Firewall Slides by John Rouda

Slides:



Advertisements
Similar presentations
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Advertisements

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 7 Working with Proxy Servers & Application-Level Firewalls By Whitman, Mattord,
Lecture 14 Firewalls modified from slides of Lawrie Brown.
Working with Proxy Servers and Application-Level Firewalls Chapter 5.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Guide to Network Defense and Countermeasures Second Edition
Firewall Configuration Strategies
Security Presented by : Qing Ma. Introduction Security overview security threats password security, encryption and network security as specific.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewall Planning and Design Chapter 1. Learning Objectives Understand the misconceptions about firewalls Realize that a firewall is dependent on an effective.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Firewalls As Presented by Brian Dunn. Definition General Protects computer(s) from unauthorized access Types Hardware devices Software programs.
Firewall Planning and Design
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 7: Working with Proxy Servers & Application-Level Firewalls
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Guide to Network Defense and Countermeasures Third Edition
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Chapter 5: Firewall Planning and Design
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 20 Firewalls.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
Intranet, Extranet, Firewall. Intranet and Extranet.
Firewalls Paper By: Vandana Bhardwaj. What this paper covers? Why you need a firewall? What is firewall? How does a network firewall interact with OSI.
Chapter 6: Packet Filtering
Chapter 13 – Network Security
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Guide to Firewalls and VPNs, 3rd Edition
Firewalls & VPNs Principles of Information Security Chapter 6 Part 1.
P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 5 Firewall Planning and Design By Whitman, Mattord, & Austin© 2008 Course Technology.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Guide to Firewalls and VPNs, 3 rd Edition Chapter Four Introduction to Firewalls.
Firewall – Survey Purpose of a Firewall – To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall – All traffic must go through.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
CSCE 201 Windows XP Firewalls Fall Reading Windows XP help and Support: search on “Firewall” Tony Bradley, CISSP-ISSAP, Windows XP SP2 Firewall,
1.1 1 Purpose of firewall : –Control access to or from a protected network; –Implements network access policy connections pass through firewall and are.
Karlstad University Firewall Ge Zhang. Karlstad University A typical network topology Threats example –Back door –Port scanning –…–…
Security fundamentals Topic 10 Securing the network perimeter.
Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.
Firewall – Survey  Purpose of a Firewall  To allow ‘proper’ traffic and discard all other traffic  Characteristic of a firewall  All traffic must go.
CPT 123 Internet Skills Class Notes Internet Security Session B.
SYSTEM ADMINISTRATION Chapter 10 Public vs. Private Networks.
Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.
FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.
Security fundamentals
CONNECTING TO THE INTERNET
Computer Data Security & Privacy
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
PROJECT PRESENTATION ON INTERNET FIREWALLS PRESENTED BY THE GUARDS
Introduction to Networking
Firewalls.
Firewalls Purpose of a Firewall Characteristic of a firewall
Firewalls Routers, Switches, Hubs VPNs
Presentation transcript:

Firewall Slides by John Rouda

What Is a Firewall? Hardware or software that monitors transmission of packets of digital information that attempt to pass the perimeter of a network Performs two basics security functions Packet filtering Application proxy gateways

Firewalls Provide Security Features Log unauthorized accesses into/out of a network Provide a VPN link to another network Authenticate users Shield hosts inside the network from hackers Cache data Filter content that is considered inappropriate or dangerous

Firewalls Provide Protection for Individual Users Keep viruses from infecting files Prevent Trojan horses from entering the system through back doors

Firewalls Provide Perimeter Security for Networks

A Network with a Bastion Host and Service Network (DMZ)

Firewalls Confront Threats and Perform Security Tasks Restrict access from outside network by using packet filtering continued

Firewalls Confront Threats and Perform Security Tasks Restrict unauthorized access from inside network (eg, social engineering) Give clients limited access to external hosts by acting as a proxy server continued

Firewalls Confront Threats and Perform Security Tasks Protect critical resources against attacks (eg, worms, viruses, Trojan horses, and DDoS attacks) Protect against hacking, which can affect: Loss of data Loss of time Staff resources Confidentiality continued

Firewalls Confront Threats and Perform Security Tasks Provide centralization Enable documentation to: Identify weak points in the security system so they can be strengthened Identify intruders so they can be apprehended Provide for authentication Contribute to a VPN

Types of Firewall Protection Multilayer firewall protection Packet filtering Stateful Stateless NAT Application proxy gateways

Multilayer Firewall Protection

Packet Filtering Key function of any firewall Packets contain two kinds of information: Header Data Packet filters Effective element in any perimeter security setup Do not take up bandwidth Use packet headers to decide whether to block the packet or allow it to pass

Stateless Packet Filtering Firewall inspects packet headers without paying attention to the state of connection between server and client computer Packet is blocked based on information in the header Also called stateless inspection

Stateful Packet Filtering Keeps memory of the state of connection between client and server in disk cache Stateful firewalls maintain tables containing information on each active connection, including the IP addresses, ports, and sequence numbers of packets. Using these tables, stateful firewalls can allow only inbound TCP packets that are in response to a connection initiated from within the internal network. Also called stateful inspection

Packet Filtering Rules Any packet that enters/leaves your network must have a source/destination address that falls within the range of addresses in your network Include the use of: Internet Control Message Protocol (ICMP) User Datagram Program (UDP) TCP filtering IP filtering

Using Multiple Packet Filters in a DMZ Fig 1-8

NAT Hides TCP/IP information of hosts in the network being protected Prevents hackers from getting address of actual host Functions as a network-level proxy; converts IP addresses of internal hosts to IP address of the firewall

NAT

Application Layer Gateways Control how applications inside the network access the outside world by setting up proxy services Act as a substitute for the client; shield individual users from directly connecting with the Internet Provide a valuable security benefit Understand contents of requested data Can be configured to allow or deny specific content Also called a proxy server

Application-Level Security Techniques Load balancing IP address mapping Content filtering URL filtering

Limitations of Firewalls Should be part of an overall security plan, not the only form of protection for a network Should be used in conjunction with other forms of protection (eg, ID cards, passwords, employee rules of conduct)

Evaluating Firewall Packages They all do the core functions: Filtering Proxying Logging Some add caching and address translation Price should not rule your decision

Firewall Hardware Routers Many come equipped with packet-filtering capabilities; others come with full-fledged firewalls Appliances (ie, firewall products) Perform same basic tasks (packet filtering, application-level gateways, and logging)

Advantages of Firewall Hardware over Software-Only Products Self-contained Not affected by OS problems of a network host (eg, bugs or slow speed) Installation is generally easy if firewall software needs to be patched or updated

Software-Only Packages Free firewall tools on the Internet Most also run on a free operating system Personal/small business firewalls Located between Ethernet adapter driver of machine on which they are installed and the TCP/IP stack, where they inspect traffic between the driver and the stack Considered lightweight protection Enterprise firewall systems Full-featured, full-powered packages

Free Firewall Tools on the Internet Advantages Convenient, simple, and inexpensive Drawbacks Logging capabilities not as robust as commercial products Can be difficult to configure Usually no way to monitor firewall in real-time Examples Pretty Good Privacy (PGP) Netfilter

Personal/Small Business Firewalls Advantages Some let you establish rules as needed Drawbacks Most guard only against IP threats Some don’t do outbound connection blocking Some are inconvenient to configure Examples Norton Internet Security ZoneAlarm BlackICE Defender Symantec Personal Firewall

Examples of Enterprise Firewall Systems Check Point FireWall-1 Cisco PIX Microsoft Internet Security & Acceleration Server NAI Gauntlet

Choosing the Right Firewall Solution Packet Filters Application- Proxy Gateways Stateful Inspection Firewall Comparison PROSCONS Application Independent High Performance Scalable Good Security Fully Aware of Application Layer Good Security High Performance Scalable Fully Aware of Application Layer Extensible Low Security No Protection Above Network Layer Poor Performance Limited Application Support Poor Scalability More Expensive