2. 1 Firewalls Chapter 5 Copyright Prentice-Hall 2003

3. 2 Figure 5-1: Border Firewall Attack Packet Internet (Not Trusted) Attacker Hardened Client PC Hardened Server Internal Corporate Network (Trusted) Internet Border Firewall Log File Passed Packet (Ingress) Dropped Packet (Ingress) Passed Packet (Egress)

4. 3 Figure 5-2: Types of Firewall Inspection Packet Inspection  Examines IP, TCP,UDP, and ICMP header contents  Static packet filtering looks at individual packets in isolation. Misses many attacks  Stateful inspection inspects packets in the context of the packet’s role in an ongoing or incipient conversation Stateful inspection is the proffered packet inspection method today

5. 4 Figure 5-2: Types of Firewall Inspection Application Inspection  Examines application layer messages  Stops some attacks that packet inspection cannot Network Address Translation  Hides the IP address of internal hosts to thwart sniffers  Benignly spoofs source IP addresses in outgoing packets

6. 5 Figure 5-2: Types of Firewall Inspection Denial-of-Service Inspection  Recognizes incipient DoS attacks and takes steps to stop them  Limited to a few common types of attacks Authentication  Only packets from users who have proven their identity are allowed through  Not commonly user, but can be valuable

7. 6 Figure 5-2: Types of Firewall Inspection Virtual Private Network Handling  Virtual private networks offer message-by- message confidentiality, authentication, message integrity, and anti-replay protection  VPN protection often works in parallel with other types of inspection instead of being integrated with them

8. 7 Figure 5-2: Types of Firewall Inspection Integrated Firewalls  Most commercial products combine multiple types of filtering  Some freeware and shareware firewall products offer only one types of filtering