Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fundamentals of Firewalls

Published byGyőző Kiss Modified over 5 years ago

Similar presentations

Presentation on theme: "Fundamentals of Firewalls"— Presentation transcript:

1 Fundamentals of Firewalls
Based on slides accompanying the book Network Defense and Countermeasures by Chuck Easttom (2018)

2 Objectives Explain how firewalls work Evaluate firewall solutions
Differentiate between packet filtering and stateful packet filtering Differentiate between application gateway and circuit gateway

3 What Is a Firewall? A barrier between the world and your network
Provided via: Packet filtering Stateful packet filtering User authentication Client application authentication Refer to Figure 3.1 for basic operations of firewalls.

4 Types of Firewalls Network-level Application-level Packet filter
Stateful packet filter Circuit level gateway Application-level Application gateway The following slides discuss each of these types of firewalls.

5 Packet Filtering Firewall
Very basic type of firewall Also referred to as “screening host” firewalls Works by examining a packet’s Source address Destination address Source port Destination port Protocol type Explain that many operating systems like Windows and Linux come with built-in packet filtering software.

6 Packet Filter Firewall
Doesn’t pay attention to if the packet is a part of existing stream or traffic. Doesn’t maintain the states about packets. Also called Stateless Firewall. Controls traffic based on the information in packet headers, without looking into the payload that contains application data. Source: Computer Security: A hands-on approach, by Wenliang Du (2017)

7

8 Common Packet Filtering Products
Firestarter – free Linux firewall Avast Internet Security - Windows only Zone Alarm Firewall Comodo Firewall

9 Packet Filtering Firewall Disadvantages
‘Stateless’ (aka. Static packet filtering) Does not compare packets No authentication Susceptible to SYN and Ping flood attacks Does not track packets Does not look at the packet data, just the header Not necessarily the most secure firewall You might include personal experiences working with this type of firewall, if you have any.

10 Packet Filtering Firewall Rules
Rules should cover: What types of protocols to allow FTP SMTP POP3 What source ports to allow What destination ports to allow What source IP addresses to allow Mention that these protocols are only examples; there are many others that can be included. Also mention that you can block specific source IP addresses.

11 Stateful Packet Inspection
Aka. Dynamic packet filter Being aware of the context of packets makes them less susceptible to flood attacks Knows if packet is part of a larger stream Recognizes whether source IP is within the firewall Can look at the contents of the packet When possible, the recommended firewall solution (over the stateless packet filtering)

12 Stateful Firewall Tracks the state of traffic by monitoring all the connection interactions until is closed. Connection state table is maintained to understand the context of packets. Example : Connections are only allowed through the ports that hold open connections. Source: Computer Security: A hands-on approach, by Wenliang Du (2017)

13 Stateful / Dynamic Packet Filtering
A dynamic packet filter maintains state information about past IP packets to make more intelligent decisions about the legitimacy of present and future IP packets State information are stored in an internal database Subsequent packets belonging to the same association can pass quickly through the stateful inspection device

14 Application Gateway A program that runs on a firewall
aka application proxy or application-level proxy Examines the connection between the client and the server applications Q: stateless or stateful? Enables administrators to specify what applications are allowed Client app authenticated first, followed by user authentication Computers behind the firewall are protected. Provide examples of applications that can be allowed, web browsers, ftp, and so on.

15 FIGURE 3-2 Application gateway vs. circuit level gateway

16 Application Gateway Disadvantages
Each app/protocol requires its own AG Requires more system resources Susceptible to flooding attacks (SYN and Ping) Due to time it takes to authenticate user When connection is made, packets are not checked, allowing a hacker to use an established connection to cause flooding --》mitigation? User authentication? Product examples Teros provides an AG for web servers The Firebox from Watchguard Technologies Explain that after the connection is made, hackers can use that connection to initiate a flood attack. Authentication reduces the likelihood of this happening; most legitimate connections are not going to instigate an attack on their own network. Refer students to the web sites:

17 Circuit Level Gateway More secure than application gateways Authenticates the user first, before any further communication can take place c.f., Application Gateway: client app is authenticated first, followed by user authentication NOTE: The above notion is not shared by other sources. For example: Q: Who performs the authentication? Virtual circuit is used to pass bytes between client and proxy server

18 Application vs. Circuit Level Gateway

19 Virtual circuits VC: Transportation of data over a packet switched network to simulate a dedicated physical layer link between the two ends - aka. virtual connection or virtual channel (

20 Virtual circuits vs Datagram networks
VC Connection-oriented Reserved resources (cpu, memory buffers, network bandwidth) A reserved path per circuit Once the circuit is established, following packets are transmitted in order over that same circuit do not need to be routed again QoS highly reliable Packets do not need reordering at the receiving end Datagrams TCP Connection-oriented protocol built on top of a connectionless protocol (e.g., IP) No reserved resources No reserved path Not as reliable as VC But less costly

21 Virtual circuits vs Datagram networks
Datagrams TCP Connection-oriented protocol built on top of a connectionless protocol (e.g., IP) No reserved resources as in VC No reserved path Not as reliable as VC But less costly UDP Connection-less protocol No overhead for opening a connection, maintaining a connection, and terminating a connection - efficient for broadcast and multicast type of network transmission

22 Circuit Level Gateway Typically implemented on high-end equipment (NOTE: This may not be true!) External users see only the proxy IP and not the internal client IP address External systems do not see internal systems NOTE: This is also true in Application Level Gateways. May not work for some implementations (e.g., e-commerce) Q: Which layer is the circuit level gateway? Explain that e-commerce implementations may not work in this environment due to the need for public access to the site.

23 Circuit-level Gateways/Firewalls
A proxy server for TCP or UDP (at the transport layer) Goal: To allow a TCP/IP application to traverse (i.e., securely use) a firewall Is Located and running on a firewall Relays TCP connections: - They intercept TCP connection being made to a host behind them and complete the handshake on behalf of that host. - As soon as the connection is made, only data packets belonging to the connection are allowed to go through. It does not interfere with the data stream.  Making it different from an application-level gateway Example: SOCKS (RFC1928 SOCKS Protocol Version 5. By M. Leech, M. Ganis, Y. Lee, R. Kuris, D. Koblas, L. Jones. March 1996)

24 SOCKS The implementation of the SOCKS protocol typically involves the recompilation or relinking of TCP-based client applications to use the appropriate encapsulation routines in the SOCKS library.  ‘socksified’ clients Procedure for TCP-based clients When a TCP-based client wishes to establish a connection to an object that is reachable only via a firewall, it must open a TCP connection to the appropriate SOCKS port on the SOCKS server system. The SOCKS service is conventionally located on TCP port 1080. If the connection request succeeds, the client enters a negotiation for the authentication method to be used, authenticates with the chosen method, then sends a relay request. The SOCKS server evaluates the request, and either establishes the appropriate connection or denies it.

25

26 Application-level Gateways
A proxy server that allows a specific application protocol to traverse a firewall. A sample scenario: The packet filter of a firewall blocks all inbound Telent and FTP sessions, unless the sessions are terminated by a bastion host. Multiple application gateways may be running on the bastion host  a proxy server for FTP, a proxy server for Telent, … A user who wishes to connect inbound to an intranet server must have his Telnet or FTP client connect to the application gateway.

27

28 Application-level Gateways
To properly authenticate the user, an application gateway must have access to authentication and authorization information, either locally or remotely: User-level authentication info may be stored locally on the firewall User-level authentication info may be stored in a centralized authentication server (e.g., RADIUS, TACACS+)

29 Trade-offs of Firewalls
Advantages: Provides basic access control services for an intranet Provides a centralized filtering/gateway function (To some degree) Relieves individual hosts the responsibility of having a filter or firewall itself Centralized management of filtering rules Limitations: next

30 Trade-offs of Firewalls
Limitations: Cannot protect sites and corporate intranets against insider attacks  internal / intranet firewalls Can be circumvented by tunneling unauthorized application protocols in authorized ones Little protection against attacks embedded in the data field of a packet (e.g., virus-infected programs or data files, malicious Java applets, malicious ActiveX controls, …) May foster a false sense of security  lax security within the firewall perimeter

Download ppt "Fundamentals of Firewalls"

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.

CS682 Session 6 Prof. Katz. Firewalls An intelligent router? Used as a traffic control mechanism Based on information in the Layer 3 and 4 headers Administrator.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
A Brief Taxonomy of Firewalls

A Brief Taxonomy of Firewalls
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Similar presentations

Ads by Google