Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Networking

Published byEmory Chambers Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Networking"— Presentation transcript:

1 Introduction to Networking
Firewalls Part One

2 Types of Firewalls - scope
A firewall is a software or a hardware based network security system that allows or denies network traffic based on a set of rules Firewalls can be implemented at a host level, protecting one single computer, or at a network level protecting an entire segment or network from attack Firewalls protecting a network will typically sit on the boundary between your private network and the public network to disallow hosts from the public network access to your private network However, we may implement a firewall on a part of our private network in order to prevent access from one part of my private network to another. For example, if we have one part of our private network with sensitive information (accounting for example) then we may want a firewall protecting that segment to isolate it from the rest of our network

3 Types of Firewall - Implementation
The other way we can categorize firewalls are by how we create them Firewalls can be implemented as either a software solution (as a program running on a host) or as a hardware solution (as a separate device connected to your network) that all traffic passes through As a general rule, hardware firewalls will protect network segments and entire networks and software firewalls will protect a single host

4 ACL In order to protect and isolate our network we would need to define a set of rules on the firewall to specify that only very specific types of traffic will be allowed through. All other traffic will be blocked by the firewall rules We call these filtering rules Access Control Lists (ACLs) The firewall scans incoming and outgoing network traffic and it compares that traffic to the rules that you've defined. Then it decides whether the traffic should be allowed or whether it needs to be rejected The level at which a firewall scans network traffic depends upon the type of firewall being used. There are several different types of firewalls that you need to be familiar with - packet filtering firewalls, circuit level gateways, and application layer firewalls

5 Packet Filtering Firewall
A packet filtering firewall examines the information within each packet header It operates at OSI layer three (network) When a frame enters the firewall, it’s framing information is removed to expose the IP packet information within This includes the data, the destination IP address, the source IP address, as well as the source port and destination port You can define ACLs based on any information within the IP packet Also, be aware that many routers actually provide a Packet Filtering Network. They're basically a router and a firewall all in one providing both functions This is a popular solution since it offers high performance, is easy to implement and maintain, is fairly inexpensive, and has a minimal impact on system performance

6 ACL Definitions When we define ACL rules, we define whether to allow or deny traffic based on any information in the packet (source/destination IP, source/destination port) the network interface the packet was received on The direction of the packet (Whether the message is outgoing or incoming) For example, the firewall could be configured to allow all packets from a specific source IP address. Alternatively, you block all inbound traffic that's destined for port 22 You can also define very complex ACLs with many different rules that a packet has to be evaluated against. For example you could only allow packets from a specific source IP address going to a specific port, and then block all outgoing packets to that IP

7 Implicit Deny Because of their ability to filter based on port number, a best practice with a packet filtering firewall is to actually block all ports and then open only the ports that are necessary for network functionality In fact with most firewalls all traffic is denied by default. This is called implicit deny Implicit deny is a security technique that blocks everything unless it is explicitly allowed. For example all IP addresses and port numbers are blocked except for those that are allowed in the ACL. This makes your job as the network administrator a lot easier, because chances are you're going to want to block a lot more types of traffic than you're going to want to allow

8 Circuit Level Gateways
A circuit-level gateway makes decisions about which traffic to allow based on session IDs. It operates at OSI Layer 5 (Session) The gateway will keep a table of known connections and sessions. Only packets directed to known sessions are accepted Verifies that packets are properly sequenced, and ensures that the TCP three-way handshake process occurs only when appropriate Does not filter packets. Instead, it allows or denies sessions A circuit-level proxy can filter traffic that uses dynamic ports, because the firewall matches the session information for filtering and not the port numbers

9 TCP Three-Way Handshake
In order to establish a TCP session, a client computer first sends a request for a session with a very special packet called a SYN (synchronization) packet The server responds back with an ACK (acknowledgment), letting the client computer know there is an open session and sending the session data The client computer finishes the handshake with a SYN ACK to acknowledge that it received the session information and to start using it The circuit level gateway monitors this three-way handshake process in order to identify an active session. If it finds a session ID that is not active, has been closed or was never created in the first place, then that packet will be dropped and not forwarded This is very useful because it protects your network against network attack such a SYN flood attack, which attempts to manipulate that TCP three-way handshake in order to instigate a denial of service attack

10 Application Layer Firewall
An application-level gateway is capable of filtering based on information contained within the data portion of a packet Operates at OSI Layer 7 (Application layer) Insteads of looking at packets or frames individually, the message is reconstructed and evaluated This allows the firewall to filter based on user, group, and data For example the firewall could filter out website based on content. This could be as simple as blocking a specific URL or it could use a list of predefined terms or words to specify what is blocked

11 Application Level Blocking
Since the application layer firewall can examine the actual content instead of the IP address, session ID or port number, we can create very powerful content control rules For example, if we are the administrators for a company, we could block Facebook for most of the company and only allow it for the “Sales” group to allow them to network. We could also block any website that mentions games or gaming to prevent people from wasting company time Since this is based on content, this is also useful for blocking games or other applications that may have been reconfigured in order to use traditional ports in order to make connections. For example, a packet filtering firewall would allow the packets for an online gaming application that is reconfigured to use port 80 (The port for websites), but an application firewall will catch it

Download ppt "Introduction to Networking"

Similar presentations

Access Control List (ACL)

Access Control List (ACL)
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.

Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
By: Colby Shifflett Dr. Grossman Computer Science 420 12/01/2009.

By: Colby Shifflett Dr. Grossman Computer Science /01/2009.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Firewalls. What are firewalls? a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization.

Firewalls. What are firewalls? a hardware device and/or software program which sits between the Internet and the intranet, internet, of an organization.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
FIREWALL Mạng máy tính nâng cao-V1.

FIREWALL Mạng máy tính nâng cao-V1.
Sales Kickoff - ARCserve

Sales Kickoff - ARCserve
Chapter 6: Packet Filtering

Chapter 6: Packet Filtering
By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.

By : Himanshu Mishra Nimish Agarwal CPSC 624.  A system designed to prevent unauthorized access to or from a private network.  It must have at least.
Chapter 13 – Network Security

Chapter 13 – Network Security

Similar presentations

Ads by Google