2. Firewall
Control the incoming and outgoing network
traffic by analyzing the data packets and
determining whether it should be allowed
through or not, based on a predetermined rule
set.
Software/Hardware based
4. Case study
A small organization which uses the following
services
•email
•ftp
•Internet
5. Firewall policy
External users and internal users are
prohibited from interaction with the firewall
with the exception of email, ping, DNS and
extremely limited ftp capacity.
Internal network addresses are hidden from
the external network.
6. Outbound requests from the internal network
for WWW access to the Internet are permitted
only for the marketing and sales department.
7. False sense of security
Firewall alone will not keep the internal
network safe.
For example say the traffic coming through
the public network to company's network is
filtered using a firewall, but still internal
people have access to resources.
Procedural defenses should also be enforced
9. Recommendations
•An organization’s firewall policy should be
based on a comprehensive risk analysis.
•Firewall policies should be based on blocking
all inbound and outbound traffic, with
exceptions made for desired traffic.
•Policies should take into account the source
and destination of the traffic in addition to
the content.
10. An organization should determine which
applications may send traffic into or out of its
network and make firewall policies to block
traffic for other applications.
11. References
[1] D. Drake and K. L. Morse, “Applying the Eight-Stage Risk Assessment Methodology to Firewalls,”
in Proceedings of the 13th Annual Computer Security Applications Conference (ACSAC’97), 1997, pp.
44–52.
[2] S. Myagmar, A. J. Lee, and W. Yurcik, “Threat modeling as a basis for security requirements,” in
Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS’05),
2005.
[3] I. Georgakoudi, B. C. Jacobson, M. G. Müller, E. E. Sheets, K. Badizadegan, D. L. Carr-Locke, C.
P. Crum, C. W. Boone, R. R. Dasari, J. Van Dam, and others, “NAD (P) H and collagen as in vivo
quantitative fluorescent biomarkers of epithelial precancerous changes,” Cancer Research, vol. 62,
no. 3, p. 682, 2002.