Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Firewall Firewall design principle. Firewall Characteristics.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Firewall Firewall design principle. Firewall Characteristics."— Presentation transcript:

1 Security Firewall Firewall design principle. Firewall Characteristics.
Types of Firewalls. Firewall Components & Configurations.

2 Firewall Design Principles .
Information System undergo a steady evolution( from small LAN’s to Internet connectivity). Strong security features for all workstations and servers not established.

3 Firewalls Effective means of protection a local system or network of systems from network_based security threats while affording access to the outside world via WAN’s or the Internet.

4 Firewall Design Principles
The firewall is interested between the permission network and internet. Aims : Establish a controlled link. Protect the premises network from internet_based attacks. Provide a single choke point.

5 Firewalls Characteristics
Design goals: All traffic form the inside to outside must pass through the firewall (physically blocking all access to the local network except via firewall). Only Authorized traffic ( defined by the local security policy) will be allowed to pass.

6 Firewall Characteristics
Design goals: 3. The firewall itself is immune to penetration ( use of trusted systems with secure operating systems).

7 Firewall Characteristics
Four General Technologies: Service Control: determines the types of the internet services that can be accessed, in bounded or out bounded. Direction Control: determines the direction in which particular services requests are allowed to flow.

8 Firewall Characteristics
3. User Control: controls access to a service according to which user is attempting to access it. 4. Behavior Control: controls how particular service are used (e.g. filter )

9 Types of Firewalls Three common types of firewalls:
Packet-filtering-router. Application-level-Gateways. Circuit-level-Gateways. (Bastion Host).

10 Packet-Filtering-Router
Packet Filtering Router firewalls. Private Network Internet Packet Filtering Router Figure ( Packet Filtering Router Firewall).

11 Packet-Filtering-Router
Applies a set of rules to each incoming IP packet and then forwards or discards the packet. Filter packets going in both directions. The packet filter is typically set up as a list of rule based on matches to fields in the IP or TCP header. Two default polices( discards or forwards).

12 Packet-Filtering-Router
Advantages: Simplicity. Transparency to users. High speed Disadvantages: Difficulty of setting up packet filter walls. Lack of Authentication.

13 Application-Level-Gateway
Application Level Gateway Firewall. Inside Host TELNET Outside Host FTP SMTP Outside Connection Inside Connection HTTP Figure (Application Level Gateway).

14 Application-Level-Gateway
Also called (Proxy Server). Acts as relay of application level traffic.

15 Application-Level-Gateway
Advantages: Higher security than packet filter Only need securitize a few allowable applications. Easy to log and audit all incoming traffic. Disadvantages: Additional processing overhead on each connection (Gateway as splice point).

16 Inside host & inside connection Outside host & outside connection
Circuit Level Gateway Circuit Level Gateway. OUT IN Inside host & inside connection OUT IN Outside host & outside connection OUT IN OUT IN

17 Circuit Level Gateway Stand-alone system or specialized function performed by Application level gateway. Sets up two TCP connections. The gateway typically relays TCP segments from one connection to the other without examining the contents.

18 Circuit Level Gateway The security function consists of which connections to be allowed. Typically use is a situation in which the system administrators trusts the internal users. An example is the SOCKS package.

19 Bastion Host A system identified by the firewall administrator as critical strong point in the networks security. The Bastion host serves as a platform for an application-level or circuit-level gateway.

20 Bastion Host In addition to the use of simple configuration of single system ( single packet filtering router or single gateway), more complex configurations are possible. Three common configurations

21 Screened host firewall system
Also called single homed bastion host Packet Filtering Router Internet Information Server Private Network Bastion Host

22 Screened host firewall (1)
Configuration: Consists of two systems which are: Packet filtering router. -Only packets from and to the bastion host are allowed to pass through server. Bastion Host. - Authentication and Proxy functions.

23 Screened host firewall (2)
Greater security that the single configuration because of two reasons: This configuration implements both packet level and application level filtering ( allowing for flexibility in defining security policy). An intruder must generally penetrate two separate systems.

24 Screened host firewall (3)
This configuration also affords flexibility in providing direct internet access ( public information server, e.g. web server).

25 Dual Homed Bastion Host
Packet Filtering Router INTERNET Information Server Private Network Bastion Host

26 Dual Homed Bastion Host
The packet filtering router is not completely compromised. Traffic between the internet and other hosts on the private network has to flow through the Bastion host.

27 Screened Subnet Firewall System
Information Server See Figure. Modem Packet Filtering Router Packet Filtering Router INTERNET Private Network Bastion Host

28 Screened Subnet Firewall System
Most secured configuration of all the three known techniques in the bastion host. Two packet filtering routers are used. Creation of an isolated sub-network.

29 Screened Subnet Firewall System
Advantages: Three levels of defense to thwart intruders. The outside router advertises only the existence of the screened sub-net to the internet ( Internal network is invisible to the internet).

30 Screened Subnet Firewall System
Advantages: - The inside router advertises only the existence of the screened sub-net to the internal network ( the systems on the inside cannot construct direct routes to the internet.

Download ppt "Security Firewall Firewall design principle. Firewall Characteristics."

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system.

FIREWALLS – Chapter 20 network-based threats access to outside world Functionality, Design Security – trusted system.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.

Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Kittiphan Techakittiroj (21/05/58 10:00 น. 21/05/58 10:00 น. 21/05/58 10:00 น.) Firewall Kittiphan Techakittiroj

Kittiphan Techakittiroj (21/05/58 10:00 น. 21/05/58 10:00 น. 21/05/58 10:00 น.) Firewall Kittiphan Techakittiroj
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

Similar presentations

Ads by Google