140 likes | 238 Views
Firewalls. What are they and how to they operate. Firewall. A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules.
E N D
Firewalls What are they and how to they operate
Firewall • A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules. • Frequently used to protect networks from unauthorized access while permitting legitimate communications to pass.
Firewall • Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. • Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.
Firewall • The term firewall originally referred to a wall intended to confine a fire or potential fire within a building. • Later uses refer to similar structures, such as the metal sheet separating the engine compartment of a vehicle or aircraft from the passenger compartment.
Firewall • Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The predecessors to firewalls for network security were the routers used in the late 1980s:[
Firewall -- Why • The Morris Worm (11-88) spread itself through multiple vulnerabilities in the machines of the timevia the Internet • Although it was not malicious in intent, the Morris Worm was the first large scale attack on Internet security; • The online community was neither expecting an attack nor prepared to deal with one
Firewalls -- Why • It also resulted in the first conviction in the US under the 1986 Computer Fraud and Abuse Act. • It was written by a student at Cornell University, Robert Tappan Morris • Launched on November 2, 1988 from MIT.
1st Generation – Packet Filters • First developed in 1988 • Work by “inspecting” packets between computers and the Internet. • Basically, if a packet matches the packet rules the firewall will: • Drop it – silently discard OR • Reject it – discard and send error messages to the source
1st Generation – Packet Filters • This type of packet filtering pays no attention to whether a packet is part of an existing stream of traffic (i.e. it stores no information on connection "state"). • Instead, it filters each packet based only on information contained in the packet itself • Most commonly using a combination of the packet's source and destination address, its protocol, and, for TCP and UDP traffic, the port number
2nd Gen. – Stateful Filters • Second-generation firewalls perform the work of their first-generation predecessors but operate up to layer 4 (transport layer) • They examine each data packet as well as its position within the data stream. • Known as stateful packet inspection, it records all connections passing through it determines whether a packet is the start of a new connection, a part of an existing connection, or not part of any connection. • Though static rules are still used, these rules can now contain connection state as one of their test criteria.
2nd Gen – Stateful Filters • Certain denial-of-service (DOS) attacks bombard the firewall with thousands of fake connection packets to in an attempt to overwhelm it by filling up its connection state memory.
3rd Gen – Application Layer • The key benefit of application layer filtering is that it can "understand" certain applications and protocols (such as File Transfer Protocol, DNS, or web browsing) • It can detect if an unwanted protocol is sneaking through on a non-standard port or if a protocol is being abused in any harmful way. • The existing deep packet inspection functionality of modern firewalls can be shared by Intrusion-prevention systems (IPS).
Firewalls • Further Readings • http://www.practicallynetworked.com/sharing/firewall.htm