m. emin özgünsür
 
Firewalls and packet filters
Firewalls and packet filtersFirewalls and packet filters
Firewalls and packet filters
 
Firewall Design and Implementation
Firewall Design and ImplementationFirewall Design and Implementation
Firewall Design and Implementation
 
Presentation, Firewalls
Presentation, FirewallsPresentation, Firewalls
Presentation, Firewalls
 
Firewall
FirewallFirewall
Firewall
 
Netdefender
NetdefenderNetdefender
Netdefender
 

Similar to Firewalls by Puneet Bawa

CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxVivekTripathi684438
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationgaurav96raj
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptxskknowledge
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Servervinay arora
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfDr. Shivashankar
 
Firewall protection
Firewall protectionFirewall protection
Firewall protectionVC Infotech
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2sweta dargad
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.pptRaj Kumar
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxShreyaBanerjee52
 
Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...usman butt
 
A firewall is a network security device.
A firewall is a network security device.A firewall is a network security device.
A firewall is a network security device.abidhassan225
 
firrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptxfirrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptxfatimagull32
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter newKarnav Rana
 

Similar to Firewalls by Puneet Bawa (20)

CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptxCSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
CSS (KNC-301) 4. Packet Filtering Firewall By Vivek Tripathi.pptx
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
firewall and its types
firewall and its typesfirewall and its types
firewall and its types
 
Lec # 13 Firewall.pptx
Lec # 13 Firewall.pptxLec # 13 Firewall.pptx
Lec # 13 Firewall.pptx
 
Firewall
FirewallFirewall
Firewall
 
WT - Firewall & Proxy Server
WT - Firewall & Proxy ServerWT - Firewall & Proxy Server
WT - Firewall & Proxy Server
 
Network Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdfNetwork Security_Dr Shivashankar_Module 5.pdf
Network Security_Dr Shivashankar_Module 5.pdf
 
Firewall
Firewall Firewall
Firewall
 
Firewall protection
Firewall protectionFirewall protection
Firewall protection
 
Cyber security tutorial2
Cyber security tutorial2Cyber security tutorial2
Cyber security tutorial2
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.ppt
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewalls
FirewallsFirewalls
Firewalls
 
firewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptxfirewall as a security measure (1)-1.pptx
firewall as a security measure (1)-1.pptx
 
Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...Impact to it security of incorrect configuration of firewall policies and thi...
Impact to it security of incorrect configuration of firewall policies and thi...
 
A firewall is a network security device.
A firewall is a network security device.A firewall is a network security device.
A firewall is a network security device.
 
firrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptxfirrewall and intrusion prevention system.pptx
firrewall and intrusion prevention system.pptx
 
Firewalls
FirewallsFirewalls
Firewalls
 
Firewall & packet filter new
Firewall & packet filter newFirewall & packet filter new
Firewall & packet filter new
 
Firewall
FirewallFirewall
Firewall
 

Recently uploaded

UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxpurnimasatapathy1234
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 

Recently uploaded (20)

UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Microscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptxMicroscopic Analysis of Ceramic Materials.pptx
Microscopic Analysis of Ceramic Materials.pptx
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 

Firewalls by Puneet Bawa

  • 1. FIREWALLS BY PUNEET BAWA M.E. (CHITKARA UNIVERSITY, PUNJAB)
  • 2. What is Firewall? A firewall is a network security system that is designed to monitor outgoing and incoming network traffic. It can be either hardware based or software based.
  • 3. Design Goals of Firewall The primary goals of a firewall are: *Any traffic going outside the system and moving into the system must pass through the firewall. *Only local security policy authorized traffic will be able to get into and out of the firewall. *Internal threats are often at bay as the firewall provides alert of a possible malware threat.
  • 4. Techniques in Firewall Firewall provides an additional layer of defense, insulating the internal systems from external networks. Originally, firewalls focused primarily on service control, but they have since evolved to provide all four: 1) SERVICE CONTROL 2) DIRECTION CONTROL 3) USER CONTROL 4) BEHAVIOR CONTROL
  • 5. Service Control This Control determines the types of internet services that can be accessed, inbound or outbound. Firewall may filter traffic on the basis of IP address, protocol or TCP port number It may provide proxy software that receives and interprets each service request before passing it on. It may host the server software itself such as a web or mail service. For Example: Incoming HTTP Requests – Rejected unless they are directed to an official web server host
  • 6. Direction Control This Control regulates the direction in which particular service request may be initiated and allowed to flow through firewall
  • 7. User Control A User control manages or authorizes admission to a service according to which entity is trying to access that specified service .This feature is applied to users inside the firewall perimeter (Internal Users). It may also be applied to incoming traffic from external users. But it requires some form of secure authentication technology.
  • 8. Behavior Control Controls how particular services are used. For example, the firewall may filter email to eliminate spam or it may enable external access to only a portion of the information on a Local web server. Filtering of email spam attacks – may require examination of Sender’s email address in message headers and message contents.
  • 10. Weakness and Importance It can't fend off internal attacks As mentioned above, a firewall is created to protect a system from any harmful threats from another network. It acts as a sort of barrier. However, it can't fend off attacks that are launched from within the system that it is supposed to protect. This is quite a common issue. Limited prevention Firewalls are created to prevent intrusions from traffic that only passes through them. This means that it only allows data to pass as long as it adheres to the applied set of rules. If a new virus, that has been undiscovered as yet is not mentioned in the set of rules, the firewall won't even scan it and allow it through.
  • 11. Weakness and Importance(Contd.) It makes communication insecure If a company allows communication from an outside network, such as the internet, the firewall has no ability to be able to scan and prevent viruses. For instance, if a company has allowed access to receive emails from the outside world, the firewall will easily allow the emails to filter through. Anybody could disguise a virus or a Trojan within the email attachments, and gain access to the network inside, or even destroy the firewall. These are some of the most blatant weaknesses of firewalls that affect day to day usage of the network.
  • 13. Introduction Packet filtering is a firewall technique used to control network access by monitoring outgoing and incoming packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports. Network layer firewalls define packet filtering rule sets, which provide highly efficient security mechanisms. Packet filtering is also known as static filtering.
  • 14. Information Used Source IP address: The IP address of the system that originated the IP packet. Destination IP address:The IP address of the system the IP packet is trying to reach. Source and destination transport-level address: The transport level (e.g., TCP or UDP) port number, which defines applications such as SNMP or TELNET. IP protocol field: Defines the transport protocol. Interface: For a router with three or more ports, which interface of the router the packet came from or which interface of the router the packet is destined for.
  • 15. Attacks IP address spoofing: IP address spoofing is the act of falsifying the content in the Source IP header, usually with randomized numbers, either to mask the sender’s identity or to launch a reflected DDoS attack,IP address spoofing is used for two reasons in DDoS attacks: to mask botnet device locations and to stage a reflected assault. Source routing attacks: This means that someone can force their traffic to take a specific path through your network, possisbly bypassing various security stuff. There are very few "legitimate" uses for source routing, the main one being ensuring that people at exchange points are sticking to their agreements
  • 16. Attacks and CounterMeasures(Contd) Tiny fragment attacks: The intruder uses the IP fragmentation option to create extremely small fragments and force the TCP header information into a separate packet fragment. This attack is designed to circumvent filtering rules that depend on TCP header information. Typically, a packet filter will make a filtering decision on the first fragment of a packet. All subsequent fragments of that packet are filtered out solely on the basis that they are part of the packet whose first fragment was rejected. The attacker hopes that the filtering router examines only the first fragment and that the remaining fragments are passed through. A tiny fragment attack can be defeated by enforcing a rule that the first fragment of a packet must contain a predefined minimum amount of the transport header. If the first fragment is rejected, the filter can remember the packet and discard all subsequent fragments.
  • 18. Circuit Level Gateway The circuit level gateway firewalls work at the session layer of the OSI model. They monitor TCP handshaking between the packets to determine if a requested session is legitimate. And the information passed through a circuit level gateway, to the internet, appears to have come from the circuit level gateway. So, there is no way for a remote computer or a host to determine the internal private ip addresses of an organization, for example. This technique is also called Network Address Translation where the private IP addresses originating from the different clients inside the network are all mapped to the public IP address available through the internet service provider and then sent to the outside world (Internet). This way, the packets are tagged with only the Public IP address (Firewall level) and the internal private IP addresses are not exposed to potential intruders.
  • 20. Application Level Gateway Application level firewalls decide whether to drop a packet or send them through based on the application information (available in the packet). They do this by setting up various proxies on a single firewall for different applications. Both the client and the server connect to these proxies instead of connecting directly to each other. So, any suspicious data or connections are dropped by these proxies. And since they are application aware, they can handle more complex protocols like H.323, SIP, SQL Net etc. Application level firewalls ensure protocol conformance. For example, attacks over http that violates the protocol policies like sending Non-ASCII data in the header fields or overly long string along with Non-ASCII characters in the host field would be dropped because they have been tampered with, by the intruders.
  • 21. Application Level Gateway(Cont) Application level firewalls can look in to individual sessions and decide to drop a packet based on information in the application protocol headers or in the application payload. For example, SMTP application proxies can be configured to allow only certain commands like helo, mail from:, rcpt to: etc. to pass through the firewall and block other commands like expn, vrfy etc. which tries to expand a list or verify if that account exists, and are used by attackers and spammers for their vested self interests.
  • 23. Introduction Stateful inspection, also known as dynamic packet filtering, is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall. Stateful inspection has largely replaced an older technology, static packet filtering.
  • 24. Static vs Dynamic In static packet filtering, only the headers of packets are checked -- which means that an attacker can sometimes get information through the firewall simply by indicating "reply" in the header. Stateful inspection, on the other hand, analyzes packets down to the application layer. By recording session information such as IP addresses and port numbers, a dynamic packet filter can implement a much tighter security posture than a static packet filter can.
  • 25. Advantage In a firewall that uses stateful inspection, the network administrator can set the parameters to meet specific needs. In a typical network, ports are closed unless an incoming packet requests connection to a specific port and then only that port is opened. This practice prevents port scanning, a well-known hacking technique.
  • 28. Introduction A bastion host is a specialized computer that is deliberately exposed on a public network. From a secured network perspective, it is the only node exposed to the outside world and is therefore very prone to attack. It is placed outside the firewall in single firewall systems or, if a system has two firewalls, it is often placed between the two firewalls or on the public side of a demilitarized zone (DMZ). The bastion host processes and filters all incoming traffic and prevents malicious traffic from entering the network, acting much like a gateway. The most common examples of bastion hosts are mail, domain name system, Web and File Transfer Protocol (FTP) servers. Firewalls and routers can also become bastion hosts.
  • 29. Explanation The bastion host node is usually a very powerful server with improved security measures and custom software. It often hosts only a single application because it needs to be very good at what it does. The software is usually customized, proprietary and not available to the public. This host is designed to be the strong point in the network to protect the system behind it. Therefore, it often undergoes regular maintenance and audit. Sometimes bastion hosts are used to draw attacks so that the source of the attacks may be traced. To maintain the security of bastion hosts, all unnecessary software, daemons and users are removed. The operating system is continually updated with the latest security updates and an intrusion detection system is installed.

Editor's Notes

  1. a firewall is either a software or a hardware based security system for networks, that is tasked with regulating the flow of incoming and outgoing network traffic. In order to decide which data packets should be allowed through and which should be prevented, the firewall carries out a proper analysis that is based upon an applied set of rules. Basically, the definition of a firewall can be stated in a variety of different terms, depending primarily upon your level of understanding of computer networks. Primarily however, a firewall creates a sort of a barrier between a network of computers that can be trusted, as well as an external network, such as the internet, which cannot be trusted. In case somebody tries to send in data packets that are infected with viruses, the firewall will automatically detect them and prevent them from entering the secure network. Primarily, most individual computers come with a firewall based security system that can be turned on or off at your behest. Hardware such as routers are also installed with firewalls to prevent access.
  2. techniques used by firewalls to control access and enforce a security policy..
  3. Packet Filtering mechanisms work in the network layer of the OSI model. In packet filtering, each packet passing through a firewall is compared to a set of rules before it is allowed to pass through. Depending on the packet and the rule, the packet can be either dropped, sent through or a message can be forwarded to the originator. The rules which determine which packets to be sent, and which not to be sent can be based on the source and destination IP address, source and destination port number or the protocol used. Packet filtering can also be done at the router level, providing an additional layer of security. For example, if a certain destination IP address is found in a packet, it could be dropped or if the packet confirms to a certain protocol (eg. http), it could be dropped for companies which do not allow internet access to their employees.
  4. During network communication, a node transmits a packet that is filtered and matched with predefined rules and policies. Once matched, a packet is either accepted or denied. Packet filtering checks source and destination IP addresses. If both IP addresses match, the packet is considered secure and verified. Because the sender may use different applications and programs, packet filtering also checks source and destination protocols, such as User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). Packet filters also verify source and destination port addresses. Some packet filters are not intelligent and unable to memorize used packets. However, other packet filters can memorize previously used packet items, such as source and destination IP addresses. Packet filtering is usually an effective defense against attacks from computers outside a local area network (LAN). As most routing devices have integrated filtering capabilities, packet filtering is considered a standard and cost-effective means of security.
  5. By using spoofed IP addresses to mask the true identities of their botnet devices, perpetrators aim to: Avoid discovery and implication by law enforcement and forensic cyber-investigators. Prevent targets from notifying device owners about an attack in which they are unwittingly participating. Bypass security scripts, devices and services that attempt to mitigate DDoS attacks through the blacklisting of attacking IP addresses.
  6. Stateful multilayer inspection firewalls combine the aspects of the other three types of firewalls. They filter packets at the network layer, transport layer and the application layer. And allow the packets to pass though if they pass all of them, individually. Some of them allows direct connection between the client and the server, as they rely on algorithms to recognize and process application layer data instead of relying on application specific proxies.