Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.

Published byBarry Lynch Modified over 8 years ago

Similar presentations

Presentation on theme: "1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture."— Presentation transcript:

1 1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture

2 2 CNLab/University of Ulsan Types of Firewalls  Packet Filtering firewall  Operate on transport and network layers of the TCP/IP stack

3 3 CNLab/University of Ulsan Types of Firewalls  Application Gateways/Proxies  Operate on the application protocol level

4 4 CNLab/University of Ulsan Packet Filtering Firewalls  Operate on transport and network layers of the TCP/IP stack  Decides what to do based on the transport and network layer information:  Transport protocol (TCP,UDP,ICMP)  Source and destination IP address  The source and destination ports  Flags: (e.g.) SYN, FIN, etc.  ICMP message type/code  Various TCP options such as packet size, fragmentation etc.

5 5 CNLab/University of Ulsan Packet Filtering Firewall: Terminology  Stateless Firewall: do not maintain state info on a packet stream; the firewall makes a decision on a packet by packet basis.  Stateful Firewall : The firewall keeps state information about transactions (connections).  NAT - Network Address Translation  Translates public IP address(es) to private IP address(es) on a private LAN.

6 6 CNLab/University of Ulsan Packet Filtering Firewall: Functions  Forward the packet(s) on to the intended destination.  Reject the packet(s) and notify the sender (ICMP dest unreach/admin prohibited).  Drop the packet(s) without notifying the sender.  Log accepted and/or denied packet information.  NAT - Network Address Translation

7 7 CNLab/University of Ulsan Packet Filtering Firewall: Disadvantages  Filters can be difficult to configure. It’s not always easy to anticipate traffic patterns and create filtering rules to fit.  Filter rules are sometimes difficult to test.  Packet filtering can degrade router performance.  Attackers can “tunnel” malicious traffic through allowed ports on the filter.

8 8 CNLab/University of Ulsan Application Gateway (Proxy Server)  Operate at the application protocol level. (Telnet, FTP, HTTP)  Application gateways understand the protocol and can be configured to allow or deny specific protocol operations  Typically, proxy servers sit between the client and actual service. Both the client and server talk to the proxy rather than directly with each other. Client Web Proxy Web Server

9 9 CNLab/University of Ulsan Application Gateway : Disadvantages  Requires modification to client software application  Some client software applications don’t accommodate the use of a proxy  Some protocols aren’t supported by proxy servers  Some proxy servers may be difficult to configure and may not provide all the protection you need.

10 10 CNLab/University of Ulsan Firewall Hardware/Software  Dedicated hardware/software application such as Cisco PIX Firewall which filters traffic passing through the multiple network interfaces.  A Unix or Windows based host with multiple network interfaces, running a firewall software package which filters incoming and outgoing traffic across the interfaces.  A Unix or Windows based host with a single network interface, running a firewall software package which filters the incoming and outgoing traffic to the individual interface.

11 11 CNLab/University of Ulsan Popular Free Packet Filtering Firewall Software for Unix  IPchains - Linux 2.2.x kernels  http://www.linuxfaq.com/LDP/HOWTO/IPCHAINS- HOWTO.html http://www.linuxfaq.com/LDP/HOWTO/IPCHAINS- HOWTO.html  IPTables (NetFilter) - Linux 2.4.x kernels  First stateful firewall package for Linux  http://netfilter.kernelnotes.org http://netfilter.kernelnotes.org  IPFilter - For Solaris, HP-UX, IRIX, *BSD  http://coombs.anu.edu.au/ipfilter/ http://coombs.anu.edu.au/ipfilter/

12 12 CNLab/University of Ulsan Popular Free Application Layer (Proxy) Firewalls.  TIS FWTK - Firewall Toolkit  http://www.tis.com/ http://www.tis.com/  SOCKS - Proxy Server  http://www.socks.nec.com http://www.socks.nec.com  Squid - HTTP, SSL, FTP proxy cache  HomeWorks #3 : netfilter, SOCKS Proxy 에 대한 조사

13 13 CNLab/University of Ulsan Firewall Architecture  Firewall using a screening router

14 14 CNLab/University of Ulsan Firewall Architecture  Dual-homed host architecture

15 15 CNLab/University of Ulsan Firewall Architecture  Screened host architecture

16 16 CNLab/University of Ulsan Firewall Architecture  Screened subnet architecture DMZ

17 17 CNLab/University of Ulsan Firewall Architecture  Firewall using a combined bastion host and exterior router

18 18 CNLab/University of Ulsan Firewall Architecture  Firewall using a combined bastion host and interior router

19 19 CNLab/University of Ulsan Firewall Architecture  Firewalls with multiple internal networks (backbone network)

Download ppt "1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture."

Similar presentations

IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Firewall Ercan Sancar & Caner Sahin. Index History of Firewall Why Do You Need A Firewall Working Principle Of Firewalls Can a Firewall Really Protect.

Firewall Ercan Sancar & Caner Sahin. Index History of Firewall Why Do You Need A Firewall Working Principle Of Firewalls Can a Firewall Really Protect.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.

Electronic Commerce 2. Definition Ecommerce is the process of buying and selling products and services via distributed electronic media, usually the World.
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.

1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
K. Salah1 Firewalls. 2 Firewalls Trusted hosts and networks Firewall Router Intranet DMZ Demilitarized Zone: publicly accessible servers and networks.

K. Salah1 Firewalls. 2 Firewalls Trusted hosts and networks Firewall Router Intranet DMZ Demilitarized Zone: publicly accessible servers and networks.
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.

Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Similar presentations

Ads by Google