Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIREWALL By Abhishar Baloni I.D. 28423.

Published byAnton Buchholz Modified over 6 years ago

Similar presentations

Presentation on theme: "FIREWALL By Abhishar Baloni I.D. 28423."— Presentation transcript:

1 FIREWALL By Abhishar Baloni I.D

2 WHAT IS A FIREWALL A firewall is a system or group of systems that enforces an access control policy between two networks. The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic.

3 FIREWALL

4 WHAT FIREWALL DOES A firewall is simply a program or hardware device that filters the information coming through the Internet connection into your private network or computer system. If an incoming packet of information is flagged by the filters, it is not allowed through. A Firewall disrupts free communication between trusted and un-trusted networks, attempting to manage the information flow and restrict dangerous free access. There are numerous mechanisms employed to do this, each one being somewhere between completely preventing packets flowing, which would be equivalent to completely disconnected networks, and allowing free exchange of data, which would be equivalent to having no Firewall.

5 HOW DOES A FIREWALL PROTECT
A Firewall normally includes mechanisms for protection at the Network Layer Transport Layer Application Layer Encryption

6 FIREWALL DESIGN ISSUES
Define goals: What services do you want? How much can it cost? Provide a business justification for services. Who/what are you trying to protect, from whom / against what (threats)? What known weaknesses need to be addressed? What risks (likelihood and consequences or impact) do the above threats entail? Develop a strategy to counter the unacceptable threats: policy, organisation, processes and specific technical mechanisms.

7 TYPES OF FIREWALLS There are a number of different kinds of technique which may be employed by a Firewall in order to correctly identify a conversation and act on it. The techniques used by a particular Firewall have an impact on the accuracy with which it can identify traffic, the level of sophistication of the checks it can implement, its complexity and therefore its cost

8 PACKET FILTER Packets (small chunks of data) are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are discarded. A Firewall implementing a packet filter looks at one packet at a time, and considers it in isolation in order to make a forwarding decision. Because of the way that a packet filtering Firewall works, it can implement a restricted range of filtering decisions.

9 APPLICATION PROXIES Information from the Internet is retrieved by the firewall which acts as a proxy server and then sent to the requesting system and vice versa. Firewall forms a connection to the internal server, only passing on application protocol elements that pass it's strict checks of correctness.

10 STATEFUL INSPECTION A newer method that doesn't examine the contents of each packet but instead compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it is discarded.

11 HOLES AND INCOMING TRAFFIC
Holes are the unsecured pieces of code in our system or application programs. The attacker uses these holes to get into our system or network. An example of the kind of hole which is typically opened up in a Firewall is that necessary for mail delivery.

12 On the Internet, a protocol called SMTP is used to deliver between mail servers. This works in effect by the mail sender's machine connecting to the mail recipient's server and pushing the . In order to accept mail from the Internet onto a local mail server it is usual to open up a hole which allows any server to connect to the local mail server. Unfortunately what this does is open up the internal mail server to any attack that is possible against the software installed on it, and if this is at all complex, there will be lots of potential attacks.

13 NO HOLES: THE DEMILITARISED ZONE (DMZ)
DMZ refers to a part of the network that is neither part of the internal network nor directly part of the Internet. Typically, this is the area between your Internet access router and your bastion host, though it can be between any two policy-enforcing components of your architecture.

14 MAKING THE FIREWALL FIT
Firewalls are customizable. This means that you can add or remove filters based on several conditions. Some of these are : IP addresses Domain names Protocols Ports Specific words and phrases

15 WHAT FIREWALL PROTECTS US FROM
Remote login Application backdoors SMTP session hijacking Operating system bugs Denial of service bombs Macros Spam

16 FIREWALL ARCHITECTURE
There are many possible ways to set up a Firewall. The choice of Firewall depends on cost, performance, availability needs and the sensitivity of the information being protected by the firewall. Highly secure, high performance, high availability systems are not cheap.

17 BASIC FILTER ARCHITECTURE (SCREENING ROUTER)
The cheapest (and least secure) setup involves using a router (which can filter inbound and outbound packets on each interface) to screen access to one (or more) internal servers. A router is normally needed anyway to connect to the Internet, so the filter is for free. This server is the starting point for all outside connections. Internal clients who wish to access the outside do so via this screened server.

18 BASIC FILTER ARCHITECTURE

19 DUAL HOMED FIREWALL ARCHITECTURE
In this classical firewall architecture, a host is setup with two network interfaces, one connected to the outside, one to the inside. Packet forwarding is disabled on the gateway, information is passed at the application level. The gateway can be reached from both sides, but traffic cannot directly flow across it. Normally, a router is also needed for Internet connection.

20 DUAL HOMED FIREWALL ARCHITECTURE

21 SCREENED HOST ARCHITECTURE

22 SCREENED SUBNET (OR DMZ) ARCHITECTURE
This architecture is an extension of the screened host architecture. The classical firewall setup is a packet filter between the outside and a "semi-secure" or De-Militarized Zone (DMZ) subnet where the proxies lie (this allows the outside only restricted access services in the DMZ Zone). The DMZ is further separated from the internal network by another packet filter which only allows connections to/from the proxies.

23 SCREENED SUBNET (OR DMZ) ARCHITECTURE

24 INVISIBLE FILTER ARCHITECTURE

25 ENCRYPTING FIREWALLS / TUNNELS

26 CONCLUSION The level of security you establish will determine how many of threats can be stopped by your firewall. The highest level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, and then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall so that only certain types of information, such as , can get through. This is a good rule for businesses that have an experienced network administrator that understands what the needs are and knows exactly what traffic to allow through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.

Download ppt "FIREWALL By Abhishar Baloni I.D. 28423."

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Firewall Lalitha Jammalamadaka. Agenda 1. Introduction 2.Types of firewalls 3.How a software firewall works 4.Methods to control traffic 5.Making the.

Firewall Lalitha Jammalamadaka. Agenda 1. Introduction 2.Types of firewalls 3.How a software firewall works 4.Methods to control traffic 5.Making the.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.

Why do we need Firewalls? Internet connectivity is a must for most people and organizations  especially for me But a convenient Internet connectivity.
NW Security and Firewalls Network Security

NW Security and Firewalls Network Security
Intranet, Extranet, Firewall. Intranet and Extranet.

Intranet, Extranet, Firewall. Intranet and Extranet.
Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security Essentials Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google