Downloaded 172 times
Uploaded byPace IT at Edmonds Community College
PACE-IT: Firewall Basics
The document discusses various types of firewalls. It explains that host-based firewalls protect individual devices, while network-based firewalls protect entire network segments. Stateless firewalls inspect all packets against static rules, while stateful firewalls track the state of connections. Application-aware and context-aware firewalls examine application protocols and user/device contexts. UTM devices offer additional services like IDS/IPS but introduce single points of failure. Access control lists contain rules for inbound and outbound traffic based on attributes like source/destination IP, protocol, and time. Firewall placement depends on the inspection type - stateful firewalls work well externally, while stateless firewalls are suited internally. Demilitarized zones allow
More Related Content
Similar to PACE-IT: Firewall Basics
More from Pace IT at Edmonds Community College
PACE-IT: Firewall Basics
- 1.
- 2. Page 2 Instructor, PACE-ITProgram – Edmonds Community College Areas of Expertise Industry Certification PC Hardware Network Administration IT Project Management Network Design User Training IT Troubleshooting Qualifications Summary Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
- 3. Page 3 – Typesof firewalls. – Firewall settings and techniques. PACE-IT.
- 4.
- 5. Page 5 – Hostbased firewalls. » Installed on the node—usually a desktop computer—that needs the protection. Often used in conjunction with a network-based firewall. • Are always software applications. – Network based firewalls. » Usually installed on the perimeter of the network segment that needs the protection. • Are used to protect private networks from public networks. • Can be a network appliance—specially designed and deployed to provide firewall services. • Can be a software application—either as part of a router’s operating system or as a specialty application on a server that is providing routing functions. – Small office/home office (SOHO) firewalls. » In most cases, the network firewall is provided by a wide area network (WAN) connection device (e.g., router). » A host-based firewall is often used in conjunction with a network based firewall. Firewall basics.
- 6. Page 6 – Statelessinspection firewalls. » Examine all packets either entering or leaving the network against a set of rules—called an access control list (ACL). • The ACL rules are defined as static values by an administrator. • Starting from the first rule in the ACL, if a packet matches a rule, the rule is enforced and the ACL is exited. • Do not care about the state of the connection, all packets are examined. – Stateful inspection firewalls. » As a general rule, connections are not allowed to be made from outside of the local network segment being protected. » Only the initial packets going from inside the network to an outside network are inspected against an ACL. » Once the connection is established, the firewall monitors the state of the connection. • Allow packets to flow between the inside node and outside address, as long as the state of the connection remains valid. Firewall basics.
- 7. Page 7 – Applicationaware firewalls. » Firewalls that not only examine the packets, but also the application protocol that is being used (e.g., FTP or HTTP). • Allow or deny decisions are made based on the application layer protocol as well as other ACL rules. • Slower but more thorough in protecting the private network. – Context aware firewalls. » Firewalls that can identify not only applications, but also users and/or devices—the context. • Can be used to restrict or allow traffic based on the context as well as other ACL rules. – UTM (unified threat management) devices. » Network appliances that include not only a firewall service, but other services as well—intrusion detection services or intrusion prevention services. • One concern with a UTM device is that it can create a single point of failure. What happens to the network if the UTM device fails? Firewall basics.
- 8. Page 8 Most often,firewalls are implemented on a router’s interface or at the host level. When implemented on the router interface, the firewall takes part in the routing process. When implemented at the host level, the firewall protects the host on which it resides. An exception to these scenarios is the implementation of a virtual wire firewall. This type of firewall is a network based firewall that resides between two devices and provides neither routing nor switching functions. It contains two interfaces and, as traffic passes between the interfaces, the packets are compared to an ACL. Firewall basics.
- 9.
- 10. Page 10 – ACL(access control list). » Each firewall interface may have two ACLs associated with it. • Inbound: examines all packets inbound on the interface. • Outbound: examines all packet outbound on the interface. » Contains a set of administrator defined rules that either allow or block (deny) packet traffic. • Rules can be based on such criteria as source or destination IP address, MAC address, protocol, and time of day. • Packets are examined against the set of rules; once a rule is matched (e.g., deny FTP packets from leaving the network), the rule is enforced and the ACL is exited. » The last rule of any ACL is an implicit deny. • If the packet being evaluated does not match any of the explicit rules of the ACL, the implicit deny is enacted and the packet is blocked (dropped). • Care and caution should be used when creating an ACL because of the implicit deny that terminates every list. Firewall basics.
- 11. Page 11 – Firewallplacement. » Perimeter (external) placement requires that the firewall be placed at the outside edge—usually at the WAN connection—of the LAN (local area network) segment. • Stateful inspection firewalls work well on the perimeter. They are usually slower to make the initial connection, but once it is achieved, they offer better performance. » Internal placement requires that the firewall be placed in a logical central location—usually used to route between different internal private networks. • Stateless inspection firewalls work well for internal placement. They are faster to make connections and require less memory. – Demilitarized zone (DMZ). » A specific area (zone) created—usually between two firewalls—that allows outside access to network resources (e.g., a Web server), while the internal network is still protected from outside traffic. • The external facing router allows specific outside traffic into the DMZ, while the internal router prevents that same outside traffic from entering the internal network. Firewall basics.
- 12. Page 12 Firewall basics. Host-basedfirewalls protect a single host. Network-based firewalls protect a network segment. In most SOHO situations, there is a combination of a network-based firewall (at the WAN connection) and software host-based firewalls (on the hosts). Stateless firewalls inspect all packets, while stateful inspection firewalls track the state of a connection. Application aware firewalls examine the application level protocols being used. Context aware firewalls can also determine user and type of device. UTM devices offer more than just firewall services (e.g., IDS and IPS), but may also create a single point of failure. Virtual wire firewalls are a type of network based firewall that doesn’t take part in the routing or switching functions. Topic Types of firewalls. Summary Each firewall interface may have two ACLs—one on the inbound side and one on the outbound side. An ACL is a set of rules that either allow or block traffic based on a set of administrator defined rules. The last rule in an ACL is an implicit deny statement. Stateful inspection firewalls work well for external placement, while stateless inspection firewalls work well for internal network placement. A DMZ is a zone created—usually between two firewalls—that allows some outside access to network resources, while the the internal network remains protected. Firewall settings and techniques.
- 13.
- 14. This workforce solutionwas 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.