SlideShare a Scribd company logo

Firewall (Network Firewall used by Network)

Download as PPTX, PDF
B
BilalMehmood44

A firewall acts as a security gateway between trusted and untrusted networks like the internal network and the internet. It tracks and controls communications, deciding whether to pass, reject, encrypt or log traffic based on access control rules. Firewalls provide perimeter defense and impose restrictions on network services to only allow authorized traffic, auditing access and protecting data integrity. They can be implemented as standalone hardware devices or software on client computers and servers.

Education
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Intro to Firewalls, Security Zones & Security Policies
What is a Firewall ?  Acts as a security gateway between two networks  Usually between trusted and untrusted networks (such as between a establishment network and the Internet) Internet Network Gateway
What is a Firewall ?  Tracks and controls network communications  Decides whether to pass, reject, encrypt, or log communications (Access Control) “Allow Traffic to Internet” Internet “Block traffic from Internet”
What is a Firewall?  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services • only authorized traffic is allowed  Auditing and controlling access • can implement alarms for abnormal behavior  Itself immune to penetration  Provides perimeter defence
Why Firewalls are Needed  Prevent attacks from untrusted networks  Protect data integrity of critical information  Preserve customer and partner confidence
Implementation of Firewalls  A firewall may be implemented as a standalone hardware device or in the form of a software on a client computer or a proxy server • The two types of firewall are generally known as the hardware firewall and the software firewall  A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate
General Firewall Features  Port Control  Network Address Translation  Application Monitoring (Program Control)  Packet Filtering  Data encryption  Reporting/logging  e-mail virus protection  Pop-up ad blocking  Cookie digestion  Spy ware protection
Stateful Filtering
SRX High End Portfolio SRX 3600 SRX 3400 SRX 5600 SRX 5800
SRX Branch Portfolio Large Branch/Regional Office Small Office SRX100 Small to Medium Office SRX210 SRX650 SRX240 SRX220
SRX Series—Firewall, Zones, & Policies ZONE “UNTRUST” Originating Zone SRX ZONE “Accounting” ZONE “Trust” Policy—Deny All Policy—Allow All INTERNET Originating Zone ZONE “Guest” Originating Zone
Security Zone  A security zone is a collection of one or more network segments requiring the regulation of inbound and outbound traffic through policies  Traffic enters into one security zone and goes out on another security zone
Types  Functional Zone • Used for special purposes, like management interfaces  Security Zone • Logical entities to which one or more interfaces are bound • Building blocks for policies  Trust Zone/ Untrust Zone • Available only in the factory configuration • Used for initial connection to the device
Zone Config Configuring Host Inbound Traffic  Inbound traffic from devices directly connected to the device's interfaces is dropped by default  Protect the device against attacks launched from systems  Can prohibit use of other applications on the same or different interfaces of a zone  Must enable all expected host-inbound traffic Zone Creation
Security Policies • To allow traffic to pass from one security zone to another in each dir Zone A Zone B Zone B Zone A
Security Policies Policies perform the actions on the traffic attempting to cross from one security zone to another • Deny • Permit • Reject • Encrypt • Decrypt • Authenticate • Prioritize • Filter • Monitor
Security Policies Each policy is associated with match criteria as :  A source zone  A destination zone  One or many source address names/address set names  One or many destination address names/ address set names  One or many application names/application set names
2 3 Security Policy: from private zone to external zone If Source IP address = Host B Destination IP address = Host D Application = SSH then permit traffic Internet D B  Steps: 1. Host B initiates SSH to Host D Flow B  D 2. Security policy permits that flow 3. The flow triggers reverse flow creation; both flows result in a formed session 4. The return traffic, Host D  Host B receives permission also External Zone Private Zone B Public Zone A 1 2 4 Source Address Prot Source Port B D 6 6 29200 22 Destination Address Destination Port Int 22 D B 29200 . ge-0/0/0 ge-1/0/0 Session Table C Security Policy Conceptual Example
D B Devise security policies as per fol criteria:  Host A will be able to comm with Host C and D.  Host B can comm with Host C and vice versa.  Host C can comm with D.  D can comm with all on smtp except B.  D can only accept smtp traffic B A C Scenario
From Host To Host Application Action Host A Host C Any Permit Host A Host D SMTP Permit Host B Host C Any Permit Host C Host B Any Permit Host C Host D SMTP Permit Host D Host B Any Deny Any Host D SMTP Permit Scenario
THANK YOU

More Related Content

PPTX
UNIT-4 network information security ID system
agasyabutolia
 
PPTX
network security, group policy and firewalls
Sapna Kumari
 
PPT
chapter22-Network and Security-By-MIT.ppt
KamranHussainAwan
 
DOCX
A firewall is a network security device.
abidhassan225
 
PPTX
Network security - Defense in Depth
Dilum Bandara
 
PPT
Network Security Firewalls (description).ppt
sadiaafrin562177
 
PPTX
Lecture-13-Firewall_information_Security.pptx
homecooking511
 
PPT
Cryptography and Network Security Slide.
adaiki2023
 
UNIT-4 network information security ID system
agasyabutolia
 
network security, group policy and firewalls
Sapna Kumari
 
chapter22-Network and Security-By-MIT.ppt
KamranHussainAwan
 
A firewall is a network security device.
abidhassan225
 
Network security - Defense in Depth
Dilum Bandara
 
Network Security Firewalls (description).ppt
sadiaafrin562177
 
Lecture-13-Firewall_information_Security.pptx
homecooking511
 
Cryptography and Network Security Slide.
adaiki2023
 

Similar to Firewall (Network Firewall used by Network) (20)

PPT
Tech 101: Understanding Firewalls
Likan Patra
 
PPTX
Sapna ppt
Sapna Kumari
 
PPTX
types of firewalls ppt computer networks
KavithaMs10
 
PPT
A firewall is a network security system that monitors and controls network tr...
ssuserb2b355
 
PPT
Network security and cryptography ppt.ppt
ssuser51a50e
 
PPT
Firewall
lmbriscoe
 
PPTX
Firewall & DMZ.pptx
karthikvcyber
 
PPT
Network security
Vikas Jagtap
 
PPT
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
gocokir267
 
PPT
Unit II Chapter 6 firewalls.ppt
AkshitRana31
 
PDF
firewalls on crypto graphy and network security
MyilvahananJothivel
 
PDF
Fire walls
Smit Panchal
 
PPTX
Firewall and Types of firewall
Coder Tech
 
PPT
Ch20
Joe Christensen
 
PDF
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
FahmiOlayah
 
PPTX
firrewall and intrusion prevention system.pptx
fatimagull32
 
PDF
Introduction to Cyber security module - III
TAMBEMAHENDRA1
 
PPT
Firewall Modified
Ritesh Verma
 
PPT
Firewalls (1056778990099000000000000).ppt
TamilArasan564275
 
PPT
Chapter_Five[1].ppt
BachaSirata
 
Tech 101: Understanding Firewalls
Likan Patra
 
Sapna ppt
Sapna Kumari
 
types of firewalls ppt computer networks
KavithaMs10
 
A firewall is a network security system that monitors and controls network tr...
ssuserb2b355
 
Network security and cryptography ppt.ppt
ssuser51a50e
 
Firewall
lmbriscoe
 
Firewall & DMZ.pptx
karthikvcyber
 
Network security
Vikas Jagtap
 
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
gocokir267
 
Unit II Chapter 6 firewalls.ppt
AkshitRana31
 
firewalls on crypto graphy and network security
MyilvahananJothivel
 
Fire walls
Smit Panchal
 
Firewall and Types of firewall
Coder Tech
 
Ch20
Joe Christensen
 
Firewalls.pdfdifferencesCalculate the number of moles of Mg(NO3)2 in 44.4 g o...
FahmiOlayah
 
firrewall and intrusion prevention system.pptx
fatimagull32
 
Introduction to Cyber security module - III
TAMBEMAHENDRA1
 
Firewall Modified
Ritesh Verma
 
Firewalls (1056778990099000000000000).ppt
TamilArasan564275
 
Chapter_Five[1].ppt
BachaSirata
 
Ad

Recently uploaded (20)

PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
Classroom Observation Tools for Teachers
Nicaramirez
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PDF
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
PPTX
Lesson notes of climatology university.
sgladness67
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Trump Administration's workforce development strategy
Mebane Rash
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Classroom Observation Tools for Teachers
Nicaramirez
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
RTP_AR_KS1_Tutor's Guide_English [FOR REPRODUCTION].pdf
RobertMentino1
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Introduction-to-Literarature-and-Literary-Studies-week-Prelim-coverage.pptx
EricaRamos80
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Chapter 2 Heredity, Prenatal Development, and Birth.pdf
MarjorieLopezTiu
 
Lesson notes of climatology university.
sgladness67
 
Ad

Firewall (Network Firewall used by Network)

  • 1. Intro to Firewalls, Security Zones & Security Policies
  • 2. What is a Firewall ?  Acts as a security gateway between two networks  Usually between trusted and untrusted networks (such as between a establishment network and the Internet) Internet Network Gateway
  • 3. What is a Firewall ?  Tracks and controls network communications  Decides whether to pass, reject, encrypt, or log communications (Access Control) “Allow Traffic to Internet” Internet “Block traffic from Internet”
  • 4. What is a Firewall?  A choke point of control and monitoring  Interconnects networks with differing trust  Imposes restrictions on network services • only authorized traffic is allowed  Auditing and controlling access • can implement alarms for abnormal behavior  Itself immune to penetration  Provides perimeter defence
  • 5. Why Firewalls are Needed  Prevent attacks from untrusted networks  Protect data integrity of critical information  Preserve customer and partner confidence
  • 6. Implementation of Firewalls  A firewall may be implemented as a standalone hardware device or in the form of a software on a client computer or a proxy server • The two types of firewall are generally known as the hardware firewall and the software firewall  A firewall that stands in between two networks will inspect a packet that is ready to pass between the networks and allow or block the packet based on the rules set for the firewall to operate
  • 7. General Firewall Features  Port Control  Network Address Translation  Application Monitoring (Program Control)  Packet Filtering  Data encryption  Reporting/logging  e-mail virus protection  Pop-up ad blocking  Cookie digestion  Spy ware protection
  • 9. SRX High End Portfolio SRX 3600 SRX 3400 SRX 5600 SRX 5800
  • 10. SRX Branch Portfolio Large Branch/Regional Office Small Office SRX100 Small to Medium Office SRX210 SRX650 SRX240 SRX220
  • 11. SRX Series—Firewall, Zones, & Policies ZONE “UNTRUST” Originating Zone SRX ZONE “Accounting” ZONE “Trust” Policy—Deny All Policy—Allow All INTERNET Originating Zone ZONE “Guest” Originating Zone
  • 12. Security Zone  A security zone is a collection of one or more network segments requiring the regulation of inbound and outbound traffic through policies  Traffic enters into one security zone and goes out on another security zone
  • 13. Types  Functional Zone • Used for special purposes, like management interfaces  Security Zone • Logical entities to which one or more interfaces are bound • Building blocks for policies  Trust Zone/ Untrust Zone • Available only in the factory configuration • Used for initial connection to the device
  • 14. Zone Config Configuring Host Inbound Traffic  Inbound traffic from devices directly connected to the device's interfaces is dropped by default  Protect the device against attacks launched from systems  Can prohibit use of other applications on the same or different interfaces of a zone  Must enable all expected host-inbound traffic Zone Creation
  • 15. Security Policies • To allow traffic to pass from one security zone to another in each dir Zone A Zone B Zone B Zone A
  • 16. Security Policies Policies perform the actions on the traffic attempting to cross from one security zone to another • Deny • Permit • Reject • Encrypt • Decrypt • Authenticate • Prioritize • Filter • Monitor
  • 17. Security Policies Each policy is associated with match criteria as :  A source zone  A destination zone  One or many source address names/address set names  One or many destination address names/ address set names  One or many application names/application set names
  • 18. 2 3 Security Policy: from private zone to external zone If Source IP address = Host B Destination IP address = Host D Application = SSH then permit traffic Internet D B  Steps: 1. Host B initiates SSH to Host D Flow B  D 2. Security policy permits that flow 3. The flow triggers reverse flow creation; both flows result in a formed session 4. The return traffic, Host D  Host B receives permission also External Zone Private Zone B Public Zone A 1 2 4 Source Address Prot Source Port B D 6 6 29200 22 Destination Address Destination Port Int 22 D B 29200 . ge-0/0/0 ge-1/0/0 Session Table C Security Policy Conceptual Example
  • 19. D B Devise security policies as per fol criteria:  Host A will be able to comm with Host C and D.  Host B can comm with Host C and vice versa.  Host C can comm with D.  D can comm with all on smtp except B.  D can only accept smtp traffic B A C Scenario
  • 20. From Host To Host Application Action Host A Host C Any Permit Host A Host D SMTP Permit Host B Host C Any Permit Host C Host B Any Permit Host C Host D SMTP Permit Host D Host B Any Deny Any Host D SMTP Permit Scenario