Firewall & its Services
2 likes377 views
This document explains the function and types of firewalls, highlighting their role in controlling network traffic and enforcing security policies between different network zones. It details software-based and hardware-based firewalls, describing their features such as packet filtering, stateful packet inspection, and NAT (Network Address Translation). Additionally, it outlines various firewall services and types of NAT, providing insights into implementation and operational characteristics.
Firewall & its Services
- 1. N A V D E E P S I N G H Firewall & its Services
- 2. What is a Firewall ? Firewall is a device or a software feature designed to control the flow of trafic into and out-of a network. Firewall interconnects networks with different trust. Firewall implements and enforces a security policy between networks.
- 3. Firewall Zones Trusted Zone Untrusted Zone Demilitarized Zone(DMZ)
- 4. Firewall Zones Trusted Zone By default the LAN is trusted. Trusted zone contains a numerical value of 100 which means highest level of trust. Untrusted Zone Untrusted zone contains a numerical value of 0 which means lowest level of trust. A WAN port can only be mapped to an Untrusted Zone.
- 5. Firewall Zones Demilitarized Zone DMZs are less trusted zones Public Zone is demilitarized zone and has a trust value of 50
- 6. Types of Firewalls Software Based Firewalls Run as additional program on Personal Computers Known as Personal Firewalls Most of the SBFs get automatically configured and updated after installation. Examples of SBFs are:- Windows Firewall, Kaspersky Firewall, Zone Alarm Pro Firewall Also there are some open source firewall available. Exa:- OpenWRT, PfSense, Untangle Gateway, IPcop.
- 7. Types of Firewalls Hardware Based Firewalls Hardware based firewalls are the first line of defense against the cyber attacks. HBFs are more expensive as compared to SBFs. Traditionally HBFs were only used to carry out Packet Filtering. Today HBFs have built-in Intrusion Prevention System and Intrusion Detection System IPS/IDPS When IDPS detects a malicious activity it sends a signal, drops the packet, blocks the IP and resets the connection. Some Hardware Based Firewall providers are: CISCO ProSafe D-Link SonicWall Netgear
- 8. Cisco Firewalls Cisco Firepower 9300 (Latest Series-9000 & 4100) 1.2 Tbps clustered throughput 57 million concurrent connections, with application control 500,000 new connections per second High-end Next Gen. Firewall (NGFW)
- 9. Firewall Services The following services are provided by Firewalls: Packet Filtering Stateful packet Inspection Proxying Authentication Logging Content Filtering Network Address Translation
- 10. Packet Filtering Each incoming data packet is examined by the firewall. The header of the each packet is compared to the pre- configured set of rules. An allow or deny decision is made based on the results. Rules of packet filtering are: Protocol Type (TCP,IP,UDP,ICMP,ESP,etc) Source Address Source Port Destination Address Destination Port
- 11. Packet Filtering Packet Filtering Firewalls works on the Network Layer (layer 3) and Transport Layer (layer 4) of the OSI model of reference.
- 12. Stateful Packet Inspection All packets are examined and the header information is stored in dynamic state session table. State table is used verify the data packets from the same connection. The rules of stateful packet inspection are: Protocol Type (TCP,IP,UDP,ICMP,ESP,etc) Source Address Source Port Destination Address Destination Port Connection State
- 13. Stateful Packet Inspection In Stateful Packet Inspection technique the firewall examines the headers of all incoming data packets from the level of network layer to the application layer of the OSI Model of reference.
- 14. Proxy Services Proxy/Application gateway acts as an intermediate between the connections. Each connection can only communicate with other by going through the proxy/application gateway. Proxy/Application gateway operates at the Application layer (Layer 7) of the OSI Model of reference. When a client issues a request from an untrusted network, a connection is established between the client and proxy/gateway. The proxy/gateway compares the request to the set of rules, if finds the request valid, it sends a connection request to the destination on the behalf of the client.
- 15. Proxy Services Proxy Servers also provide some other services: Logging:-Proxy servers makes log of the each communication. Content Filtering Authentication
- 16. NAT(Network Address Translation) NAT is a method that enables hosts on private networks to communicate with hosts on the Internet. NAT is mostly used to translate between public address and private address. NAT can be also used for Public to Public Address Translation and Private to Private Address Translation. NAT hides the IP address and IP address structure of the internal network. In NAT the actual IP address/port used in an internal network is translated to the outside IP address/outside port. This is done by replacing the local IP address from the header of the data packet with the outside IP address.
- 17. Types of NAT Static NAT Static NAT performs one to one translation between two addresses or between a port on one address to a port on another address.
- 18. Types of NAT Static NAT Static NAT maps a block on external IP addresses to the same size block of internal IP addresses. NAT maps a specific port to come through the firewall rather than all ports. Static NAT allows the internal client to maintain their set-up information. Multiple ISP’s can be enlisted to provide a degree of fault-tolerant access to the system. If network performance or quality degrades, connections can be swapped to another supplier.
- 19. Dynamic NAT Dynamic does not perform one to one translation but instead maps a group on internal IP addresses to a pool of external IP addresses.
- 20. Dynamic NAT These mappings can be set to expire if they are not used within a programmable period of time. Dynamic NAT works as firewall between internal network and the outside network or internet. Dynamic NAT only allows the connections that originate inside the internal domain. A computer on an external network can not connect to one of the internal servers unless the internal node has initiated the contact.
- 21. Load Sharing NAT Load Sharing NAT(LSNAT) distributes a session load across a pool of servers. LSNAT is most often used in embedded server farms where a single blade server is unable to handle the increasing number of clients or sessions.
- 22. References Intro_firewalls by Aaron Balchunas (routeralely.com) University of Cambridge-University Information Services (Academic & Infrastructure)-” Firewalls and Network Address Translation”. CISCO-Security Guide, Cisco ACE Application Control Engine-”Configuring Network Address Translation” University of Virginia-Department of Computer Science- ”module17-nat” CISCO NGFW-product guide-Firepower 9300 -“at-a- glance-c45-734810.pdf”, Title “Threat-Centric Security for Service Providers “
- 23. Thank You