Ch10 Firewall it-slideshares.blogspot.com
- 2. Overview Defining the types of firewalls. Developing a firewall configuration. Designing a firewall rule set.
- 3. Overview A firewall is a network access control device. It can perform a centralized security management function. It denies all traffic except that which is explicitly allowed. It can be configured based on services, source or destination IP address, and the user ID.
- 4. Defining the Types of Firewalls Application layer firewalls. Packet filtering firewalls. Hybrids.
- 5. Application Layer Firewalls Application layer firewalls (proxy firewalls) are software packages that reside on operating systems or on firewall appliances. Firewalls have multiple interfaces. All connections terminate on the firewall. They use proxies for inbound connections.
- 6. Application Layer Firewalls A set of policy rules defines how traffic from one network is transported to any other. If no rule exists, firewalls deny or drop the data packets. Policy rules are enforced through the use of proxies. Each protocol on a firewall must have its own proxy.
- 7. Application Layer Firewalls Application layer firewall proxy connections
- 8. Packet Filtering Firewalls Policy rules are enforced using packet inspection filters. If a protocol runs over UDP, the packet filtering firewall tracks the state of the UDP traffic. Connections do not terminate on the firewall. They do not rely on proxies for each protocol. They support network address translation.
- 9. Packet Filtering Firewalls Traffic through a packet filtering firewall
- 10. Hybrids Hybrid firewalls provide a way for handling protocols for which specific proxies do not exist. The generic services proxy (GSP) allows application layer proxies to handle other protocols. In a hybrid system, the GSP behaves like packet filtering firewalls.
- 11. Developing a Firewall Configuration Organization’s Internet policy allows users to use services such as HTTP, HTTPS, FTP, Telnet, and SSH. Based on the Internet policy, a set of policy rules for various architectures can be constructed.
- 12. Developing a Firewall Configuration Architecture 1: Internet accessible systems outside the firewall. Architecture 2: Single firewall. Architecture 3: Dual Firewall.
- 13. Internet Accessible Systems Architecture #1: Internet systems accessible to outside the firewall.
- 14. Internet Accessible Systems Firewall Rules for Internet Systems Accessible Outside the Firewall.
- 15. Single Firewall Architecture #2: Single firewall.
- 16. Single Firewall Firewall Rules for the Single Firewall Architecture.
- 17. Dual Firewalls Architecture #3: Dual Firewalls.
- 18. Dual Firewalls Firewall Rules for Firewall #1 in the Dual Firewall Architecture.
- 19. Dual Firewalls Firewall Rules for Firewall #2 in the Dual Firewall Architecture.
- 20. Designing a Firewall Rule Set When designing a firewall rule set, the first match algorithm dictates: The most specific rules to be placed at the top of the rule set. The least specific rules to be placed at the bottom of the rule set.
- 21. Designing a Firewall Rule Set To define a general rule set, examine: The expected traffic load of the firewall. Rank the traffic types in order. The Internet service with the largest traffic at the top of the rule set. Place any deny rules pertaining to the protocol.
- 22. Summary A firewall is a network access control device, available as application layer and packet filtering firewalls. A combination of these firewalls can also be used. Application layer or proxy firewalls use proxies for connections. In this setup, all connections terminate on the firewall.
- 23. Summary Unlike the application layer, the packet filtering firewalls enforce policy rules using packet inspection filters. A firewall can be configured as single, dual or placing Internet accessible systems outside the firewall. In a firewall rule set, place the specific rules on top and the least specific rules at the bottom.