1 / 13

Firewall – Survey

Firewall – Survey. Purpose of a Firewall To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall All traffic must go through the firewall Allow and blocking traffic The Firewall itself should be immune of attacked. Firewall – possibilities.

fairly
Download Presentation

Firewall – Survey

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewall – Survey • Purpose of a Firewall • To allow ‘proper’ traffic and discard all other traffic • Characteristic of a firewall • All traffic must go through the firewall • Allow and blocking traffic • The Firewall itself should be immune of attacked

  2. Firewall – possibilities • 5(6) areas to control: • Services (web, ftp, mail …) i.e. Port# • Network (hosts) i.e. IP addresses • Direction i.e. control inside-out or reverse • User i.e. only authorized users allow • Behaviour (e.g. attachment to mail) • (Denial of Service Inspection)

  3. Firewall – solutions • Solutions: • HW – screening router • SW – Computer Based (build in the OS) • SW – dedicated Host Firewall

  4. Firewall – limitations • 3 limitations of Firewalls • Cannot protect against traffic not running trough the firewall (obvious!!) • Cannot protect against threats from inside(e.g. as the school network) • Cannot protect against viruses (i.e. they come in by legal traffic)

  5. Firewall – Types • 3 types of Firewalls • Packet-filtering • Packet-filtering – with state-full inspection • Application- gateways

  6. Firewall – Packet-filtering • Level 3 – network (IP-packets) • Filtering on (the access control list): • Source/Destination IP-addresses • Source/Destination Port-numbers • IP-protocol field (e.g. icmp, tcp, egp) • TCP-direction (SYN-bit) • IN / OUT on each interface • ICMP message type

  7. Firewall – Packet-filtering • Configurations • Policies: 1:optimistic: default set to allow2:pessimistic: default set to discard (normal) • Setting up rules

  8. Firewall – Packet-filtering • Weakness • Cannot ‘look’ into appl. Level information • Limited logging information • Do normally not support authentication • Can be attack by weakness in IP (e.g. IP-spoofing)

  9. Firewall – Packet-filtering • Stateful - inspection • Normal packet-filtering only look at one packet at a time. • Stateful packet-filtering can remember a sequence of packets.(can be used to detect spoofing)

  10. Firewall – Application-level • Level 5 Application gateway • Using Proxy Servers(e.g. a mail-client and a mail-server) • Spilt connections into 2 (one for inbound and one for outbound)

  11. Firewall – Application-level • More secure • Stateful inspection even more developed • User authentication are used • Weakness • slow-down performance • need to have proxies for all services

  12. Intrusion System • Deep packet inspection • Read and remember history of packets • Two types • Intrusion Detection System (IDS) • Send alert if behaviour is odd • One implementation snort (open source / Linux) • Intrusion Prevention System (IPS) • Filter out suspicious packets

  13. Firewall – Architecture • One recommended solution: • Screened subnet firewall MOST secure DMZ –demilitarized zone(2 packet-filter + bastion host on the net (DMZ) in between) • Home Firewalllike ZoneAlarm/Windows-firewall

More Related