120 likes | 337 Views
Firewall. Kittiphan Techakittiroj engktc@au.ac.th. Firewall. Isolate two side of network trusted & untrusted network Work on higher layer not physical Hardware/Software. http://fbox.vt.edu:10021/T/thalgali/. Firewall. Characteristic of Firewall. Service Control:
E N D
Firewall Kittiphan Techakittiroj engktc@au.ac.th
Firewall • Isolate two side of network • trusted & untrusted network • Work on higher layer • not physical • Hardware/Software http://fbox.vt.edu:10021/T/thalgali/
Firewall Characteristic of Firewall • Service Control: • TCP/IP e.g. e-mail, ftp, http or UDP dns • Direction Control • for web-browsing, the initiate from inside to outside • for web-server, the initiate from outside to inside • User Control • Behavior Control • spam e-mail
Firewall Firewall cannot protect! • Attacks that bypass the firewall • inside network containing dial-in or dial-out • Attacks from inside • two employee attack each other • Attacks that embedded in seem-to-be-secure message • virus inside the e-mail • trojan horse from the download file
Firewall Category of Firewalls • Packet-Filtering • mostly embedded inside the router • transparent • Application-Level Gateway • mostly a dedicated computer • Circuit-Level Gateway • Bastion Host
Firewall Packet Filtering • Filter out the prohibit traffic • Usually on layer 3 & 4 • IP number: allow & prohibit, source & destination IP • TCP port number: allow & prohibit e.g. • #21 for FTP, #23 for telnet, #25 for E-mail (SMTP), #80 for world wide web • Separate Interface Policy e.g • From HCNL to BTL, but not from BTL to AUNet
Firewall Packet Filtering cont. • Transparent for the allow service • Standard Configuration • dual homed: hosting two network card • screening router http://fbox.vt.edu:10021/T/thalgali/
Firewall Application-Level Gateway • Proxy server, acts as a relay of application traffic • Application Specific • web proxy, telnet proxy • Require high computational power http://fbox.vt.edu:10021/T/thalgali/
Firewall Circuit-Level Gateway • Look like proxy server, but connection oriented • If “A” want to talk to “B”, then “A” open connection to “firewall” and “firewall” open connection to “B”. http://fbox.vt.edu:10021/T/thalgali/
Firewall Bastion Server • Server act like a gateway • Some server reqiured authentication • Can be configured to support the specific security needed. http://fbox.vt.edu:10021/T/thalgali/
Reference Books Cyrptography and Network Security by William Stallings (Prentice Hall: 2003) Internet Firewall Tutorial: A White Paper (RPAnetwork: July 2002) Developing Secure Commerce Applications by Online O’Reilly Web Development Courses (http://208.233.153.3/oreilly/security/westnet: 1999) Client/Server Survival Guide by Robert Orfali, Dan Harkey, Jeri Edwards (John Wiley & Sons: 1999)