Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Brief Taxonomy of Firewalls

Published byDarrell Blair Modified over 8 years ago

Similar presentations

Presentation on theme: "A Brief Taxonomy of Firewalls"— Presentation transcript:

1 A Brief Taxonomy of Firewalls
A network firewall, as defined in the “NSA Glossary of Terms Used in Security and Intrusion Detection” written by Stocksdale, is a “system or combination of systems that enforces a boundary between two or more networks.” Firewalls operate at different layers using different criteria to pass or restrict Traffic: The lowest layer at which a firewall can operate is layer 3. In the OSI model and the TCP/IP model, this is the network layer. This layer is concerned with the routing of packets to their destination. The highest layer at which a firewall can operate is application layer. In the OSI model and the TCP/IP model, this is the top most layer.

2

3 Types of Firewalls Packet filtering firewalls:
Packet filtering firewalls are the most basic type of firewall. Packet filtering firewalls work at the lowest level of the protocol stack possible. It receives packets and decides their fate based upon a set of rules that are usually in the form of access control lists. Packet filtering firewalls also offer Port-level NAT (Network Address Translation) or PAT for added security. On the firewall, IP packets coming into a specific port number are re-written and forwarded to the internal server providing the requested service. The reply packets from the server are re-written to make it appear as if they originated on the firewall. Some of the more common items packet filters can act upon are: - Source address (e.g., pass in all packets from through but all other packets are blocked) - Destination address (e.g., packets bound for are not permitted to pass) - Source and destination port number (e.g., all TCP packets bound for port 80 [the HTTP port] would be permitted in but TCP packets bound for ports [NetBIOS/NetBUI] would be blocked)

4 Two advances in packet filtering firewalls were came about, dynamic packet filtering and stateful inspection Dynamic packet filtering: Dynamic packet filters open and close apertures in the firewall based on header information in the packet. Once a series of packets has passed through the aperture to its destination, the firewall closes the aperture. Stateful inspection: Stateful inspection in a packet filtering firewall analyzes the network traffic that traverses it. A packet filtering firewall with stateful inspection has the ability to peer inside a packet to allow certain types of commands within an application while disallowing others. For example, a stateful packet filtering firewall can allow the FTP “GET” command while disallowing the “PUT” command.

5 Circuit-level Firewalls:
A circuit-level firewall is a second generation firewall that validates TCP and UDP sessions before opening a connection. Once a handshake has taken place, it passes everything through until the session is ended. Circuit-level firewalls operate at the session layer of the OSI model, the transport layer of TCP/IP model. The firewall maintains a table of valid connections, which includes session state and sequencing information, and lets network packets containing data pass through when the network packet information matches an entry in the virtual circuit table. When a connection is terminated, its table entry is removed and that virtual circuit between the two peers is closed. A circuit-level firewall maintains two connections per session, one between client and firewall and one between firewall and server.

6 Application-level Firewalls:
Application-level firewalls are so-called because they operate at the application layer of the protocol stack. An application-level firewall runs a proxy server application acting as an intermediary between two systems. Consequently, application-level firewalls are sometimes referred to as proxy server firewalls. An internal client sends a request to the server running on the application-level firewall to connect to an external service such as FTP, or HTTP. The proxy server evaluates the request and decides to permit or deny the request based on a set of rules that apply to the individual network service. Proxy servers understand the protocol of the service they are evaluating. Thus, they only allow packets through complying with the protocol for that service. Since a proxy server is a program executing in the context of a process it has several advantages over packet filtering firewalls or circuit-level firewalls executing in kernel mode. It can read and write files, fork/exec copies of other programs or itself, and create log entries.

7 An application-level firewall, by its very nature, implements the security policy of "that which is not expressly permitted is forbidden.“ Application-level firewalls are typically slower than their packet filtering or circuit-level firewall counterparts. To alleviate this performance problem, the adaptive proxy firewall was developed and incorporated into application-level firewalls. Adaptive proxy firewalls combine a proxy server operating at the application layer and a dynamic packet filter operating at the network layer. Even though the adaptive proxy firewall uses a packet filter, the proxy server makes all security decisions. When a new connection comes in, the dynamic packet filter notifies the proxy server and provides it with connection data. After processing the received data comparing it against rules, the proxy server directs the dynamic packet filter to accept or reject the connection. Packets flow at the network layer like a traditional packet filter with the same performance level of a packet filter.

8 The resource is a part of SANS ( SysAdmin, Audit, Network, Security ) institute, The Trusted Source for Computer Security Training, Certification and Research. The resource has brief description on evolution of various types of firewalls and their advantages and disadvantages. For beginners in network security it is must to read documentation.

Download ppt "A Brief Taxonomy of Firewalls"

Similar presentations

Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Lecture 25: Firewalls Introduce several types of firewalls

Lecture 25: Firewalls Introduce several types of firewalls
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.

Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls CS591 Topics in Internet Security November 15 1999 Steve Miskovitz, Steve Peckham, Kan Hayashi.

Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.

Similar presentations

Ads by Google