1 / 14

FIREWALL

FIREWALL. PRESENTATION. Beth Johnson. April 27, 1998. What is a Firewall. Firewall mechanisms are used to control internet access An organization places a firewall at each external connection to guarantee that the internal networks remain free from unauthorized traffic

blue
Download Presentation

FIREWALL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FIREWALL PRESENTATION Beth Johnson April 27, 1998

  2. What is a Firewall • Firewall mechanisms are used to control internet access • An organization places a firewall at each external connection to guarantee that the internal networks remain free from unauthorized traffic • A firewall consists of two barriers and a secure computer called a bastion host • Each barrier uses a filter to restrict datagram traffic • To be effective, a firewall that uses datagram filtering should restrict access to: • -all IP sources • -IP destinations • -protocols • -protocol ports • except those that are explicitly decided to be available externally

  3. Firewall continued • A packet filter that allows a manager to specify which datagrams to admit instead of which datagrams to block can make such restrictions easy to specify • The bastion host offers externally-visible servers, and runs clients that access outside servers • Usually, a firewall blocks all datagrams arriving from external sources except those destined for the bastion host

  4. Implementing a Firewall • A firewall can be implemented in one of several ways • -the choice depends on details such as the number of external connections • In many cases, each barrier in a firewall is implemented with a router that contains a packet filter • A firewall can also use a stub network to keep external traffic off network • A stub network consists of a short wire to which only three computers connect

  5. FIREWALL MARKET STUDY

  6. The WallRaptor Systems Inc. • Used for smaller networks • Has powerful logging capabilities so you can figure out if someone has tried to crack your network • Also, get Raptor’s WebNOT utility, which blocks 15,000 unsavory Web sites • For a nominal fee, the vendor will provide periodic updates • The wall can only be implemented on a 25-user network • Cost: $995 list

  7. Gauntlet Internet FirewallTrusted Information Systems (TIS) • Positioned as an application gateway • Uses proxies to enforce network traffic rules • Proxies track and log traffic as it flows through the firewall • Can configure smoke alarms to notify you when illegal activity occurs • Firewalls automatically builds a log report that tracks anomalies • You can also receive the alerts via e-mail or pager

  8. Gauntlet continued • Gauntlet is available in two versions • -software -only solution -$11,500 • it installs on an existing BSD Unix, HP/UX, or SunOS host • -turnkey solution -$15,000 • runs on a Pentium Machine

  9. Check Point Firewall-1Check Point Software Technologies Ltd. • Check Point redefined the way people think about firewalls with its stateful-inspection engine, which works at the network layer instead of an application-proxy-based firewall • Easy to add new services as they emerge • Firewall-1 comes with all of the basic services including: • -HTTP • -SSL • -NNTP • -SMTP • -DNS • Administrators can control each of these services using flexible rules

  10. Firewall-1 continued • Can place specific restrictions on individual FTP sites and directories, and can selectively allow gets but not puts • Check Point has developed Content Vectoring Protocol (CVP), which defines how a firewall forwards packets and data to specialized servers • An administrator can configure and monitor Firewall-1 on the firewall itself or from anywhere on the network • Any unauthorized use can trigger a visible or audible alert to the System Status screen or one of many other options such as e-mail • Firewall-1 optional encryption module turns the firewall into a VPN node • Dynamic TCP/IP addresses are allowed • Cost: 50 nodes -$4,995 • unlimited -$18,990

  11. AltaVista Firewall 97Digital Equipment Corp. • Application-proxy-based firewall • Suitable for small networks because of the lack of remote configuration capabilities and inability to work with more than two-adapter configurations • vulnerable to SYN-flood attacks • AltaVista has solid support for most of the basic services, except for some minor deficiencies with HTTP • Telnet and FTP access can be finely regulated • Cost: 50 nodes -$3,995 • unlimited -$14,995

  12. Firewall/PlusNetwork-1 Software & Technology • Aimed at networks of all sizes • Runs as a Window NT service on both Intel and Alpha platforms • Firewall/Plus uses both proxies and stateful inspection • Packets are allowed or denied based on choices made by the administrator configuration • Firewall/Plus can run transparently without an IP address • -to run in this manner, the firewall must be placed between the internet connection and the local network • Consists of a firewall engine and a user interface for making modifications to the engine

  13. Firewalls/Plus continued • You can remotely manage the firewall by loading the user interface on a remote PC and then connecting to a predefined TCP port over an encrypted connection • Cost: 50 nodes -$3,750 • unlimited -$13,000

  14. Basic Mini FirewallComputer Peripheral Systems • Used with a dial-up Internet connection at a desktop • The Basic Mini Firewall is tiny enough to slip into your pocket • It connects to your phone line and your 10 Base-T LAN • Product works by breaking your connection to the LAN when you connect to the Internet via your modem • Isn’t flexible (and being off the LAN can sometimes be inconvenient) • Makes LAN off-limits • Cost: $85 list

More Related