140 likes | 454 Views
Overview of Firewalls. Outline. Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration Firewall Issues Summary List of References. Objective.
E N D
Outline • Objective • Background • Firewalls • Software Firewall • Hardware Firewall • Demilitarized Zone (DMZ) • Firewall Types • Firewall Configuration • Firewall Issues • Summary • List of References
Objective • To provide background on hardware and software firewalls, how they work and how they should be configured.
Background • To create the most secure environment for our information systems, we would like to lock them up somewhere and not connect them to the Internet! • Not practical or useful • Lets create a place (much like the gate in a walled castle) where we force all of the traffic to enter and or leave and we can closely observe it
Firewalls • A firewall is a hardware or software device which is configured to permit, deny or proxy data through a computer network which has different levels of trust • A firewall's basic task is to transfer traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. http://en.wikipedia.org/wiki/Firewall
Firewalls • A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized Zone (DMZ)
Demilitarized Zone • Connections from the internal and the external network to the DMZ are permitted, while connections from the DMZ are only permitted to the external network — hosts in the DMZ may not connect to the internal network. • This allows the DMZ's hosts to provide services to both the internal and external network while protecting the internal network in case intruders compromise a host in the DMZ. • The DMZ is typically used for connecting servers that need to be accessible from the outside world, such as e-mail, web and DNS servers. http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29
Software Firewall • Software loaded on a PC that performs a firewall function. • Protects ONLY that computer • There are many commercially available software firewall products. • After loading on a PC, it may have to be configured correctly in order to perform optimally. • Many operating systems contain a built-in software firewall Internet PC Firewall
Hardware Firewall • Hardware device located between the Internet and a PC (or PCs) that performs a firewall function • Protects ALL of the computers that it is behind • Many have a subnet region of lesser security protection called a Demilitarized Zone (DMZ). • May perform Network Address Translation (NAT) which provides hosts behind the firewall with addresses in the "private address range". This functionality hides true addresses of protected hosts and makes them harder to target. • There are several commercially available hardware firewall products. • After installation, it may have to be configured correctly in order to perform optimally. Internet DMZ PC Firewall PC PC PC
Firewall Types • Packet Filters, also called Network Layer Firewalls, operate at a relatively low level of the TCP/IP protocol stack, not allowing packets to pass through the firewall unless they match the established ruleset. The firewall administrator may define the rules; or default rules may apply. • Application-Layer Firewalls work on the application level of the TCP/IP stack (i.e., all browser traffic, or all telnet or ftp traffic), and may intercept all packets traveling to or from an application while blocking other packets. In principle, application firewalls can prevent all unwanted outside traffic from reaching protected machines. • A Proxy device acts as a firewall by responding to input packets (connection requests, for example) in the manner of an application, while blocking other packets. They make tampering with an internal system from the external network more difficult. http://en.wikipedia.org/wiki/Firewall
Firewall Configuration • Self-learning - some software firewalls will prompt the user as connection attempts occur (in-bound and out-bound) and ask for permission. • Some require subscription to White/Black Lists. • Many require (or can also be configured) that allowable ports and/or IP addresses be listed. • Access Control List – ACL • Requires a “knowledgeable” user
Firewall Issues • Some firewalls can also help protect against other problems such as viruses, spam, etc. • However, just because you have a firewall, don’t believe you are fully protected against malware. • Firewalls CANNOT protect against traffic or software that does not come through it. • Unauthorized connections (Modem, wireless, etc.) • Malware delivered via CD, DVD, Thumbdrives, etc.
Summary • In this section we have tried to provide some background on hardware and software firewalls, how they work and how they should be configured.
List of References • http://en.wikipedia.org/wiki/Firewall • http://en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29 • http://www.htmlgoodies.com/beyond/security/article.php/347320 • http://www.pcstats.com/articleview.cfm?articleID=1618 • http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx • http://www.microsoft.com/technet/community/columns/cableguy/cg0204.mspx CyberPatriot wants to thank and acknowledge the CyberWatch program which developed the original version of these slides and who has graciously allowed their use for training in this competition.