1 / 36

Chapter 4

Chapter 4. FIREWALL. Visit for more Learning Resources. 1. Content. Definition of Firewall Need of Firewall Firewall Design Principles Firewall Characteristics 5.Firewall Limitations 6.Types of Firewall 7. Implementation of Firewall. 2. What is a Firewall ?. A firewall :

williamgarcia
Download Presentation

Chapter 4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 4 FIREWALL Visit for more Learning Resources 1

  2. Content • Definition of Firewall • Need of Firewall • Firewall Design Principles • Firewall Characteristics • 5.Firewall Limitations • 6.Types of Firewall • 7. Implementation of Firewall 2

  3. What is a Firewall ? • A firewall : • Acts as a security gateway between two networks • Usually between trusted and untrusted networks (such as between a corporate network and the Internet) • Tracks and controls network communications • Decides whether to pass, reject, encrypt, or log communications (Access Control) Internet “Allow Traffic to Internet” Corporate Site 3

  4. Rules Determine WHO ? WHEN ? WHAT ? HOW ? INTERNET My PC Secure Private Network Firewall 4

  5. Need for Firewall Theft or disclosure of internal data Unauthorized access to internal hosts Interception or alteration of data Vandalism & denial of service Wasted employee time Bad publicity, public embarrassment, and law suits

  6. Firewall Design Principles Centralized Data Processing Systems: -The system must have a central mainframe which supports a number of terminals which are directly connected. 2.Local Area Networks: -LAN's interconnecting PC's and terminals to each other and also with the mainframe. 3.Networking Location: -It consist of number of LAN’s, interconnecting PC’s , servers, and one or two mainframes.

  7. Firewall Design Principles • 4.Enterprise-wide network: • -It consist of multiple, geographical distributed location of networks that are interconnected by a private wide area network • 5.Internet connectivity: • -It is where the various located networks hook into the internet and may or my not be connected by private WAN 04/08/15 Firewall 7

  8. Firewall Characteristics • All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall) • Only authorized traffic (defined by the local security police) will be allowed to pass • The firewall itself is immune to penetration (use of trusted system with a secure operating system) 8

  9. Firewall Limitations A firewall can not protect against: malicious insiders /internal threats Attacks that bypass the firewall completely new threats some viruses the administrator that does not correctly set it up Firewall doesn’t provide any content based filtering. Encrypted traffic cannot be examined and filtered.

  10. Working of Firewalls Application: A firewall is a networking device –hardware, software or a combination of both-whose purpose is to enforce a security policy across its connection. Working: Firewalls enforce the establishment security policies. Variety of mechanisms includes: Network Address Translation(NAT) Basic Packet Filtering Stateful Packet Filtering Access Control List Application Layer Proxies.

  11. 1. Network Address Translation(NAT): a)Network Address Translation (NAT) is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. b)This allows an outside entity to communicate with an entity inside the firewall without truly knowing their identity. 2.Basic Packet Filtering: a)It looking at packets, their protocols and destinations and checking that information against the security policy. 3. Stateful Packet Filtering: a) is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.

  12. 4. Access Control List: a) ACLs are a network filter utilized by routers and some switches to permit and restrict data flows into and out of network interfaces. 5. Application Layer Proxies. a) Firewalls can monitor and filter on the application layer (Layer 7), as well as doing the traditional filtering such as packet filtering and stateful packet inspection. b) Application layer proxies are able to look deep within the packets (traffic) content, and look for inconsistencies, invalid or malicious commands, and executable programs.

  13. Types of Firewalls • Common types of Firewalls: • Software Firewall • Hardware Firewall • Packet Filtering Router • Proxy Server • Hybrid • Application-level gateways • Circuit-level gateways 13

  14. Software Firewall Designed to run on a single computer so also called as “Personal Firewall” It prevents unauthorized access to computer over a network connection by identifying ports. It can detect “suspicious activity” from outside world. Example: Norton 36,BlackICE Advantages: Easy to Configure Restrict specific application from internet Disadvantages: If firewall underlying OS is compromised , then firewall can be compromised. Relay on user decisions

  15. Hardware Firewall It has some software components and run either on a network device or server. Other software should not run on these machines so they are difficult to compromise and tend to be extremely secure. Example: CheckPoint,SonicWall Advantages: High Speed More secure No interference Disadvantages: Complex to configure

  16. Proxy Server A firewall proxy server is an application which act as a mediator two end system. A proxy server will receive a request from inside client, then the firewall will send this request to the remote server outside of the firewall on behalf if inside client. Then the response from the server is read and send back to the client

  17. Hybrid When there is combination of one or more no of firewall programs , then it is called Hybrid Firewall. It provides more security. In this some host resides inside the firewall and some resides outside the firewall. These are used by government agencies and large corporation’s because it is most effective type of firewall.

  18. Packet-filtering Router • 1.Applies a set of rules to each incoming IP • packet and then forwards or discards the packet • 2. Filtration rules are based on information of network packet • 3.Packet Filtering mechanisms work in the network layer of the OSI model. • 4.Packet filtering can also be done at the router level, providing an additional layer of security. 18

  19. a)Source IP address : IP address of system who generates the IP Packet. b)Destination IP address: IP address of system where IP packet is trying to reach. c)Source and Destination transport-level address: Transport level port numbers of TCP and UDP. d)IP protocol field: Tells the transport protocol. g)Interface: It is for router who uses three or more ports

  20. Packet Filtering Firewall Trusted Network Untrusted Network Firewallrule set Packet is Blocked or Discarded 04/08/15 Firewall 20

  21. Packet Filtering Firewall • A packet filtering firewall is often called a network layer firewall because the filtering is primarily done at the network layer (layer three) or the transport layer (layer four) of the OSI reference model. 04/08/15 Firewall 21

  22. Packet-filtering Router • Advantages: • Simplicity • Transparency to users • High speed • Disadvantages: • Difficulty of setting up packet filter rules • Lack of Authentication 22

  23. Application-level Gateway Application level firewalls work at the Application layer of the OSI model.  Application level firewalls decide whether to drop a packet or send them through based on the application information (available in the packet).  They do this by setting up various proxies on a single firewall for different applications.  Both the client and the server connect to these proxies instead of connecting directly to each other.  Application level firewalls can look in to individual sessions and decide to drop a packet based on information in the application protocol headers or in the application payload.

  24. Application Gateways/Proxies 24

  25. Application-level Gateway • Advantages • Proxy can log all connections, activity in connections • Proxy can provide caching • Proxy can do intelligent filtering based on content • Proxy can perform user-level authentication • Disadvantages • Not all services have proxied versions • May need different proxy server for each service • Requires modification of client • Performance 04/08/15 Firewall 25

  26. Circuit-level Gateway The circuit level gateway firewalls work at the session layer of the OSI model. It doesn't allow end-to-end TCP connection. In this two connections are established one a)One between itself and TCP user on an inner host b)One between itself and a TCP user outside host. 4. This technique is also called Network Address Translation. 5. In NAT addresses originating from the different clients of the network are all mapped to the public IP address available through the ISP(Internet Service Provider) and then to the outside world (Internet).

  27. Circuit-level Gateway 27

  28. Circuit-level Gateway Advantages: Private network data hiding Avoidance of filtering individual packets Flexible in developing address schemes Simpler to implement Disadvantages: Don't filter individual packets Less secure as compare to application gateway Requires two dedicated connections to be set up for each service and response

  29. Implementation / Configuration of Firewall Firewall is combination of packet filter and application level gateway. Based on these, there are three types of configurations. Screened Host Firewall , Single-Homed Bastion Screened Host Firewall, Dual-Homed Bastion Screened Subnet Firewall

  30. Screened Host Firewall , Single Homed Bastion In case of single homed bastion host the firewall system consists of a packet filtering router and a bastion host. A bastion host is basically a single computer with high security configuration, which has the following characteristics: a) Traffic from the Internet can only reach the bastion host; they cannot reach the internal network. b) Traffic having the IP address of the bastion host can only go to the Internet. No traffic from the internal network can go to the Internet.

  31. This type of configuration can have a web server placed in between the router and the bastion host in order to allow the public to access the server from the Internet. Drawback: The main problem with the single homed bastion host is that if the packet filter route gets compromised then the entire network will be compromised.

  32. Screened Host Firewall , DualHomed Bastion To eliminate the drawback of single homed bastion host we can use the dual homed bastion host firewall system. 2. Dual homed bastion host firewall system uses two network cards a) one is used for internal connection b) second one is  used for connection with the router. In this case, even if, the router got compromised, the internal network will remain unaffected since it is in the separate network zone.

  33. Screened Subnet Firewall This is one of the most secured firewall configurations. 2. In this configuration, two packet filtering routers are used. a)One between Internetapplication gateway b)Other between application gateway and Internal Network. 3. The bastion host is positioned in between the two routers. 4. This configuration achieves 3 level of security for an attacker to break into.

  34. THANK YOU For more detail contact us 04/08/15 Firewall 36

More Related