1 / 19

Firewalls

Firewalls. Jiang Long Spring 2002. Outline. Introduction What’s a network firewall Why need a firewall Weakness of firewalls Several types of firewall techniques Policy considerations Making firewalls fit Firewall configurations Conclusion & References.

vicky
Download Presentation

Firewalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Firewalls Jiang Long Spring 2002

  2. Outline • Introduction • What’s a network firewall • Why need a firewall • Weakness of firewalls • Several types of firewall techniques • Policy considerations • Making firewalls fit • Firewall configurations • Conclusion & References

  3. Internet Growth Thousands of users Source:Bank IT’98

  4. What’s a network firewall Internet Home Internet Firewall • A network firewall is a • system or group of systems • that enforces an access control • policy between two networks • Implemented in both hardware and software, or a • combination of both

  5. Why need a firewall • against unauthenticated • interactive logins from the • “outside” world • provide a single ``choke • point'' where security and • audit can be imposed • act as your corporate “ambassador” to the • Internet

  6. Weakness of Firewalls • difficult to let data in through • make the network more complex • can't protect very well against • things like viruses • provide no or little protection on • incoming traffic

  7. Several types of firewall techniques • Packet Filtering • Application-level Gateway • Circuit-level Gateway • Proxy Server

  8. Packet Filtering Firewall • looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. • fairly effective and transparent to users • difficult to configure

  9. Application-level Gateway applies security mechanisms to specific applications generally regarded as the most secure type of firewall, very effective, but can impose a performance degradation set up may be complex such as FTP and Telnet servers

  10. Circuit-level Gateway • also called as “Circuit Relay” or “Stateful Inspection Firewall” • applies security mechanisms when a TCP or UDP connection is established • packets can flow between the hosts without further checking.

  11. Proxy Server • a program possibly running on a separate proxy server computer • accepts information transfer requests and sends appropriate responses back • such as caching proxy for web browsers (used by ISP) • used to block access to undesirable sites, or remove undesirable information contained on a web page • effectively hides the true network addresses

  12. Policy Considerations • the risks you intend to manage • the services you intend to offer from networks • the services you intend to request from • networks • the objective that all incoming and outgoing • network traffic must go through the firewall • be safe and in your interests • minimize the exposure of information

  13. Making Firewalls Fit • IP address • Domain names • Protocols • (IP, TCP, HTTP,FTP,UDP etc.) • Ports • Specific words and phases

  14. Firewall Configurations (1) Bastion Host No traffic directly between networks Figure 8.1 A typical Dual Homed Gateway

  15. Firewall Configurations (2) Traffic Blocked Private Network Screening Router Internet Other Hosts Traffic Permitted Bastion Host Figure 8.2 A typical Screened Host Gateway

  16. Firewall Configurations (3) Traffic Blocked Internet Private Network Screening Router Screened Subnet Other Hosts Traffic Permitted Bastion Host Figure 3: A typical Screened Subnet

  17. Conclusion Firewalls are a very effective way to protect your system from most Internet security threats and are a critical component of today's computer networks. Firewalls in networks keep damage on one part of the network (e.g., eavesdropping, a worm program, file damage) from spreading to the rest of the network. Without firewalls, network security problems can rage out of control, dragging more and more systems down.

  18. References http://searchsecurity.techtarget.com/sDefinition http://www.deatech.com/deatech/articles/FirewallWhyTo.html http://search.win2000mag.net/security/query.html?qt=firewall&qp=keywords:%22security%22 http://www.guest.seas.gwu.edu/~reto/firewall/ http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci212125,00.html

  19. Thank you

More Related