SlideShare a Scribd company logo

Network Security Firewalls hELPFUL TT.ppt

Download as PPT, PDF
S
sadiaafrin562177

Network security

Engineering
1 of 63
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
Network Security Firewalls Network Security Firewalls Prepared by Prepared by : Kh Mustafizur Rahman Lecturer, Dept. Of CSE, WUB . World University of Bangladesh.
Outline of Presentation Outline of Presentation  The Nature of Today’s Attacker The Nature of Today’s Attacker  Firewall Definition and History Firewall Definition and History  What Firewalls Do and Cannot Do What Firewalls Do and Cannot Do  Types of Firewalls Types of Firewalls  Firewall Architecture Firewall Architecture  Do You Need a Firewall Do You Need a Firewall  Selecting Firewall Selecting Firewall  Implementations Implementations  Conclusion Conclusion
The Nature of Today’s Attackers The Nature of Today’s Attackers  Who are these “hackers” who are trying to break into your computer? Most people imagine someone at a keyboard late at night, guessing passwords to steal confidential data from a computer system. This type of attack does happen, but it makes up a very small portion of the total network attacks that occur. Today, worms and viruses initiate the vast majority of attacks. Worms and viruses generally find their targets randomly. As a result, even organizations with little or no confidential information need firewalls to protect their networks from these automated attackers.
What Is a Firewall?  The term firewall has been around for quite some time and originally was used to define a barrier constructed to prevent the spread of fire from one part of a building or structure to another. Network firewalls provide a barrier between networks that prevents or denies unwanted or unauthorized traffic.  Definition: A Network Firewall is a system or group of systems used to control access between two networks -- a trusted network and an untrusted network -- using pre-configured rules or filters.
What Is a Firewall?  Device that provides secure connectivity between networks (internal/external; varying levels of trust)  Used to implement and enforce a security policy for communication between networks  Firewalls can either be hardware and/or software based.
Firewalls History Firewalls History  Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The original idea was formed in response to a number of major internet security breaches, which occurred in the late 1980s.
Firewalls History Firewalls History  First generation - packet filters First generation - packet filters The first paper published on firewall technology was in 1988, The first paper published on firewall technology was in 1988, when Jeff Mogul from Digital Equipment Corporatin (DEC) when Jeff Mogul from Digital Equipment Corporatin (DEC) developed filter systems known as packet filter firewalls. developed filter systems known as packet filter firewalls.  Second generation - circuit level Second generation - circuit level From 1980-1990 two colleagues from AT&T Company, developed From 1980-1990 two colleagues from AT&T Company, developed the second generation of firewalls known as circuit level the second generation of firewalls known as circuit level firewalls. firewalls.  Third generation - application layer Third generation - application layer Publications by Gene Spafford of Purdue University, Bill Cheswick Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories described a third generation firewall. also at AT&T Laboratories described a third generation firewall. also known as known as proxy based proxy based firewalls. firewalls.
Firewalls History History  Subsequent generations In 1992, Bob Braden and Annette DeSchon at the University of Southren California (USC) were developing their own fourth generation packet filter firewall system. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1. Cisco, one of the largest internet security companies in the world released their PIX ” Private Internet EXchange ” product to the public in 1997.
What Firewalls Do What Firewalls Do  Positive Effects Positive Effects  Negative Effects Negative Effects
What Firewalls Do What Firewalls Do ( (Positive Effects Positive Effects) ) Positive Effects Positive Effects  User authentication. Firewalls can be configured to require user authentication. This allows network administrators to control ,track specific user activity.  Auditing and logging. By configuring a firewall to log and audit activity, information may be kept and analyzed at a later date.
What Firewalls Do What Firewalls Do ( (Positive Effects Positive Effects) )  Anti-Spoofing - Detecting when the source of the network traffic is being "spoofed", i.e., when an individual attempting to access a blocked service alters the source address in the message so that the traffic is allowed.  Network Address Translation (NAT) - Changing the network addresses of devices on any side of the firewall to hide their true addresses from devices on other sides. There are two ways NAT is performed: – One-to-One - where each true address is translated to a unique translated address. – Many-to-One - where all true addresses are translated to a single address, usually that of the firewall.
What Firewalls Do What Firewalls Do ( (Positive Effects Positive Effects) )  Virtual Private Networks VPNs are communications sessions traversing public networks that have been made virtually private through the use of encryption technology. VPN sessions are defined by creating a firewall rule that requires encryption for any session that meets specific criteria.
What Firewalls Do What Firewalls Do ( (Negative Effects Negative Effects) )  Negative Effects Negative Effects Although firewall solutions provide many benefits, negative Although firewall solutions provide many benefits, negative effects may also be experienced. effects may also be experienced. – Traffic bottlenecks. Traffic bottlenecks. By forcing all network traffic to pass By forcing all network traffic to pass through the firewall, there is a greater chance that the through the firewall, there is a greater chance that the network will become congested. network will become congested. – Single point of failure. Single point of failure. In most configurations where In most configurations where firewalls are the only link between networks, if they are not firewalls are the only link between networks, if they are not configured correctly or are unavailable, no traffic will be configured correctly or are unavailable, no traffic will be allowed through. allowed through.
What Firewalls Do What Firewalls Do ( (Negative Effects Negative Effects) ) – Increased management responsibilities. Increased management responsibilities. A firewall often A firewall often adds to network management responsibilities and makes adds to network management responsibilities and makes network troubleshooting more complex. network troubleshooting more complex.
What Firewalls Cannot Do What Firewalls Cannot Do  The most common misconception about firewalls is that they The most common misconception about firewalls is that they guarantee security for your network. guarantee security for your network.  A firewall A firewall cannot and does not cannot and does not guarantee that your network is guarantee that your network is 100% secure. 100% secure.  Firewalls cannot offer any protection against inside attacks. A Firewalls cannot offer any protection against inside attacks. A high percentage of security incidents today come from inside the high percentage of security incidents today come from inside the trusted network. trusted network.
What Firewalls Cannot Do What Firewalls Cannot Do  In most implementations, firewalls cannot provide protection In most implementations, firewalls cannot provide protection against viruses or malicious code. Since most firewalls do not against viruses or malicious code. Since most firewalls do not inspect the payload or content of the packet, they are not aware inspect the payload or content of the packet, they are not aware of any threat that may be contained inside. of any threat that may be contained inside.  Finally, no firewall can protect against inadequate or Finally, no firewall can protect against inadequate or mismanaged policies. mismanaged policies.
How Firewalls Work How Firewalls Work  There are two security design logic approaches network firewalls use to make access control decisions. – Everything not specifically permitted is denied. – Everything not specifically denied is permitted.  The one most often recommended is everything not specifically permitted is denied.
How Firewalls Work How Firewalls Work  Basic TCP/IP Flow review Basic TCP/IP Flow review
Types of Firewalls  Firewalls types can be categorized depending on: – The Function or methodology the firewall use – Whether the communication is being done between a single node and the network, or between two or more networks. – Whether the communication state is being tracked at the firewall or not.
Types of Firewalls 1. By the Firewalls 1. By the Firewalls methodology : :  Packet Filtering Packet Filtering  Stateful Packet Inspection Stateful Packet Inspection  Application Gateways/Proxies Application Gateways/Proxies  Adaptive Proxies Adaptive Proxies  Circuit Level Gateway Circuit Level Gateway
Packet Filtering Firewall A packet filtering firewall does exactly what its name implies -- it filters packets. As each packet passes through the firewall, it is examined and information contained in the header is compared to a pre- configured set of rules or filters. An allow or deny decision is made based on the results of the comparison. Each packet is examined individually without regard to other packets that are part of the same connection.
Packet Filtering Firewall Trusted Network Firewall rule set Packet is Blocked or Discarded Packet Filtering Firewall Untrusted Network
Packet Filtering Firewall  A packet filtering firewall is often called a network layer firewall because A packet filtering firewall is often called a network layer firewall because the filtering is primarily done at the network layer (layer three) or the the filtering is primarily done at the network layer (layer three) or the transport layer (layer four) of the OSI reference model. transport layer (layer four) of the OSI reference model.
Packet Filtering Firewall You use packet filters to instruct a firewall to drop traffic that You use packet filters to instruct a firewall to drop traffic that meets certain criteria. meets certain criteria. For example, you could create a filter that would drop all ping For example, you could create a filter that would drop all ping requests. You can also configure filters with more complex requests. You can also configure filters with more complex exceptions to a rule. exceptions to a rule.
Packet Filtering Firewall Packet filtering rules or filters can be configured to allow or deny Packet filtering rules or filters can be configured to allow or deny traffic based on one or more of the following variables: traffic based on one or more of the following variables: – Source IP address Source IP address – Destination IP address Destination IP address – Protocol type (TCP/UDP) Protocol type (TCP/UDP) – Source port Source port – Destination port Destination port
Packet Filtering Strengths : Strengths :  Packet filtering is typically Packet filtering is typically faster than other packet screening than other packet screening methods. Because packet filtering is done at the lower levels of the methods. Because packet filtering is done at the lower levels of the OSI model, the time it takes to process a packet is much quicker. OSI model, the time it takes to process a packet is much quicker.  Packet filtering firewalls can be Packet filtering firewalls can be implemented transparently implemented transparently. They . They typically require no additional configuration for clients. typically require no additional configuration for clients.  Packet filtering firewalls are typically Packet filtering firewalls are typically less expensive less expensive. Many . Many hardware devices and software packages have packet filtering hardware devices and software packages have packet filtering features included as part of their standard package. features included as part of their standard package.
Packet Filtering Weaknesses  Packet filtering firewalls allow a direct connection to be made between the two endpoints. Although this type of packet screening is configured to allow or deny traffic between two networks, the client/server model is never broken.  Packet filtering firewalls are fast and typically have no impact on network performance, but it's usually an all-or-nothing approach. If ports are open, they are open to all traffic passing through that port, which in effect leaves a security hole in your network.  Defining rules and filters on a packet filtering firewall can be a complex task.
Packet Filtering (Weaknesses)  Packet filtering firewalls are prone to certain types of attacks. Since packet inspection goes no deeper than the packet header information, There are three common exploits to which packet filtering firewalls are susceptible. – These are IP spoofing sending your data and faking a source address that the firewall will trust – ICMP ”Internet Control Message Protocol” tunneling ICMP tunneling allows a hacker to insert data into a legitimate ICMP packet.
Stateful Packet Inspection Stateful Packet Inspection  Stateful packet inspection uses the same fundamental packet Stateful packet inspection uses the same fundamental packet screening technique that packet filtering does. In addition, it screening technique that packet filtering does. In addition, it examines the packet header information from the network layer examines the packet header information from the network layer of the OSI model to the application layer to verify that the packet of the OSI model to the application layer to verify that the packet is part of a legitimate connection and the protocols are behaving is part of a legitimate connection and the protocols are behaving as expected. as expected.
Stateful Packet Inspection Firewall Stateful Packet Inspection Firewall As packets pass through the firewall, packet header information is examined and fed into a dynamic state table where it is stored. The packets are compared to pre-configured rules or filters and allow or deny decisions are made based on the results of the comparison. The data in the state table is then used to evaluate subsequent packets to verify that they are part of the same connection.
Stateful Packet Inspection Firewall Stateful Packet Inspection Firewall This method can make decisions based on one or more of the following:  Source IP address  Destination IP address  Protocol type (TCP/UDP)  Source port  Destination port  Connection state
Stateful Packet Inspection Firewall Stateful Packet Inspection Firewall  The connection state is derived from information gathered in previous packets.  It is an essential factor in making the decision for new communication attempts.  Stateful packet inspection compares the packets against the rules or filters and then checks the dynamic state table to verify that the packets are part of a valid, established connection.  By having the ability to "remember" the status of a connection, this method of packet screening is better equipped to guard against attacks than standard packet filtering.
Stateful Packet Inspection Firewall Stateful Packet Inspection Firewall Trusted Network Packet is Blocked or Discarded Untrusted Network
Stateful Packet Inspection Stateful Packet Inspection Strengths : Strengths :  Like packet filtering firewalls, have very little impact on network Like packet filtering firewalls, have very little impact on network performance. performance.  More secure than basic packet filtering firewalls. Because stateful packet More secure than basic packet filtering firewalls. Because stateful packet inspection digs deeper into the packet header information to determine inspection digs deeper into the packet header information to determine the connection state between endpoints. the connection state between endpoints.  Usually it have some logging capabilities. Logging can help identify and Usually it have some logging capabilities. Logging can help identify and track the different types of traffic that pass though the firewall. track the different types of traffic that pass though the firewall.
Stateful Packet Inspection Stateful Packet Inspection Weaknesses  Like packet filtering, stateful packet inspection does not break the client/server model and therefore allows a direct connection to be made between the two endpoints  Rules and filters in this packet screening method can become complex, hard to manage, prone to error and difficult to test.
Application Gateways/Proxies Application Gateways/Proxies  The proxy plays middleman in all connection attempts.  The application gateway/proxy acts as an intermediary between the two endpoints. This packet screening method actually breaks the client/server model in that two connections are required: one from the source to the gateway/proxy and one from the gateway/proxy to the destination. Each endpoint can only communicate with the other by going through the gateway/proxy.
Application Gateways/Proxies Application Gateways/Proxies  This type of firewall operates at the application level of the OSI model. For source and destination endpoints to be able to communicate with each other, a proxy service must be implemented for each application protocol.  The gateways/proxies are carefully designed to be reliable and secure because they are the only connection point between the two networks.
Application Gateways/Proxies Application Gateways/Proxies
Application Gateways/Proxies Application Gateways/Proxies Firewall Firewall  When a client issues a request from the untrusted network, a connection When a client issues a request from the untrusted network, a connection is established with the application gateway/proxy. The proxy determines is established with the application gateway/proxy. The proxy determines if the request is valid (by comparing it to any rules or filters) and then if the request is valid (by comparing it to any rules or filters) and then sends a new request on behalf of the client to the destination. By using sends a new request on behalf of the client to the destination. By using this method, a direct connection is never made from the trusted network this method, a direct connection is never made from the trusted network to the untrusted network and the request appears to have originated to the untrusted network and the request appears to have originated from the application gateway/proxy. from the application gateway/proxy. Untrusted Network Application Gateway (Proxy service) Work Station
Application Gateways/Proxies Application Gateways/Proxies Firewall Firewall  The response is sent back to the application gateway/proxy, which The response is sent back to the application gateway/proxy, which determines if it is valid and then sends it on to the client. determines if it is valid and then sends it on to the client.  By breaking the client/server model, this type of firewall can effectively By breaking the client/server model, this type of firewall can effectively hide the trusted network from the untrusted network. hide the trusted network from the untrusted network.  It is important to note that the application gateway/proxy actually builds It is important to note that the application gateway/proxy actually builds a new request, only copying known acceptable commands before a new request, only copying known acceptable commands before sending it on to the destination. sending it on to the destination.  Unlike packet filtering and stateful packet inspection, an application Unlike packet filtering and stateful packet inspection, an application gateway/proxy can see all aspects of the application layer so it can look gateway/proxy can see all aspects of the application layer so it can look for more specific pieces of information for more specific pieces of information
Application Gateways/Proxies Application Gateways/Proxies Strengths  Application gateways/proxies do not allow a direct connection to be made between endpoints. They actually break the client/server model.  Typically have the best content filtering capabilities. Since they have the ability to examine the payload of the packet, they are capable of making decisions based on content.  Allow the network administrator to have more control over traffic passing through the firewall. They can permit or deny specific applications or specific features of an application.
Application Gateways/Proxies Application Gateways/Proxies Weaknesses Weaknesses  The most significant weakness is the impact they can have on The most significant weakness is the impact they can have on performance. performance. it requires more processing power and has the potential to become a it requires more processing power and has the potential to become a bottleneck for the network. bottleneck for the network.  Typically require additional client configuration. Clients on the network Typically require additional client configuration. Clients on the network may require specialized software or configuration changes to be able to may require specialized software or configuration changes to be able to connect to the application gateway/proxy. connect to the application gateway/proxy.
Adaptive Proxies Adaptive Proxies  Known as dynamic proxies Known as dynamic proxies  Developed as an enhanced form of application gateways/proxies. Developed as an enhanced form of application gateways/proxies. Combining the merits of both application gateways/proxies and packet Combining the merits of both application gateways/proxies and packet filtering filtering
Circuit-level Gateway Circuit-level Gateway  Unlike a packet filtering firewall, a circuit-level gateway does not examine Unlike a packet filtering firewall, a circuit-level gateway does not examine individual packets. Instead, circuit-level gateways monitor TCP or UDP individual packets. Instead, circuit-level gateways monitor TCP or UDP sessions. sessions. Once a session has been established, it leaves the port open to allow all Once a session has been established, it leaves the port open to allow all other packets belonging to that session to pass. The port is closed when other packets belonging to that session to pass. The port is closed when the session is terminated. the session is terminated. circuit-level gateways operate at the transport layer (layer 4) of the OSI circuit-level gateways operate at the transport layer (layer 4) of the OSI model. model.
Types of Firewalls 2. 2. With regard to the scope of filtered communications the done With regard to the scope of filtered communications the done between a single node and the network, or between two or more between a single node and the network, or between two or more networks there exist : networks there exist : – Personal Firewalls, a software application which normally filters traffic entering or leaving a single computer. – Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks.
Types of Firewalls 3. Finally, Types depending on whether the firewalls keeps track of the state of network connections or treats each packet in isolation, two additional categories of firewalls exist: – Stateful firewall – Stateless firewall
Types of Firewalls Stateful firewall keeps track of the state of network connections (such as TCP keeps track of the state of network connections (such as TCP streams) traveling across it. streams) traveling across it. Stateful firewall is able to hold in memory significant attributes of Stateful firewall is able to hold in memory significant attributes of each connection, from start to finish. These attributes, which are each connection, from start to finish. These attributes, which are collectively known as the state of the connection, may include such collectively known as the state of the connection, may include such details as the IP addresses and ports involved in the connection and details as the IP addresses and ports involved in the connection and the sequence numbers of the packets traversing the connection. the sequence numbers of the packets traversing the connection.
Types of Firewalls Stateless firewall Treats each network frame (Packet) in isolation. Such a firewall has no Treats each network frame (Packet) in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet. is trying to establish a new connection, or is just a rogue packet. The classic example is the File Transfer Protocol, because by design it The classic example is the File Transfer Protocol, because by design it opens new connections to random ports. opens new connections to random ports.
Firewall Architecture  Since firewall solutions can be configured using a single system or multiple systems, the architecture used to implement the solution can be simple or complex. – Packet Filtering Router – Screened Host (Bastion Host) Screened Host (Bastion Host) – Dual-homed Gateway Dual-homed Gateway – Screened Subnet or Demilitarized Zone (DMZ) Screened Subnet or Demilitarized Zone (DMZ) – Firewall Appliance Firewall Appliance
Packet Filtering Router Packet Filtering Router  A packet filtering router is a router configured to screen packets between A packet filtering router is a router configured to screen packets between two networks. It routes traffic between the two networks and uses packet two networks. It routes traffic between the two networks and uses packet filtering rules to permit or deny traffic. filtering rules to permit or deny traffic. Trusted Network Untrusted Network Filtering Router
Screened Host (Bastion Host)  Router provides packet filters for some basic services  Bastion host proxies more risky services  Not suitable for exporting services
Screened Host (Bastion Host)
Dual-homed Gateway Dual-homed Gateway  A dual-homed gateway firewall consists of a highly secured host system A dual-homed gateway firewall consists of a highly secured host system running proxy software It has two network interfaces, one on each side running proxy software It has two network interfaces, one on each side of the firewall . Only gateways or proxies for the services that are of the firewall . Only gateways or proxies for the services that are considered essential are installed on the system. considered essential are installed on the system.
Screened Subnet or Demilitarized Screened Subnet or Demilitarized Zone (DMZ) Zone (DMZ)  Created between two packet filtering routers. Created between two packet filtering routers.  The exterior router is the only connection between the enterprise network and the The exterior router is the only connection between the enterprise network and the outside world outside world  The interior router does the bulk of the access control work. It filters packets The interior router does the bulk of the access control work. It filters packets  The bastion host is a secure server. It provides an interconnection point between The bastion host is a secure server. It provides an interconnection point between the enterprise network and the outside world for the restricted services the enterprise network and the outside world for the restricted services  The perimeter network connects the servers together and connects the exterior The perimeter network connects the servers together and connects the exterior router to the interior router router to the interior router
Do you need a firewall Do you need a firewall ? ?  The decision to implement a firewall solution should not be made without The decision to implement a firewall solution should not be made without doing some research and analysis. doing some research and analysis.  What does the firewall need to control or protect? What does the firewall need to control or protect? In order to make a sound decision, first identify what functions the firewall would need to perform. Will it control access to and from the network, or will it protect services and users? – What would the firewall control?  Access into the network  Access out of the network  Access between internal networks, departments, or buildings  Access for specific groups, users or addresses  Access to specific resources or services
Do you need a firewall Do you need a firewall ? ?  What would it need to protect? – Specific machines or networks – Specific services – Information - private or public – Users
Do you need a firewall Do you need a firewall ? ?  What impact will a firewall have on your organization, network and users? – What resources will be required to implement and maintain a firewall solution? – Who will do the work? Are experienced technical personnel available for the job or will someone need to be hired from outside your organization? – Is hardware available that meets the requirements to support a firewall solution? – Will existing services be able to function through a firewall? – What will the financial impact be on the organization? (Financial impact should include initial implementation costs, ongoing maintenance and upgrades, hardware and software costs, and technical support costs, whether the support is provided in-house or from an outside source.)
Selecting Firewall Solution Selecting Firewall Solution In order to pick the best architecture and packet screening method In order to pick the best architecture and packet screening method for a firewall solution, the following questions should for a firewall solution, the following questions should be considered: be considered:  What does the firewall need to do? What does the firewall need to do?  What additional services would be desirable? What additional services would be desirable?  How will it fit in the existing network? How will it fit in the existing network?  How will it effect existing services and users? How will it effect existing services and users?
Security Policy Security Policy The success of any firewall solution's implementation is directly related to The success of any firewall solution's implementation is directly related to the existence of a well-thought-out and consistently-implemented the existence of a well-thought-out and consistently-implemented security policy. security policy. Some of the topics a security policy may address are: Some of the topics a security policy may address are:  Administrative Issues Administrative Issues – User access - Which users will be allowed access to and from the network? User access - Which users will be allowed access to and from the network? – Access to services - Which services will be allowed in and out of the network? Access to services - Which services will be allowed in and out of the network? – Access to resources - Which resources will be available to users? Access to resources - Which resources will be available to users? – User authentication - Will the organization require user authentication? User authentication - Will the organization require user authentication? – Logging and auditing - Will the organization want to keep log and audit files. Logging and auditing - Will the organization want to keep log and audit files. – Policy violation consequences - What will be the consequences of policy Policy violation consequences - What will be the consequences of policy violation? violation? – Responsibilities - Who will oversee and administer the security policy? Who has Responsibilities - Who will oversee and administer the security policy? Who has final authority on decisions? final authority on decisions?
Security Policy Security Policy  Technical Issues Technical Issues – Remote access - Will the organization allow remote access to the network? Remote access - Will the organization allow remote access to the network? – Physical security - How will physical security of machines, one of the most Physical security - How will physical security of machines, one of the most obvious security elements that is often overlooked, be achieve? obvious security elements that is often overlooked, be achieve? – Virus protection - How will the organization handle virus protection? Virus protection - How will the organization handle virus protection?
Implementations Implementations  Software Software – Devil-Linux Devil-Linux – Dotdefender Dotdefender – ipfirewall ipfirewall – PF PF – Symantec Symantec … …  Hardware – Cisco PIX – DataPower – SofaWare Technologies
Conclusion Conclusion  Don’t make the mistake of thinking that no one will attack your network, Don’t make the mistake of thinking that no one will attack your network, because with the rise in automated attack tools, your network is as much because with the rise in automated attack tools, your network is as much at risk as every other network on the Internet. at risk as every other network on the Internet.  The need for firewalls has led to their ubiquity. Nearly every organization The need for firewalls has led to their ubiquity. Nearly every organization connected to the Internet has installed some sort of firewall. connected to the Internet has installed some sort of firewall.  When choosing and implementing a firewall solution, make a decision When choosing and implementing a firewall solution, make a decision based on the organization's needs, security policy, technical analysis, and based on the organization's needs, security policy, technical analysis, and financial resources. Solutions available today utilize different types of financial resources. Solutions available today utilize different types of equipment, network configurations, and software. equipment, network configurations, and software.
Q & A Q & A Questions ? Questions ?

More Related Content

PPT
Firewall
Kunal Kumar
 
PPTX
Firewall ppt.pptx
BhushanLokhande12
 
PPTX
csefirewall in network.ppt-170825044521.pptx
MohammedAli580048
 
PDF
Firewall.pdf
ImXaib
 
PPTX
Firewall
Naga Dinesh
 
PPTX
Firewall ppt
OECLIB Odisha Electronics Control Library
 
PPTX
Firewall
reddivarihareesh
 
PDF
Firewalls Jumpstart For Network And Systems Administrators John R Vacca Scott...
aafkekuczik
 
Firewall
Kunal Kumar
 
Firewall ppt.pptx
BhushanLokhande12
 
csefirewall in network.ppt-170825044521.pptx
MohammedAli580048
 
Firewall.pdf
ImXaib
 
Firewall
Naga Dinesh
 
Firewall ppt
OECLIB Odisha Electronics Control Library
 
Firewall
reddivarihareesh
 
Firewalls Jumpstart For Network And Systems Administrators John R Vacca Scott...
aafkekuczik
 

Similar to Network Security Firewalls hELPFUL TT.ppt (20)

PPTX
Firewall presentation
yogendrasinghchahar
 
PPTX
FIREWALLS BY SAIKIRAN PANJALA
Saikiran Panjala
 
PPTX
Firewall & packet filter new
Karnav Rana
 
DOC
Firewall
Shiva Krishna Chandra Shekar
 
DOC
Firewall
Shiva Krishna Chandra Shekar
 
PPTX
Firewall ppt
LakshmiSamivel
 
PDF
Firewall
Netwax Lab
 
PDF
Firewall
Ahmed Elnaggar
 
PPTX
Firewall ppt
Revanth71
 
PDF
Firewall
Shamima Akther
 
PPT
Firewall presentation m. emin özgünsür
emin_oz
 
PDF
Edu 03Anju 23 assignment.pdf
ANJUMOHANANU
 
PPTX
Firewalls
Shatha Al-mazrou
 
PPT
Firewalls
Shreya Singireddy
 
DOC
Firewalls
Shreya Singireddy
 
PPT
Firewall
Amuthavalli Nachiyar
 
PPT
Firewall protection
VC Infotech
 
PPT
Firewall
Apo
 
PPT
Firewall
Garmian
 
PDF
FIREWALLs in an information security.ppt
sanamjutt055
 
Firewall presentation
yogendrasinghchahar
 
FIREWALLS BY SAIKIRAN PANJALA
Saikiran Panjala
 
Firewall & packet filter new
Karnav Rana
 
Firewall
Shiva Krishna Chandra Shekar
 
Firewall
Shiva Krishna Chandra Shekar
 
Firewall ppt
LakshmiSamivel
 
Firewall
Netwax Lab
 
Firewall
Ahmed Elnaggar
 
Firewall ppt
Revanth71
 
Firewall
Shamima Akther
 
Firewall presentation m. emin özgünsür
emin_oz
 
Edu 03Anju 23 assignment.pdf
ANJUMOHANANU
 
Firewalls
Shatha Al-mazrou
 
Firewalls
Shreya Singireddy
 
Firewalls
Shreya Singireddy
 
Firewall
Amuthavalli Nachiyar
 
Firewall protection
VC Infotech
 
Firewall
Apo
 
Firewall
Garmian
 
FIREWALLs in an information security.ppt
sanamjutt055
 
Ad

Recently uploaded (20)

PDF
737-MAX_SRG.pdf student reference guides
ssusere2119a1
 
PPTX
Sorting and Hashing in Data Structures with Algorithms, Techniques, Implement...
usham61
 
PPTX
communication and presentation skills 01
CdtAfrazAttaullah
 
PDF
null (2) bgfbg bfgb bfgb fbfg bfbgf b.pdf
Ramez Hosny
 
PPTX
Feature types and data preprocessing steps
deepalishinkar1
 
PPTX
Safety Seminar civil to be ensured for safe working.
DILJEETKUMAR8
 
PPTX
Graph Data Structures with Types, Traversals, Connectivity, and Real-Life App...
usham61
 
PDF
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
PPTX
Module 8- Technological and Communication Skills.pptx
Ramya Nellutla
 
PPT
Occupational Health and Safety Management System
Akshay Kant Mishra
 
PDF
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
PPTX
Management Information system : MIS-e-Business Systems.pptx
ShankarGowda22
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PDF
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
PPTX
"Array and Linked List in Data Structures with Types, Operations, Implementat...
usham61
 
PDF
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
PDF
SMART SIGNAL TIMING FOR URBAN INTERSECTIONS USING REAL-TIME VEHICLE DETECTI...
Niraj Aarya
 
PDF
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 
PPT
Total quality management ppt for engineering students
juleeyadav818
 
PDF
BIO-INSPIRED ARCHITECTURE FOR PARSIMONIOUS CONVERSATIONAL INTELLIGENCE : THE ...
ijaia
 
737-MAX_SRG.pdf student reference guides
ssusere2119a1
 
Sorting and Hashing in Data Structures with Algorithms, Techniques, Implement...
usham61
 
communication and presentation skills 01
CdtAfrazAttaullah
 
null (2) bgfbg bfgb bfgb fbfg bfbgf b.pdf
Ramez Hosny
 
Feature types and data preprocessing steps
deepalishinkar1
 
Safety Seminar civil to be ensured for safe working.
DILJEETKUMAR8
 
Graph Data Structures with Types, Traversals, Connectivity, and Real-Life App...
usham61
 
Soil Improvement Techniques Note - Rabbi
rahmatideal000
 
Module 8- Technological and Communication Skills.pptx
Ramya Nellutla
 
Occupational Health and Safety Management System
Akshay Kant Mishra
 
III.4.1.2_The_Space_Environment.p pdffdf
sittiporn2
 
Management Information system : MIS-e-Business Systems.pptx
ShankarGowda22
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
Influence of Green Infrastructure on Residents’ Endorsement of the New Ecolog...
Journal of Contemporary Urban Affairs
 
"Array and Linked List in Data Structures with Types, Operations, Implementat...
usham61
 
R24 SURVEYING LAB MANUAL for civil enggi
MNANDITHACIVILSTAFF
 
SMART SIGNAL TIMING FOR URBAN INTERSECTIONS USING REAL-TIME VEHICLE DETECTI...
Niraj Aarya
 
Exploratory_Data_Analysis_Fundamentals.pdf
Ashutosh Satapathy
 
Total quality management ppt for engineering students
juleeyadav818
 
BIO-INSPIRED ARCHITECTURE FOR PARSIMONIOUS CONVERSATIONAL INTELLIGENCE : THE ...
ijaia
 
Ad

Network Security Firewalls hELPFUL TT.ppt

  • 1. Network Security Firewalls Network Security Firewalls Prepared by Prepared by : Kh Mustafizur Rahman Lecturer, Dept. Of CSE, WUB . World University of Bangladesh.
  • 2. Outline of Presentation Outline of Presentation  The Nature of Today’s Attacker The Nature of Today’s Attacker  Firewall Definition and History Firewall Definition and History  What Firewalls Do and Cannot Do What Firewalls Do and Cannot Do  Types of Firewalls Types of Firewalls  Firewall Architecture Firewall Architecture  Do You Need a Firewall Do You Need a Firewall  Selecting Firewall Selecting Firewall  Implementations Implementations  Conclusion Conclusion
  • 3. The Nature of Today’s Attackers The Nature of Today’s Attackers  Who are these “hackers” who are trying to break into your computer? Most people imagine someone at a keyboard late at night, guessing passwords to steal confidential data from a computer system. This type of attack does happen, but it makes up a very small portion of the total network attacks that occur. Today, worms and viruses initiate the vast majority of attacks. Worms and viruses generally find their targets randomly. As a result, even organizations with little or no confidential information need firewalls to protect their networks from these automated attackers.
  • 4. What Is a Firewall?  The term firewall has been around for quite some time and originally was used to define a barrier constructed to prevent the spread of fire from one part of a building or structure to another. Network firewalls provide a barrier between networks that prevents or denies unwanted or unauthorized traffic.  Definition: A Network Firewall is a system or group of systems used to control access between two networks -- a trusted network and an untrusted network -- using pre-configured rules or filters.
  • 5. What Is a Firewall?  Device that provides secure connectivity between networks (internal/external; varying levels of trust)  Used to implement and enforce a security policy for communication between networks  Firewalls can either be hardware and/or software based.
  • 6. Firewalls History Firewalls History  Firewall technology emerged in the late 1980s when the Internet was a fairly new technology in terms of its global use and connectivity. The original idea was formed in response to a number of major internet security breaches, which occurred in the late 1980s.
  • 7. Firewalls History Firewalls History  First generation - packet filters First generation - packet filters The first paper published on firewall technology was in 1988, The first paper published on firewall technology was in 1988, when Jeff Mogul from Digital Equipment Corporatin (DEC) when Jeff Mogul from Digital Equipment Corporatin (DEC) developed filter systems known as packet filter firewalls. developed filter systems known as packet filter firewalls.  Second generation - circuit level Second generation - circuit level From 1980-1990 two colleagues from AT&T Company, developed From 1980-1990 two colleagues from AT&T Company, developed the second generation of firewalls known as circuit level the second generation of firewalls known as circuit level firewalls. firewalls.  Third generation - application layer Third generation - application layer Publications by Gene Spafford of Purdue University, Bill Cheswick Publications by Gene Spafford of Purdue University, Bill Cheswick at AT&T Laboratories described a third generation firewall. also at AT&T Laboratories described a third generation firewall. also known as known as proxy based proxy based firewalls. firewalls.
  • 8. Firewalls History History  Subsequent generations In 1992, Bob Braden and Annette DeSchon at the University of Southren California (USC) were developing their own fourth generation packet filter firewall system. In 1994 an Israeli company called Check Point Software Technologies built this into readily available software known as FireWall-1. Cisco, one of the largest internet security companies in the world released their PIX ” Private Internet EXchange ” product to the public in 1997.
  • 9. What Firewalls Do What Firewalls Do  Positive Effects Positive Effects  Negative Effects Negative Effects
  • 10. What Firewalls Do What Firewalls Do ( (Positive Effects Positive Effects) ) Positive Effects Positive Effects  User authentication. Firewalls can be configured to require user authentication. This allows network administrators to control ,track specific user activity.  Auditing and logging. By configuring a firewall to log and audit activity, information may be kept and analyzed at a later date.
  • 11. What Firewalls Do What Firewalls Do ( (Positive Effects Positive Effects) )  Anti-Spoofing - Detecting when the source of the network traffic is being "spoofed", i.e., when an individual attempting to access a blocked service alters the source address in the message so that the traffic is allowed.  Network Address Translation (NAT) - Changing the network addresses of devices on any side of the firewall to hide their true addresses from devices on other sides. There are two ways NAT is performed: – One-to-One - where each true address is translated to a unique translated address. – Many-to-One - where all true addresses are translated to a single address, usually that of the firewall.
  • 12. What Firewalls Do What Firewalls Do ( (Positive Effects Positive Effects) )  Virtual Private Networks VPNs are communications sessions traversing public networks that have been made virtually private through the use of encryption technology. VPN sessions are defined by creating a firewall rule that requires encryption for any session that meets specific criteria.
  • 13. What Firewalls Do What Firewalls Do ( (Negative Effects Negative Effects) )  Negative Effects Negative Effects Although firewall solutions provide many benefits, negative Although firewall solutions provide many benefits, negative effects may also be experienced. effects may also be experienced. – Traffic bottlenecks. Traffic bottlenecks. By forcing all network traffic to pass By forcing all network traffic to pass through the firewall, there is a greater chance that the through the firewall, there is a greater chance that the network will become congested. network will become congested. – Single point of failure. Single point of failure. In most configurations where In most configurations where firewalls are the only link between networks, if they are not firewalls are the only link between networks, if they are not configured correctly or are unavailable, no traffic will be configured correctly or are unavailable, no traffic will be allowed through. allowed through.
  • 14. What Firewalls Do What Firewalls Do ( (Negative Effects Negative Effects) ) – Increased management responsibilities. Increased management responsibilities. A firewall often A firewall often adds to network management responsibilities and makes adds to network management responsibilities and makes network troubleshooting more complex. network troubleshooting more complex.
  • 15. What Firewalls Cannot Do What Firewalls Cannot Do  The most common misconception about firewalls is that they The most common misconception about firewalls is that they guarantee security for your network. guarantee security for your network.  A firewall A firewall cannot and does not cannot and does not guarantee that your network is guarantee that your network is 100% secure. 100% secure.  Firewalls cannot offer any protection against inside attacks. A Firewalls cannot offer any protection against inside attacks. A high percentage of security incidents today come from inside the high percentage of security incidents today come from inside the trusted network. trusted network.
  • 16. What Firewalls Cannot Do What Firewalls Cannot Do  In most implementations, firewalls cannot provide protection In most implementations, firewalls cannot provide protection against viruses or malicious code. Since most firewalls do not against viruses or malicious code. Since most firewalls do not inspect the payload or content of the packet, they are not aware inspect the payload or content of the packet, they are not aware of any threat that may be contained inside. of any threat that may be contained inside.  Finally, no firewall can protect against inadequate or Finally, no firewall can protect against inadequate or mismanaged policies. mismanaged policies.
  • 17. How Firewalls Work How Firewalls Work  There are two security design logic approaches network firewalls use to make access control decisions. – Everything not specifically permitted is denied. – Everything not specifically denied is permitted.  The one most often recommended is everything not specifically permitted is denied.
  • 18. How Firewalls Work How Firewalls Work  Basic TCP/IP Flow review Basic TCP/IP Flow review
  • 19. Types of Firewalls  Firewalls types can be categorized depending on: – The Function or methodology the firewall use – Whether the communication is being done between a single node and the network, or between two or more networks. – Whether the communication state is being tracked at the firewall or not.
  • 20. Types of Firewalls 1. By the Firewalls 1. By the Firewalls methodology : :  Packet Filtering Packet Filtering  Stateful Packet Inspection Stateful Packet Inspection  Application Gateways/Proxies Application Gateways/Proxies  Adaptive Proxies Adaptive Proxies  Circuit Level Gateway Circuit Level Gateway
  • 21. Packet Filtering Firewall A packet filtering firewall does exactly what its name implies -- it filters packets. As each packet passes through the firewall, it is examined and information contained in the header is compared to a pre- configured set of rules or filters. An allow or deny decision is made based on the results of the comparison. Each packet is examined individually without regard to other packets that are part of the same connection.
  • 22. Packet Filtering Firewall Trusted Network Firewall rule set Packet is Blocked or Discarded Packet Filtering Firewall Untrusted Network
  • 23. Packet Filtering Firewall  A packet filtering firewall is often called a network layer firewall because A packet filtering firewall is often called a network layer firewall because the filtering is primarily done at the network layer (layer three) or the the filtering is primarily done at the network layer (layer three) or the transport layer (layer four) of the OSI reference model. transport layer (layer four) of the OSI reference model.
  • 24. Packet Filtering Firewall You use packet filters to instruct a firewall to drop traffic that You use packet filters to instruct a firewall to drop traffic that meets certain criteria. meets certain criteria. For example, you could create a filter that would drop all ping For example, you could create a filter that would drop all ping requests. You can also configure filters with more complex requests. You can also configure filters with more complex exceptions to a rule. exceptions to a rule.
  • 25. Packet Filtering Firewall Packet filtering rules or filters can be configured to allow or deny Packet filtering rules or filters can be configured to allow or deny traffic based on one or more of the following variables: traffic based on one or more of the following variables: – Source IP address Source IP address – Destination IP address Destination IP address – Protocol type (TCP/UDP) Protocol type (TCP/UDP) – Source port Source port – Destination port Destination port
  • 26. Packet Filtering Strengths : Strengths :  Packet filtering is typically Packet filtering is typically faster than other packet screening than other packet screening methods. Because packet filtering is done at the lower levels of the methods. Because packet filtering is done at the lower levels of the OSI model, the time it takes to process a packet is much quicker. OSI model, the time it takes to process a packet is much quicker.  Packet filtering firewalls can be Packet filtering firewalls can be implemented transparently implemented transparently. They . They typically require no additional configuration for clients. typically require no additional configuration for clients.  Packet filtering firewalls are typically Packet filtering firewalls are typically less expensive less expensive. Many . Many hardware devices and software packages have packet filtering hardware devices and software packages have packet filtering features included as part of their standard package. features included as part of their standard package.
  • 27. Packet Filtering Weaknesses  Packet filtering firewalls allow a direct connection to be made between the two endpoints. Although this type of packet screening is configured to allow or deny traffic between two networks, the client/server model is never broken.  Packet filtering firewalls are fast and typically have no impact on network performance, but it's usually an all-or-nothing approach. If ports are open, they are open to all traffic passing through that port, which in effect leaves a security hole in your network.  Defining rules and filters on a packet filtering firewall can be a complex task.
  • 28. Packet Filtering (Weaknesses)  Packet filtering firewalls are prone to certain types of attacks. Since packet inspection goes no deeper than the packet header information, There are three common exploits to which packet filtering firewalls are susceptible. – These are IP spoofing sending your data and faking a source address that the firewall will trust – ICMP ”Internet Control Message Protocol” tunneling ICMP tunneling allows a hacker to insert data into a legitimate ICMP packet.
  • 29. Stateful Packet Inspection Stateful Packet Inspection  Stateful packet inspection uses the same fundamental packet Stateful packet inspection uses the same fundamental packet screening technique that packet filtering does. In addition, it screening technique that packet filtering does. In addition, it examines the packet header information from the network layer examines the packet header information from the network layer of the OSI model to the application layer to verify that the packet of the OSI model to the application layer to verify that the packet is part of a legitimate connection and the protocols are behaving is part of a legitimate connection and the protocols are behaving as expected. as expected.
  • 30. Stateful Packet Inspection Firewall Stateful Packet Inspection Firewall As packets pass through the firewall, packet header information is examined and fed into a dynamic state table where it is stored. The packets are compared to pre-configured rules or filters and allow or deny decisions are made based on the results of the comparison. The data in the state table is then used to evaluate subsequent packets to verify that they are part of the same connection.
  • 31. Stateful Packet Inspection Firewall Stateful Packet Inspection Firewall This method can make decisions based on one or more of the following:  Source IP address  Destination IP address  Protocol type (TCP/UDP)  Source port  Destination port  Connection state
  • 32. Stateful Packet Inspection Firewall Stateful Packet Inspection Firewall  The connection state is derived from information gathered in previous packets.  It is an essential factor in making the decision for new communication attempts.  Stateful packet inspection compares the packets against the rules or filters and then checks the dynamic state table to verify that the packets are part of a valid, established connection.  By having the ability to "remember" the status of a connection, this method of packet screening is better equipped to guard against attacks than standard packet filtering.
  • 33. Stateful Packet Inspection Firewall Stateful Packet Inspection Firewall Trusted Network Packet is Blocked or Discarded Untrusted Network
  • 34. Stateful Packet Inspection Stateful Packet Inspection Strengths : Strengths :  Like packet filtering firewalls, have very little impact on network Like packet filtering firewalls, have very little impact on network performance. performance.  More secure than basic packet filtering firewalls. Because stateful packet More secure than basic packet filtering firewalls. Because stateful packet inspection digs deeper into the packet header information to determine inspection digs deeper into the packet header information to determine the connection state between endpoints. the connection state between endpoints.  Usually it have some logging capabilities. Logging can help identify and Usually it have some logging capabilities. Logging can help identify and track the different types of traffic that pass though the firewall. track the different types of traffic that pass though the firewall.
  • 35. Stateful Packet Inspection Stateful Packet Inspection Weaknesses  Like packet filtering, stateful packet inspection does not break the client/server model and therefore allows a direct connection to be made between the two endpoints  Rules and filters in this packet screening method can become complex, hard to manage, prone to error and difficult to test.
  • 36. Application Gateways/Proxies Application Gateways/Proxies  The proxy plays middleman in all connection attempts.  The application gateway/proxy acts as an intermediary between the two endpoints. This packet screening method actually breaks the client/server model in that two connections are required: one from the source to the gateway/proxy and one from the gateway/proxy to the destination. Each endpoint can only communicate with the other by going through the gateway/proxy.
  • 37. Application Gateways/Proxies Application Gateways/Proxies  This type of firewall operates at the application level of the OSI model. For source and destination endpoints to be able to communicate with each other, a proxy service must be implemented for each application protocol.  The gateways/proxies are carefully designed to be reliable and secure because they are the only connection point between the two networks.
  • 39. Application Gateways/Proxies Application Gateways/Proxies Firewall Firewall  When a client issues a request from the untrusted network, a connection When a client issues a request from the untrusted network, a connection is established with the application gateway/proxy. The proxy determines is established with the application gateway/proxy. The proxy determines if the request is valid (by comparing it to any rules or filters) and then if the request is valid (by comparing it to any rules or filters) and then sends a new request on behalf of the client to the destination. By using sends a new request on behalf of the client to the destination. By using this method, a direct connection is never made from the trusted network this method, a direct connection is never made from the trusted network to the untrusted network and the request appears to have originated to the untrusted network and the request appears to have originated from the application gateway/proxy. from the application gateway/proxy. Untrusted Network Application Gateway (Proxy service) Work Station
  • 40. Application Gateways/Proxies Application Gateways/Proxies Firewall Firewall  The response is sent back to the application gateway/proxy, which The response is sent back to the application gateway/proxy, which determines if it is valid and then sends it on to the client. determines if it is valid and then sends it on to the client.  By breaking the client/server model, this type of firewall can effectively By breaking the client/server model, this type of firewall can effectively hide the trusted network from the untrusted network. hide the trusted network from the untrusted network.  It is important to note that the application gateway/proxy actually builds It is important to note that the application gateway/proxy actually builds a new request, only copying known acceptable commands before a new request, only copying known acceptable commands before sending it on to the destination. sending it on to the destination.  Unlike packet filtering and stateful packet inspection, an application Unlike packet filtering and stateful packet inspection, an application gateway/proxy can see all aspects of the application layer so it can look gateway/proxy can see all aspects of the application layer so it can look for more specific pieces of information for more specific pieces of information
  • 41. Application Gateways/Proxies Application Gateways/Proxies Strengths  Application gateways/proxies do not allow a direct connection to be made between endpoints. They actually break the client/server model.  Typically have the best content filtering capabilities. Since they have the ability to examine the payload of the packet, they are capable of making decisions based on content.  Allow the network administrator to have more control over traffic passing through the firewall. They can permit or deny specific applications or specific features of an application.
  • 42. Application Gateways/Proxies Application Gateways/Proxies Weaknesses Weaknesses  The most significant weakness is the impact they can have on The most significant weakness is the impact they can have on performance. performance. it requires more processing power and has the potential to become a it requires more processing power and has the potential to become a bottleneck for the network. bottleneck for the network.  Typically require additional client configuration. Clients on the network Typically require additional client configuration. Clients on the network may require specialized software or configuration changes to be able to may require specialized software or configuration changes to be able to connect to the application gateway/proxy. connect to the application gateway/proxy.
  • 43. Adaptive Proxies Adaptive Proxies  Known as dynamic proxies Known as dynamic proxies  Developed as an enhanced form of application gateways/proxies. Developed as an enhanced form of application gateways/proxies. Combining the merits of both application gateways/proxies and packet Combining the merits of both application gateways/proxies and packet filtering filtering
  • 44. Circuit-level Gateway Circuit-level Gateway  Unlike a packet filtering firewall, a circuit-level gateway does not examine Unlike a packet filtering firewall, a circuit-level gateway does not examine individual packets. Instead, circuit-level gateways monitor TCP or UDP individual packets. Instead, circuit-level gateways monitor TCP or UDP sessions. sessions. Once a session has been established, it leaves the port open to allow all Once a session has been established, it leaves the port open to allow all other packets belonging to that session to pass. The port is closed when other packets belonging to that session to pass. The port is closed when the session is terminated. the session is terminated. circuit-level gateways operate at the transport layer (layer 4) of the OSI circuit-level gateways operate at the transport layer (layer 4) of the OSI model. model.
  • 45. Types of Firewalls 2. 2. With regard to the scope of filtered communications the done With regard to the scope of filtered communications the done between a single node and the network, or between two or more between a single node and the network, or between two or more networks there exist : networks there exist : – Personal Firewalls, a software application which normally filters traffic entering or leaving a single computer. – Network firewalls, normally running on a dedicated network device or computer positioned on the boundary of two or more networks.
  • 46. Types of Firewalls 3. Finally, Types depending on whether the firewalls keeps track of the state of network connections or treats each packet in isolation, two additional categories of firewalls exist: – Stateful firewall – Stateless firewall
  • 47. Types of Firewalls Stateful firewall keeps track of the state of network connections (such as TCP keeps track of the state of network connections (such as TCP streams) traveling across it. streams) traveling across it. Stateful firewall is able to hold in memory significant attributes of Stateful firewall is able to hold in memory significant attributes of each connection, from start to finish. These attributes, which are each connection, from start to finish. These attributes, which are collectively known as the state of the connection, may include such collectively known as the state of the connection, may include such details as the IP addresses and ports involved in the connection and details as the IP addresses and ports involved in the connection and the sequence numbers of the packets traversing the connection. the sequence numbers of the packets traversing the connection.
  • 48. Types of Firewalls Stateless firewall Treats each network frame (Packet) in isolation. Such a firewall has no Treats each network frame (Packet) in isolation. Such a firewall has no way of knowing if any given packet is part of an existing connection, way of knowing if any given packet is part of an existing connection, is trying to establish a new connection, or is just a rogue packet. is trying to establish a new connection, or is just a rogue packet. The classic example is the File Transfer Protocol, because by design it The classic example is the File Transfer Protocol, because by design it opens new connections to random ports. opens new connections to random ports.
  • 49. Firewall Architecture  Since firewall solutions can be configured using a single system or multiple systems, the architecture used to implement the solution can be simple or complex. – Packet Filtering Router – Screened Host (Bastion Host) Screened Host (Bastion Host) – Dual-homed Gateway Dual-homed Gateway – Screened Subnet or Demilitarized Zone (DMZ) Screened Subnet or Demilitarized Zone (DMZ) – Firewall Appliance Firewall Appliance
  • 50. Packet Filtering Router Packet Filtering Router  A packet filtering router is a router configured to screen packets between A packet filtering router is a router configured to screen packets between two networks. It routes traffic between the two networks and uses packet two networks. It routes traffic between the two networks and uses packet filtering rules to permit or deny traffic. filtering rules to permit or deny traffic. Trusted Network Untrusted Network Filtering Router
  • 51. Screened Host (Bastion Host)  Router provides packet filters for some basic services  Bastion host proxies more risky services  Not suitable for exporting services
  • 53. Dual-homed Gateway Dual-homed Gateway  A dual-homed gateway firewall consists of a highly secured host system A dual-homed gateway firewall consists of a highly secured host system running proxy software It has two network interfaces, one on each side running proxy software It has two network interfaces, one on each side of the firewall . Only gateways or proxies for the services that are of the firewall . Only gateways or proxies for the services that are considered essential are installed on the system. considered essential are installed on the system.
  • 54. Screened Subnet or Demilitarized Screened Subnet or Demilitarized Zone (DMZ) Zone (DMZ)  Created between two packet filtering routers. Created between two packet filtering routers.  The exterior router is the only connection between the enterprise network and the The exterior router is the only connection between the enterprise network and the outside world outside world  The interior router does the bulk of the access control work. It filters packets The interior router does the bulk of the access control work. It filters packets  The bastion host is a secure server. It provides an interconnection point between The bastion host is a secure server. It provides an interconnection point between the enterprise network and the outside world for the restricted services the enterprise network and the outside world for the restricted services  The perimeter network connects the servers together and connects the exterior The perimeter network connects the servers together and connects the exterior router to the interior router router to the interior router
  • 55. Do you need a firewall Do you need a firewall ? ?  The decision to implement a firewall solution should not be made without The decision to implement a firewall solution should not be made without doing some research and analysis. doing some research and analysis.  What does the firewall need to control or protect? What does the firewall need to control or protect? In order to make a sound decision, first identify what functions the firewall would need to perform. Will it control access to and from the network, or will it protect services and users? – What would the firewall control?  Access into the network  Access out of the network  Access between internal networks, departments, or buildings  Access for specific groups, users or addresses  Access to specific resources or services
  • 56. Do you need a firewall Do you need a firewall ? ?  What would it need to protect? – Specific machines or networks – Specific services – Information - private or public – Users
  • 57. Do you need a firewall Do you need a firewall ? ?  What impact will a firewall have on your organization, network and users? – What resources will be required to implement and maintain a firewall solution? – Who will do the work? Are experienced technical personnel available for the job or will someone need to be hired from outside your organization? – Is hardware available that meets the requirements to support a firewall solution? – Will existing services be able to function through a firewall? – What will the financial impact be on the organization? (Financial impact should include initial implementation costs, ongoing maintenance and upgrades, hardware and software costs, and technical support costs, whether the support is provided in-house or from an outside source.)
  • 58. Selecting Firewall Solution Selecting Firewall Solution In order to pick the best architecture and packet screening method In order to pick the best architecture and packet screening method for a firewall solution, the following questions should for a firewall solution, the following questions should be considered: be considered:  What does the firewall need to do? What does the firewall need to do?  What additional services would be desirable? What additional services would be desirable?  How will it fit in the existing network? How will it fit in the existing network?  How will it effect existing services and users? How will it effect existing services and users?
  • 59. Security Policy Security Policy The success of any firewall solution's implementation is directly related to The success of any firewall solution's implementation is directly related to the existence of a well-thought-out and consistently-implemented the existence of a well-thought-out and consistently-implemented security policy. security policy. Some of the topics a security policy may address are: Some of the topics a security policy may address are:  Administrative Issues Administrative Issues – User access - Which users will be allowed access to and from the network? User access - Which users will be allowed access to and from the network? – Access to services - Which services will be allowed in and out of the network? Access to services - Which services will be allowed in and out of the network? – Access to resources - Which resources will be available to users? Access to resources - Which resources will be available to users? – User authentication - Will the organization require user authentication? User authentication - Will the organization require user authentication? – Logging and auditing - Will the organization want to keep log and audit files. Logging and auditing - Will the organization want to keep log and audit files. – Policy violation consequences - What will be the consequences of policy Policy violation consequences - What will be the consequences of policy violation? violation? – Responsibilities - Who will oversee and administer the security policy? Who has Responsibilities - Who will oversee and administer the security policy? Who has final authority on decisions? final authority on decisions?
  • 60. Security Policy Security Policy  Technical Issues Technical Issues – Remote access - Will the organization allow remote access to the network? Remote access - Will the organization allow remote access to the network? – Physical security - How will physical security of machines, one of the most Physical security - How will physical security of machines, one of the most obvious security elements that is often overlooked, be achieve? obvious security elements that is often overlooked, be achieve? – Virus protection - How will the organization handle virus protection? Virus protection - How will the organization handle virus protection?
  • 61. Implementations Implementations  Software Software – Devil-Linux Devil-Linux – Dotdefender Dotdefender – ipfirewall ipfirewall – PF PF – Symantec Symantec … …  Hardware – Cisco PIX – DataPower – SofaWare Technologies
  • 62. Conclusion Conclusion  Don’t make the mistake of thinking that no one will attack your network, Don’t make the mistake of thinking that no one will attack your network, because with the rise in automated attack tools, your network is as much because with the rise in automated attack tools, your network is as much at risk as every other network on the Internet. at risk as every other network on the Internet.  The need for firewalls has led to their ubiquity. Nearly every organization The need for firewalls has led to their ubiquity. Nearly every organization connected to the Internet has installed some sort of firewall. connected to the Internet has installed some sort of firewall.  When choosing and implementing a firewall solution, make a decision When choosing and implementing a firewall solution, make a decision based on the organization's needs, security policy, technical analysis, and based on the organization's needs, security policy, technical analysis, and financial resources. Solutions available today utilize different types of financial resources. Solutions available today utilize different types of equipment, network configurations, and software. equipment, network configurations, and software.
  • 63. Q & A Q & A Questions ? Questions ?

Editor's Notes

  • #5: This Figure is three tier firewall  The terms "two-tier" and "three-tier" firewalls do not have a hard-and-fast definition. They are applied to two different ideas. First off (and in the most widely used terminology), the tiers refer to the number of interfaces the firewall has. A two-tier firewall would have two interfaces: the inside (protected) network and the outside (big, bad, scary) network. A three-tier firewall would have inside and outside as well, but also includes a side interface for a protected Demilitarized Zone (DMZ). On your DMZ, you can put servers that need to be publicly accessible (such as Web servers, mail servers and DNS servers), but also need to be protected. DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data. A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well.
  • #25: ISA Server 2006 is the integrated edge security gateway that helps protect your IT environment from Internet-based threats while providing your users with fast and secure remote access to applications and data. Learn more about deploying ISA Server 2006 for Secure Application Publishing, as your Branch Office Gateway, and for Web Access Protection.
  • #29: The Internet Control Message Protocol (ICMP) provides background support for the IP protocol.