SlideShare a Scribd company logo

Firewall Modified

Download as PPT, PDF
R
Ritesh Verma

Firewalls monitor incoming and outgoing network traffic and allow only authorized traffic according to a security policy. There are different types of firewalls including packet filters, application-level gateways, and circuit-level gateways. Packet filters apply rules to IP packets to forward or discard them, while application-level gateways provide end-to-end connections and additional security through proxy services. Circuit-level gateways limit connections between internal and external hosts. Firewall configurations can include screened host or screened subnet designs with dual-homed bastion hosts for added security.

Technology
1 of 36
Downloaded 42 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Firewalls
What is a Firewall? A firewall is a hardware or software (or a combination of hardware and software) that monitors the transmission of packets of digital information that attempt to pass through the perimeter of a network. It is an effective means of protecting a local system or n/w from n/w related security threats
Firewall design goals All traffic from inside or outside must pass through the firewall Only authorized traffic as defined by the local security policy, will be allowed to pass The firewall itself is immune to penetration
Type of controls Service control Direction control User control Behavior control
Firewall capabilities FW defines a single choke point Provides a location for monitoring security-related events Handles network related events Serves as a platform for IPSec
Firewall Limitations cannot protect from attacks bypassing it cannot protect against internal threats eg disgruntled employee cannot protect against transfer of all virus infected programs or files because of huge range of O/S & file types
Types of Firewalls Packet Filters Application-Level Gateways Circuit-Level Gateways
Packet Filters
Packet Filters A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet. The router is typically configured to filter packets going in both directions (from and to the internal network). possible default policies Discard Forward
Packet-Filtering Examples Connection to our SMTP port * * 25 OUR-GW Allow We don’t trust these people * SPIGOT * * Block comment Port Theirhost Port Ourhost Action
default * * * * Block comment Port Theirhost Port Ourhost Action Connection to their SMTP 25 * * * Allow comment Port Theirhost Port Ourhost Action
Attacks on Packet Filters IP address spoofing fake source address (internal) add filters on router to block (external interface) source routing attacks attacker sets a route other than default block source routed packets tiny fragment attacks split header info over several tiny packets either discard or reassemble before check
Advantages Simple Transparent to users Very fast Disadvantages Rule generation is difficult Lack of authentication
Application Level Gateway (Proxy server) Internal host (private n/w) Application level GW Inside connection External host (part of internet) Outside connection User’s illusion (HTTP,FTP,TELNET,SMTP)
Purpose - monitor every connection - provide end-to-end connection Advantage - more secure than packet filter Disadvantage Additional processing overhead on each connections
Circuit Level Gateway out out out in in in Inside host Inside connection Outside host Outside connection Circuit-level gateway
Circuit Level Gateway Relays two TCP connections Imposes security by limiting which such connections are allowed Once created usually relays traffic without examining contents Typically used when trust internal users by allowing general outbound connections Example: SOCKS package
Bastian Host It is a critical strong point in the network security A Bastian host is a system which contains either application-level or circuit-level GW or both Only the services that the n/w administrator considers essential are installed on the bastion host. These include proxies such as Telnet, DNS, FTP, SMTP and user authentication. It executes secure version of it OS
Characteristics Most secured OS is included Essential services are included Requires additional authentication of user Configured to support a subset of applications Maintains detailed audit log Allow access only to specific host system Each proxy module is a very small s/w pkg sepcifically designed for n/w security Each proxy is independent of other proxies on the bastion hosts
Firewall Configurations
Screened host firewall, single-homed bastion configuration Firewall consists of two systems: A packet-filtering router A bastion host Configuration for the packet-filtering router: Only packets from and to the bastion host are allowed to pass through the router The bastion host performs authentication and proxy functions
Greater security than single configurations because of two reasons: This configuration implements both packet-level and application-level filtering (allowing for flexibility in defining security policy) An intruder must generally penetrate two separate systems This configuration also affords flexibility in providing direct Internet access (public information server, e.g. Web server)
 
Screened host firewall, dual-homed bastion configuration If the packet filtering router is compromised, traffic can’t flow directly through the router between Internet and other hosts on the private network. Traffic between the Internet and other hosts on the private network has to flow through the bastion host
 
Screened subnet firewall configuration Most secure configuration of the three Two packet-filtering routers are used Creation of an isolated sub-network
Advantages The outside router advertises only the existence of the screened subnet to the internet The inside router advertises only the existence of the screened subnet to the internal network
Trusted Systems One way to enhance the ability of a system to defend against intruders and malicious programs is to implement trusted system technology
Data Access Control Through the user access control procedure (log on), a user can be identified to the system Associated with each user, there can be a profile that specifies permissible operations and file accesses The operation system can enforce rules based on the user profile
General models of access control: Access matrix Access control list Capability list
Access Control Matrix
Access Matrix: Basic elements of the model Subject: An entity capable of accessing objects (process) Object: Anything to which access is controlled (e.g. files, programs) Access right: The way in which an object is accessed by a subject (e.g. read, write, execute)
Access control list Decomposition of the matrix by columns Access control list for Segment B: Process2(Read) Access control list for Segment A: Process1(Read,Write) Access control list for program1: Process1(Read,Executre)
Access Control List An access control list lists users and their permitted access right
Capability list Decomposition of the matrix by rows Capability list for process2: Segment B (Read) Capability list for process1: Program1(Read,Executre) Segment A (Read, Write)
Capability list A capability ticket specifies authorized objects and operations for a user. Each user have a number of tickets

More Related Content

PPT
Firewals in Network Security NS10
koolkampus
 
PPTX
Cyber Security - Firewall and Packet Filters
Radhika Talaviya
 
PPT
Introduction to firewalls
Divya Jyoti
 
PPTX
Firewall Design and Implementation
ajeet singh
 
PPTX
Firewall and its Types
crisma baby mathew
 
PPTX
Firewall
Husumihadi
 
PPTX
Firewalls
vaishnavi
 
PDF
E firewalls
Abhiroop Ghatak
 
Firewals in Network Security NS10
koolkampus
 
Cyber Security - Firewall and Packet Filters
Radhika Talaviya
 
Introduction to firewalls
Divya Jyoti
 
Firewall Design and Implementation
ajeet singh
 
Firewall and its Types
crisma baby mathew
 
Firewall
Husumihadi
 
Firewalls
vaishnavi
 
E firewalls
Abhiroop Ghatak
 

What's hot (19)

PPTX
Firewall and It's Types
Hem Pokhrel
 
PPT
firewalls
ahmedOday
 
PPTX
Firewall
Idris Shah
 
PPT
Intoduction to Network Security NS1
koolkampus
 
PPT
Firewalls
Sanjeevsharma620
 
PPTX
Firewall in Network Security
lalithambiga kamaraj
 
PPTX
Trusted systems1
Sumita Das
 
PPTX
Dealing with legacy code
Prachi Gulihar
 
PPTX
Firewall and its types and function
Nisarg Amin
 
PPTX
Seminar
Abhinav Kushwah
 
PPTX
A walk through Windows firewall and Netsh commands
Rhydham Joshi
 
PPT
Firewall Management: What Is It?
Patten John
 
PDF
Ch 13: Network Protection Systems
Sam Bowne
 
PPTX
Web application security part 01
Prachi Gulihar
 
DOCX
Firewall
syeda zoya mehdi
 
PPT
Firewalls
IGZ Software house
 
PPT
Firewall
Rameswar Mishra
 
PDF
Ch 6: Enumeration
Sam Bowne
 
PPS
Internetworking With Pix Firewall
Souvik Santra
 
Firewall and It's Types
Hem Pokhrel
 
firewalls
ahmedOday
 
Firewall
Idris Shah
 
Intoduction to Network Security NS1
koolkampus
 
Firewalls
Sanjeevsharma620
 
Firewall in Network Security
lalithambiga kamaraj
 
Trusted systems1
Sumita Das
 
Dealing with legacy code
Prachi Gulihar
 
Firewall and its types and function
Nisarg Amin
 
Seminar
Abhinav Kushwah
 
A walk through Windows firewall and Netsh commands
Rhydham Joshi
 
Firewall Management: What Is It?
Patten John
 
Ch 13: Network Protection Systems
Sam Bowne
 
Web application security part 01
Prachi Gulihar
 
Firewall
syeda zoya mehdi
 
Firewalls
IGZ Software house
 
Firewall
Rameswar Mishra
 
Ch 6: Enumeration
Sam Bowne
 
Internetworking With Pix Firewall
Souvik Santra
 
Ad

Viewers also liked (6)

DOCX
Resume - Amogh
Amogh Rajadhyaksha
 
PPTX
Manish Birthday
Vaibhav Singh
 
DOCX
HITENDRA AHIR_BA
Hitendra Ahir
 
PPT
Anvesh
Anvesh Babu
 
PPTX
Does Grey Matter? (Prelims)
Ananyo B
 
PPTX
Agrim
Vaibhav Singh
 
Resume - Amogh
Amogh Rajadhyaksha
 
Manish Birthday
Vaibhav Singh
 
HITENDRA AHIR_BA
Hitendra Ahir
 
Anvesh
Anvesh Babu
 
Does Grey Matter? (Prelims)
Ananyo B
 
Agrim
Vaibhav Singh
 
Ad

Similar to Firewall Modified (20)

PPT
Firewalls
University of Central Punjab
 
PPT
Firewalls
Ram Dutt Shukla
 
PPTX
CN. Presentation for submitting project term pptx
saad504633
 
PPTX
Firewall presentation
gaurav96raj
 
PDF
[9] Firewall.pdf
lamtran367679
 
PPT
Ch20
Joe Christensen
 
PPTX
Firewall
trilokchandra prakash
 
PPT
Unit II Chapter 6 firewalls.ppt
AkshitRana31
 
PPTX
Firewalls by Puneet Bawa
Puneet Bawa
 
PPTX
firewall
Chirag Patel
 
PPT
firewalls.ppt
Raj Kumar
 
PPTX
Firewall basics - types,architecture ,defination
Sucheta70
 
PPTX
Lec # 13 Firewall.pptx
skknowledge
 
PDF
Firewalls
Dr.Florence Dayana
 
PPTX
Firewall
Aravindharamanan S
 
PPT
Firewall
lmbriscoe
 
PPT
Firewalls (1056778990099000000000000).ppt
TamilArasan564275
 
PPTX
firrewall and intrusion prevention system.pptx
fatimagull32
 
PPT
Ch05 Network Defenses
Information Technology
 
PPT
Introduction to Firewalls and functions.ppt
dalton6070
 
Firewalls
University of Central Punjab
 
Firewalls
Ram Dutt Shukla
 
CN. Presentation for submitting project term pptx
saad504633
 
Firewall presentation
gaurav96raj
 
[9] Firewall.pdf
lamtran367679
 
Ch20
Joe Christensen
 
Firewall
trilokchandra prakash
 
Unit II Chapter 6 firewalls.ppt
AkshitRana31
 
Firewalls by Puneet Bawa
Puneet Bawa
 
firewall
Chirag Patel
 
firewalls.ppt
Raj Kumar
 
Firewall basics - types,architecture ,defination
Sucheta70
 
Lec # 13 Firewall.pptx
skknowledge
 
Firewalls
Dr.Florence Dayana
 
Firewall
Aravindharamanan S
 
Firewall
lmbriscoe
 
Firewalls (1056778990099000000000000).ppt
TamilArasan564275
 
firrewall and intrusion prevention system.pptx
fatimagull32
 
Ch05 Network Defenses
Information Technology
 
Introduction to Firewalls and functions.ppt
dalton6070
 

Recently uploaded (20)

PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Teaching material agriculture food technology
LiaRayya
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
A Presentation on Artificial Intelligence
memembruh336
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Approach and Philosophy of On baking technology
30anthuong17
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Spectroscopy.pptx food analysis technology
nawahassan45
 

Firewall Modified

  • 2. What is a Firewall? A firewall is a hardware or software (or a combination of hardware and software) that monitors the transmission of packets of digital information that attempt to pass through the perimeter of a network. It is an effective means of protecting a local system or n/w from n/w related security threats
  • 3. Firewall design goals All traffic from inside or outside must pass through the firewall Only authorized traffic as defined by the local security policy, will be allowed to pass The firewall itself is immune to penetration
  • 4. Type of controls Service control Direction control User control Behavior control
  • 5. Firewall capabilities FW defines a single choke point Provides a location for monitoring security-related events Handles network related events Serves as a platform for IPSec
  • 6. Firewall Limitations cannot protect from attacks bypassing it cannot protect against internal threats eg disgruntled employee cannot protect against transfer of all virus infected programs or files because of huge range of O/S & file types
  • 7. Types of Firewalls Packet Filters Application-Level Gateways Circuit-Level Gateways
  • 9. Packet Filters A packet filtering router applies a set of rules to each incoming IP packet and then forwards or discards the packet. The router is typically configured to filter packets going in both directions (from and to the internal network). possible default policies Discard Forward
  • 10. Packet-Filtering Examples Connection to our SMTP port * * 25 OUR-GW Allow We don’t trust these people * SPIGOT * * Block comment Port Theirhost Port Ourhost Action
  • 11. default * * * * Block comment Port Theirhost Port Ourhost Action Connection to their SMTP 25 * * * Allow comment Port Theirhost Port Ourhost Action
  • 12. Attacks on Packet Filters IP address spoofing fake source address (internal) add filters on router to block (external interface) source routing attacks attacker sets a route other than default block source routed packets tiny fragment attacks split header info over several tiny packets either discard or reassemble before check
  • 13. Advantages Simple Transparent to users Very fast Disadvantages Rule generation is difficult Lack of authentication
  • 14. Application Level Gateway (Proxy server) Internal host (private n/w) Application level GW Inside connection External host (part of internet) Outside connection User’s illusion (HTTP,FTP,TELNET,SMTP)
  • 15. Purpose - monitor every connection - provide end-to-end connection Advantage - more secure than packet filter Disadvantage Additional processing overhead on each connections
  • 16. Circuit Level Gateway out out out in in in Inside host Inside connection Outside host Outside connection Circuit-level gateway
  • 17. Circuit Level Gateway Relays two TCP connections Imposes security by limiting which such connections are allowed Once created usually relays traffic without examining contents Typically used when trust internal users by allowing general outbound connections Example: SOCKS package
  • 18. Bastian Host It is a critical strong point in the network security A Bastian host is a system which contains either application-level or circuit-level GW or both Only the services that the n/w administrator considers essential are installed on the bastion host. These include proxies such as Telnet, DNS, FTP, SMTP and user authentication. It executes secure version of it OS
  • 19. Characteristics Most secured OS is included Essential services are included Requires additional authentication of user Configured to support a subset of applications Maintains detailed audit log Allow access only to specific host system Each proxy module is a very small s/w pkg sepcifically designed for n/w security Each proxy is independent of other proxies on the bastion hosts
  • 21. Screened host firewall, single-homed bastion configuration Firewall consists of two systems: A packet-filtering router A bastion host Configuration for the packet-filtering router: Only packets from and to the bastion host are allowed to pass through the router The bastion host performs authentication and proxy functions
  • 22. Greater security than single configurations because of two reasons: This configuration implements both packet-level and application-level filtering (allowing for flexibility in defining security policy) An intruder must generally penetrate two separate systems This configuration also affords flexibility in providing direct Internet access (public information server, e.g. Web server)
  • 23.  
  • 24. Screened host firewall, dual-homed bastion configuration If the packet filtering router is compromised, traffic can’t flow directly through the router between Internet and other hosts on the private network. Traffic between the Internet and other hosts on the private network has to flow through the bastion host
  • 25.  
  • 26. Screened subnet firewall configuration Most secure configuration of the three Two packet-filtering routers are used Creation of an isolated sub-network
  • 27. Advantages The outside router advertises only the existence of the screened subnet to the internet The inside router advertises only the existence of the screened subnet to the internal network
  • 28. Trusted Systems One way to enhance the ability of a system to defend against intruders and malicious programs is to implement trusted system technology
  • 29. Data Access Control Through the user access control procedure (log on), a user can be identified to the system Associated with each user, there can be a profile that specifies permissible operations and file accesses The operation system can enforce rules based on the user profile
  • 30. General models of access control: Access matrix Access control list Capability list
  • 32. Access Matrix: Basic elements of the model Subject: An entity capable of accessing objects (process) Object: Anything to which access is controlled (e.g. files, programs) Access right: The way in which an object is accessed by a subject (e.g. read, write, execute)
  • 33. Access control list Decomposition of the matrix by columns Access control list for Segment B: Process2(Read) Access control list for Segment A: Process1(Read,Write) Access control list for program1: Process1(Read,Executre)
  • 34. Access Control List An access control list lists users and their permitted access right
  • 35. Capability list Decomposition of the matrix by rows Capability list for process2: Segment B (Read) Capability list for process1: Program1(Read,Executre) Segment A (Read, Write)
  • 36. Capability list A capability ticket specifies authorized objects and operations for a user. Each user have a number of tickets

Editor's Notes

  • #21: Stallings Fig 20-2.
  • #24: Stallings Fig 20-2.
  • #26: Stallings Fig 20-2.
  • #32: Stallings Fig 20-3.