Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Published in: Technology
  • Be the first to like this


  1. 1. Firewalls
  2. 2. Definition Of Firewalls <ul><li>A Firewall is hardware, software, or a combination of both that is used to prevent unauthorized programs or internet users form accessing a private network and/or a single computer </li></ul><ul><li>In simple words… </li></ul><ul><li>A system designed to prevent unauthorized access to or from a private network or computer </li></ul>
  3. 3. Hardware Firewalls <ul><li>Hardware firewalls can be effective with little or no configuration, and they can protect every machine on a local network. </li></ul><ul><li>A hardware firewall  uses packet filtering to examine the header of a packet to determine its source and destination. This information is compared to a set of predefined or user-created rules that determine whether the packet is to be forwarded or dropped. </li></ul>
  4. 4. Software Firewalls <ul><li>Inspects each individual packet of data as it arrives at either side of the firewall </li></ul><ul><li>Inbound to or outbound from your computer </li></ul><ul><li>Determines whether it should be allowed to pass through or if it should be blocked </li></ul>
  5. 5. Hardware Vs Software Firewalls <ul><li>Hardware Firewall: </li></ul><ul><li>Protect an entire network </li></ul><ul><li>Implemented on the router level </li></ul><ul><li>Usually more expensive, harder to configure </li></ul><ul><li>Software Firewall: </li></ul><ul><li>Protect a single computer </li></ul><ul><li>Usually less expensive, easier to configure </li></ul>
  6. 6. Firewall Rules <ul><li>Allow: traffic that flows automatically because it has been deemed as “safe” </li></ul><ul><li>Block: traffic that is blocked because it has been deemed “dangerous” to your computer </li></ul><ul><li>Ask: asks the user whether or not the traffic is allowed to pass through </li></ul>
  7. 7. Types of Firewalls <ul><li>Packet Filters </li></ul><ul><li>Proxy gateways </li></ul><ul><li>Network Address Translation (NAT) </li></ul><ul><li>Intrusion Detection </li></ul>
  8. 8. Packet Filters <ul><li>A packet –filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet. </li></ul><ul><li>The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header. If there is a match to one of the rules, that rule is invoked to determine whether to forward or discard the packet. If there is no match to any rule, then a default action is taken. Two default policies are possible: </li></ul><ul><ul><li>Default=discard (prohibited) </li></ul></ul><ul><ul><li>Default=forward (permitted) </li></ul></ul>
  9. 9. Packet Filters Weakness <ul><li>Pros: </li></ul><ul><li>Simple </li></ul><ul><li>Transparent to users and very fast </li></ul><ul><li>Cons: </li></ul><ul><li>Very difficult to set up packet filter rules correctly. </li></ul><ul><li>Lack of authentication </li></ul>
  10. 10. Proxy Firewalls: <ul><li>An Application Level gateway is called as Proxy Server. The user contacts the gateway using a TCP/IP application, and the gateway asks the user for the name of the remote host to be accessed. </li></ul><ul><li>When the user responds and provides a valid user-id and authentication information, the gateway contacts the application on the remote host and relays TCP segments containing the application data between the two end points. </li></ul>
  11. 11. Proxy Firewall Weakness <ul><li>Pros: </li></ul><ul><li>Secure than packet filters. Rather than trying to deal with the numerous possible combinations that are to be allowed and forbidden at the TCP and IP level, the application-level gateway need only scrutinize a few allowable applications. </li></ul><ul><li>Cons: </li></ul><ul><li>The main disadvantage of this type of firewall is additional processing overhead on each connection. In effect, there are two spliced connections between the end users, with the gateway at the splice point, and the gateway must examine and forward all traffic in both directions. </li></ul>
  12. 12. Circuit Level Proxy <ul><li>This can be a stand alone system or it can be specialized function performed by an application-level gateway for certain applications. </li></ul><ul><li>A circuit-level proxy does not permit an end-to-end TCP connection; rather the gateway sets up two TCP connection, one between itself and a TCP user or an outside host. </li></ul><ul><li>Once the two connections are established, the gateway typically relays TCP segments from one connection to the other without examinating the contents. The security function consists of determining which connections will be allowed </li></ul>
  13. 13. Application Proxy <ul><li>Firewall transfers only acceptable information between the two connections. </li></ul><ul><li>The proxy can understand the protocol and filter the data within. </li></ul>
  14. 14. Application Proxy weakness <ul><li>Some proxies or an “application proxy” firewall may not be application aware. </li></ul><ul><li>Proxies have to be written securely. </li></ul>
  15. 15. Store & Forward, or caching proxies <ul><li>Client asks firewall for document; the firewall downloads the document, saves it to disk, and provides the document to the client. The firewall may cache the document. </li></ul><ul><li>Can do data filtering. </li></ul>
  16. 16. Store & Forward, or caching proxies weakness <ul><li>Store & forward proxies tend to be big new programs. Making them your primary connection to the internet is dangerous. </li></ul><ul><li>These applications don’t protect the underlying OS at all. </li></ul><ul><li>Caching proxies can require more administrator time and hardware. </li></ul>
  17. 17. Network Address Translation (NAT): <ul><li>NAT changes the IP address in a packet, so that the address of the client inside never shows up on the internet. </li></ul>
  18. 18. Types of NAT: <ul><li>Many IP’s inside to many static IP’s outside. </li></ul><ul><li>Many IP’s inside to many random IP’s outside. </li></ul><ul><li>Many IP’s inside to one IP address outside. </li></ul><ul><li>Transparent diversion of connections. </li></ul>
  19. 19. Weakness of NAT: <ul><li>Source routing & other router holes. </li></ul><ul><li>Can give out a lot of information about your network. </li></ul><ul><li>May need a lot of horsepower. </li></ul>
  20. 20. Intrusion Detection <ul><li>Watches ethernet or router for trigger events, then tries to interrupt connections. </li></ul><ul><li>Can log suspicious sessions for playback. </li></ul><ul><li>Tend to be very good at recognizing attacks, fair at anticipating them. </li></ul>
  21. 21. Intrusion Detection Weakness <ul><li>Can only stop TCP connections. </li></ul><ul><li>Sometimes stops things too late. </li></ul><ul><li>Can trigger alarms too easily. </li></ul><ul><li>Doesn’t work on switched networks. </li></ul>
  22. 22. Thank You