Outline• Introduction• Firewall Environments• Type of Firewalls• Future of Firewalls• Conclusion
Introduction• Firewalls control the flow of network traffic• Firewalls have applicability in networkswhere there is no internet connectivity• Firewalls operate on number of layers• Can also act as VPN gateways• Active content filtering technologies
Firewall Environments• There are different types of environmentswhere a firewall can be implemented.• Simple environment can be a packet filterfirewall• Complex environments can be severalfirewalls and proxies
DMZ Environment• Can be created out of a network connectingtwo firewalls• Boundary router filter packets protectingserver• First firewall provide access control andprotection from server if they are hacked
VPN• VPN is used to provide secure networklinks across networks• VPN is constructed on top of existingnetwork media and protocols• On protocol level IPsec is the first choice• Other protocols are PPTP, L2TP
Intranets• An intranet is a network that employs thesame types of services, applications, andprotocols present in an Internetimplementation, without involving externalconnectivity• Intranets are typically implemented behindfirewall environments.
Extranets• Extranet is usually a business-to-businessintranet• Controlled access to remote users via someform of authentication and encryption suchas provided by a VPN• Extranets employ TCP/IP protocols, alongwith the same standard applications andservices
Type is Firewalls• Firewalls fall into four broad categories• Packet filters• Circuit level• Application level• Stateful multilayer
Packet Filter• Work at the network level of the OSI model• Each packet is compared to a set of criteriabefore it is forwarded• Packet filtering firewalls is low cost andlow impact on network performance
Circuit level• Circuit level gateways work at the sessionlayer of the OSI model, or the TCP layer ofTCP/IP• Monitor TCP handshaking between packetsto determine whether a requested session islegitimate.
Application Level• Application level gateways, also calledproxies, are similar to circuit-level gatewaysexcept that they are application specific• Gateway that is configured to be a webproxy will not allow any ftp, gopher, telnetor other traffic through
Stateful Multilayer• Stateful multilayer inspection firewallscombine the aspects of the other three typesof firewalls• They filter packets at the network layer,determine whether session packets arelegitimate and evaluate contents of packetsat the application layer
Future of Firewalls• Firewalls will continue to advance as the attackson IT infrastructure become more and moresophisticated• More and more client and server applications arecoming with native support for proxiedenvironments• Firewalls that scan for viruses as they enter thenetwork and several firms are currently exploringthis idea, but it is not yet in wide use
Conclusion• It is clear that some form of security forprivate networks connected to the Internetis essential• A firewall is an important and necessarypart of that security, but cannot be expectedto perform all the required securityfunctions.