Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.

Published byLindsey Lawrence Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture."— Presentation transcript:

1

2 1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture Configuring, Testing, and Maintenance

3 2 Figure 5-12: Network Address Translation (NAT) Server Host Client 192.168.5.7 NAT Firewall 1 3 Internet 2 4 Sniffer From 192.168.5.7, Port 61000 From 60.5.9.8, Port 55380 To 60.5.9.8, Port 55380 To 192.168.5.7, Port 61000 IP Addr 192.168.5.7... Port 61000... Internal IP Addr 60.5.9.8... Port 55380... External Translation Table

4 3 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture Configuring, Testing, and Maintenance

5 4 Figure 5-13: Application Firewall Operation BrowserHTTP ProxyWebserver Application 1. HTTP Request From 192.168.6.77 2. Filtering 3. Examined HTTP Request From 60.45.2.6 4. HTTP Response to 60.45.2.6 6. Examined HTTP Response To 192.168.6.77 5. Filtering on Post Out, Hostname, URL, MIME, etc. In Application Firewall 60.45.2.6 FTP Proxy SMTP (E-Mail) Proxy Client PC 192.168.6.77 Webserver 123.80.5.34 Outbound Filtering on Put Inbound and Outbound Filtering on Obsolete Commands, Content

6 5 Figure 5-14: Header Destruction With Application Firewalls App MSG (HTTP) Orig. TCP Hdr Orig. IP Hdr App MSG (HTTP) New TCP Hdr New IP Hdr App MSG (HTTP) Attacker 1.2.3.4 Webserver 123.80.5.34 Application Firewall 60.45.2.6 Header Removed Arriving PacketNew Packet Application Firewall Strips Original Headers from Arriving Packets Creates New Packet with New Headers This Stops All Header-Based Packet Attacks X

7 6 Figure 5-15: Protocol Spoofing Internal Client PC 60.55.33.12 Attacker 1.2.3.4 Trojan Horse 1. Trojan Transmits on Port 80 to Get Through Simple Packet Filter Firewall 2. Protocol is Not HTTP Firewall Stops The Transmission X Application Firewall

8 7 Figure 5-16: Circuit Firewall Webserver 60.80.5.34 Circuit Firewall (SOCKS v5) 60.34.3.31 External Client 123.30.82.5 1. Authentication 2. Transmission 5. Passed Reply: No Filtering 3. Passed Transmission: No Filtering 4. Reply

9 8 Firewalls Types of Firewalls Inspection Methods Firewall Architecture  Single site in large organization  Home firewall  SOHO firewall router  Distributed firewall architecture Configuring, Testing, and Maintenance

10 9 Figure 5-17: Single-Site Firewall Architecture for a Larger Firm with a Single Site Internet 1. Screening Router 60.47.1.1 Last Rule=Permit All 2. Main Firewall Last Rule=Deny All 172.18.9.x Subnet 3. Internal Firewall 4. Client Host Firewall Marketing Client on 172.18.5.x Subnet Accounting Server on 172.18.7.x Subnet 5. Server Host Firewall 6. DMZ Public Webserver 60.47.3.9 SMTP Relay Proxy 60.47.3.10 HTTP Proxy Server 60.47.3.1 External DNS Server 60.47.3.4

11 10 Figure 5-18: Home Firewall Internet Service Provider Home PC Broadband Modem PC Firewall Always-On Connection UTP Cord Coaxial Cable

12 11 Figure 5-19: SOHO Firewall Router Broadband Modem (DSL or Cable) SOHO Router --- Router DHCP Sever, NAT Firewall, and Limited Application Firewall Ethernet Switch Internet Service Provider User PC UTP Many Access Routers Combine the Router and Ethernet Switch in a Single Box

13 12 Figure 5-20: Distributed Firewall Architecture Internet Home PC Firewall Management Console Site ASite B

Download ppt "1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture."

Similar presentations

DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Firewalls (March 4, 2015) © Abdou Illia – Spring 2015.

Firewalls (March 4, 2015) © Abdou Illia – Spring 2015.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
Controlling access with packet filters and firewalls.

Controlling access with packet filters and firewalls.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
Firewall Technology. Firewall Technology - Outline Defining the types of firewalls. Developing a firewall configuration. Designing a firewall rule set.

Firewall Technology. Firewall Technology - Outline Defining the types of firewalls. Developing a firewall configuration. Designing a firewall rule set.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.

Firewalls Screen packets coming into the Privet Networks from external, Untrusted Networks (Internet) Ingress Packet Filtering  Firewall examine incoming.
Wi-Fi Structures.

Wi-Fi Structures.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Guide to Computer Network Security

Guide to Computer Network Security
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Similar presentations

Ads by Google