The document discusses firewalls, which were officially invented in the early 1990s. A firewall protects networked computers from unauthorized access and sits at the gateway between private and public networks like the Internet. Firewalls can be hardware devices or software programs and examine incoming and outgoing network traffic to filter it based on various criteria. There are different types of firewalls that operate at different layers of the network model, including packet filters, circuit gateways, application proxies, and stateful multilayer inspection firewalls.
2. What is a firewall?
• A firewall protects networked computers from
intentional hostile intrusion that could
compromise confidentiality or result in data
corruption or denial of service
• It may be a hardware device(fig.1) or a
software program(fig.2) running on a secure
host computer.
H.M.H.R.JAYARATHNA
2
E091040028
3. • A firewall sits at the junction point or gateway
between the two networks, usually a private
network and a public network such as the
Internet.
• The earliest firewalls were simply routers
H.M.H.R.JAYARATHNA
3
E091040028
4. Fig.1 Hardware firewall providing protection to a Local Network.
H.M.H.R.JAYARATHNA
4
E091040028
5. Fig.2 Computer running firewall software to provide protection
H.M.H.R.JAYARATHNA
5
E091040028
6. What does a firewall do?
• examines all traffic routed between the two
networks to see if it meets certain criteria
• firewall filters both inbound and outbound
traffic.
• can filter packets based on their source and
destination addresses and port numbers.
known as address filtering.
H.M.H.R.JAYARATHNA
6
E091040028
7. • can also filter specific types of network traffic.
known as protocol filtering (Eg: HTTP, ftp or
telnet.)
• can also filter traffic by packet attribute or
state.
H.M.H.R.JAYARATHNA
7
E091040028
8. What can't a firewall do?
• cannot prevent individual users with modems
from dialling into or out of the network,
bypassing the firewall altogether.
• Cannot control employee misconduct or
carelessness
H.M.H.R.JAYARATHNA
8
E091040028
9. Who needs a firewall?
• Anyone who is responsible for a single
computer/private network that is connected to
Internet via modem/a public network needs
firewall
H.M.H.R.JAYARATHNA
9
E091040028
10. How does a firewall work?
• There are two access denial methodologies
used
– firewall may allow all traffic through unless it
meets certain criteria
– it may deny all traffic unless it meets certain
criteria
• Firewalls may be concerned with the type of
traffic, or with source or destination
addresses and ports.
H.M.H.R.JAYARATHNA
10
E091040028
12. What different types of firewalls are
there?
• four broad categories
– packet filters
– circuit level gateways
– application level gateways
– stateful multilayer inspection
H.M.H.R.JAYARATHNA
12
E091040028
13. Packet filtering firewalls
• work at the network level of the OSI model, or
the IP layer of TCP/IP.
• usually part of a router.
• each packet is compared to a set of criteria
before it is forwarded.
• Depending on the packet and the criteria, the
firewall can drop the packet, forward it or
send a message to the originator.
H.M.H.R.JAYARATHNA
13
E091040028
14. • Rules can include source and destination IP
address, source and destination port number
and protocol used.
• Advantage: their low cost and low impact
on network performance.
• implementing packet filtering at the router
level affords an initial degree of security at a
low network layer.
H.M.H.R.JAYARATHNA
14
E091040028
15. • This type of firewall only works at the network
layer however and does not support
sophisticated rule based models.
• Network Address Translation (NAT) routers
offer the advantages of packet filtering
firewalls but can also hide the IP addresses
of computers behind the firewall, and offer a
level of circuit-based filtering.
H.M.H.R.JAYARATHNA
15
E091040028
17. circuit level gateways
• work at the session layer of the OSI model, or
the TCP layer of TCP/IP.
• monitor TCP handshaking between packets
to determine whether a requested session is
legitimate.
• Information passed to remote computer
through a circuit level gateway appears to
have originated from the gateway.
H.M.H.R.JAYARATHNA
17
E091040028
18. • useful for hiding information about
protected networks.
• Circuit level gateways are relatively
inexpensive
• They do not filter individual packets.
• Advantage: hiding information about
private protect networks.
H.M.H.R.JAYARATHNA
18
E091040028
20. Application level gateways
• also called proxies
• similar to circuit-level gateways except that
they are application specific.
• can filter packets at the application layer of
the OSI model.
• Incoming or outgoing packets cannot access
services for which there is no proxy.
H.M.H.R.JAYARATHNA
20
E091040028
21. • an application level gateway that is
configured to be a web proxy will not allow
any FTP, gopher, telnet or other traffic
through.
• can filter application specific commands such
as http:post and get, etc.
• can also be used to log user activity and
logins.
H.M.H.R.JAYARATHNA
21
E091040028
22. • offer a high level of security, but have a
significant impact on network performance.
• This is because of context switches that slow
down network access dramatically.
• They are not transparent to end users and
require manual configuration of each client
computer.
H.M.H.R.JAYARATHNA
22
E091040028
24. Stateful Multilayer Inspection Firewall
• filter packets at the network layer, determine
whether session packets are legitimate and
evaluate contents of packets at the
application layer.
• allow direct connection between client and
host, alleviating the problem caused by the
lack of transparency of application level
gateways.
H.M.H.R.JAYARATHNA
24
E091040028
25. • rely on algorithms to recognize and process
application layer data instead of running
application specific proxies.
• offer a high level of security, good
performance and transparency to end users.
• are expensive
• Due to their complexity are potentially less
secure than simpler types of firewalls if not
administered by highly competent personnel.
H.M.H.R.JAYARATHNA
25
E091040028
27. How do I implement a firewall?
• Steps of implementing a firewall
1. Determine the access denial methodology to
use.
2. Determine inbound access policy.
3. Determine outbound access policy
4. Determine if dial-in or dial-out access is
required.
5. Decide whether to buy a complete firewall
product, have one implemented by a systems
integrator or implement one yourself.
H.M.H.R.JAYARATHNA
27
E091040028
28. Firewall related problems
• Firewalls restrict access to certain worthful
services because those are not yet identified
by firewall
H.M.H.R.JAYARATHNA
28
E091040028
29. Benefits of a firewall
• protect private local area networks from hostile
intrusion from the Internet.
• Firewalls allow network administrators to offer
access to specific types of Internet services to
selected LAN users.
• Can control the access of outsiders(unidentifiers)
to our network or a single machine
H.M.H.R.JAYARATHNA
29
E091040028
30. • References
– http://www.vicomsoft.com/learning-center/firewalls/
– A definition of Firewall Security from
searchSecurity.com.
– A definition of Firewalls from the FreeBSD Handbook
– Network Security Tutorial from About.com.
– Firewall.com - The Complete Security Portal
– Security in Computing, 4th Edition, by Pfleeger &
Pfleeger
H.M.H.R.JAYARATHNA
30
E091040028