1 / 21

Filtering in Firewall

Filtering in Firewall. By Fantastic 5. Agenda. What is Firewall? Types Of Firewall Pros and Cons Of Different Firewalls What Firewall can do? What Firewall can not do? Q & A. What is Firewall?.

mac
Download Presentation

Filtering in Firewall

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Filtering in Firewall By Fantastic 5

  2. Agenda • What is Firewall? • Types Of Firewall • Pros and Cons Of Different Firewalls • What Firewall can do? • What Firewall can not do? • Q & A

  3. What is Firewall? Isolates organization’s internal network from larger Internet, allowing some packets to pass, blocking others.

  4. Types Of Firewall • Packet Filtering Firewall • Operate at network layer • Circuit Level • Operates at transport layer • Application level Firewall • Operates at Application layer

  5. Packet Filter Firewall Incoming Traffic Allowed Outgoing Traffic

  6. Packet Filtering Firewall • Stateless Filters • Stateful Filters • Content Filters • Dynamic Packet Filtering

  7. Stateless Packet Filters • Simple filters • Makes decision on a packet by packet basis • Every packet check

  8. Stateless Packet Filtering • Pros • Very fast, no need to remember • anything about the traffic • Cons • More Complex criteria decreases • performance • No protection against malicious code in • upper layer • Difficult to get the filtering rules right

  9. Stateful Packet Filtering • Each connection established is stored in • saved in a table. • The first packet of the connection is checked • against pre-defined rules.

  10. Stateful Packet Filtering • Pros • Scalable • More Secure, as maintain connection • state • Cons • Connection maintain even for • connectionless protocols • Takes more CPU time.

  11. Content Filtering • Check the content of the packet • It looks for the packet contents at the network layer

  12. Circuit level Firewall Incoming Traffic Allowed Outgoing Traffic

  13. Application Level Firewall Incoming Traffic Allowed Outgoing Traffic

  14. Circuit Level Firewall • Pros • Improved security • When network packets are • readdressed, information about • protected network is hidden • Cons • No application Level Security

  15. Dynamic Packet Filtering • Monitor state of active connection • Record session information such as IP, Port no. • Determines whether packets are allowed or not, by comparing state of that connection. • Much secure than static packet filter e.g. only replies to users data requests are let back in.

  16. What Firewalls can do? • Deny unauthorized access • Control access to authorized services • Monitor traffic • Raise alarm if suspicious activity occurs • Enforce Policy

  17. What Firewalls can not do? • Protect against threats inside your network • Protect against services allowed through the firewall • Set themselves up – misconfiguration • Only Firewalls can not be used to make the secure network

  18. Conclusion • The Firewall alone can not make the network secure from the public network like internet

  19. References • Firewall(networking). 2 March 2007. Wikimedia Foundation Inc. 2 March 2007. <http://en.wikipedia.org/wiki/Firewall> • Dynamic packet Filtering (DPF). September 2002. Netmaster Digital security, Inc. 11 March 2007. <http://www.netmaster.com/products/ggoss-dbf.pdf • Firewall Q&A. 2007. Vicomsoft Ltd. 26 Febraury2007. <http://www.vicomsoft.com/knowledge/reference/firewalls1.html#1> • Introduction to Firewalls. 3 Sep 2004. Addison Wesley Professional, Inc. 12 March 2007. <http://www.awprofessional.com/articles/article.asp?p=170452&seqNum=2&rl=1> • Evolution of Firewall Industry. 28 Sep 2002. Cisco Systems, Inc. 22 March 2007. <http://www.cisco.com/univercd/cc/td/doc/product/iaabu/centri4/user/scf4ch3.htm#xtocid0> • IP Packet Filtering. April 2007. IBM. 26 March 2007. <http://publib.boulder.ibm.com/infocenter/eserver/v1r3s/index.jsp?topic=/ipha5/packetfilterfirewall.htm> • NVIDIA Firewall. 2004. NVIDIA Corporation. 26 March 2007. <http://www.alienwaresystems.com.au/dnn2/Portals/0/nForce%204%20Firewall.pdf>

  20. Questions?

  21. Thank U !

More Related