Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.

Published byErika Carter Modified over 8 years ago

Similar presentations

Presentation on theme: "FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion."— Presentation transcript:

1 FIREWALLS Vivek Srinivasan

2 Contents Introduction Need for firewalls Different types of firewalls Conclusion

3 Introduction A firewall protects networked computers from intrusions that would compromise the confidentiality or data corruption or denial of service attacks. A firewall can be a hardware device or a software program which sits at the gateway between two networks.

4 Why do we need a firewall Common methods of attacks that present opportunities to compromise the information on the network. Packet Sniffers IP Spoofing Password attacks Distribution of sensitive internal information to the external resources. Denial of service.

5 Why do we need a firewall(contd.) The primary benefits of using firewalls Protection from vulnerable services. Controlled access to site systems. Concentrated security. Logging and statistics on network use or misuse. Policy enforcement.

6 Different types of firewalls Packet filters Circuit level gateways Application level gateways Packet Filters A packet coveys the following information source IP address and port destination IP address and port information about the protocol error checking information Packet filters work at the network layer of the OSI model and are generally part of a router.

7 Packet filtering (contd.) A packet can be filtered based on one of the following Allowing or disallowing packets based on the source IP. Allowing or disallowing packets based on destination ports. Allowing or disallowing packets based on the protocol.

8 Packet filtering(contd.) Packet filter firewalls often readdress network packets so that outgoing traffic appears to have originated from a different host rather than an internal host. The process of readdressing network packets is called network address translation. Network address translation hides the topology and addressing schemes of trusted networks from untrusted networks. Advantages of packet filters Faster than other firewalls because they perform fewer evaluations.

9 Packet filtering(contd.) Packet filter firewalls shield internal IP addresses from external users. Packet filters do not require client computers to be specifically configured; the packet filters do all of the work. Disadvantages of Packet filters Address information in a packet can potentially be spoofed by the sender. Packet filters do not understand application layer protocols. They cannot restrict access to protocol subsets for services such as the PUT or GET commands in FTP.

10 Circuit Relay Firewall Circuit level gateways work at the session layer of the OSI model, or the TCP layer of TCP/IP. They monitor handshaking between packets to determine whether a requested session is legitimate.Data packets are not forwarded until the handshake is complete.

11 Circuit relay firewall(contd.) When a connection is set up, the circuit level firewall typically stores the following information about the connection: Time of day. Protocol A unique session identifier for the connection, which is used for tracking purposes The state of the connection: handshake, established, or closing The source IP address, which is the address from which the data is being delivered The destination IP address, which is the address to which the data is being delivered

12 Circuit level gateways Advantages of circuit level gateways Circuit level firewalls can perform additional checks to ensure that a network packet has not been spoofed. Circuit level firewalls to shield internal IP addresses from external users. Circuit level firewalls are generally faster than application layer firewalls. Disadvantages of circuit level gateways Circuit level firewalls cannot perform strict security checks on a higher-level protocol should the need arise. Circuit level firewalls have limited audit event generation abilities.

13 Application firewalls Application level gateways, also called proxies.They filter packets at the application layer of the OSI model. They can filter application specific commands such as http:post and get, etc. This cannot be accomplished with either packet filtering firewalls or circuit level neither of which know anything about the application level information.

14 Application firewalls(contd.)

15 Advantages of Application firewalls understand and enforce high-level protocols, such as HTTP and FTP. proxy services shield internal IP addresses from the external world Proxy services can be used to deny access to certain network services, while permitting access to others. good at generating audit records, allowing administrators to monitor attempts to violate the firewall's security policies.

16 Application firewalls(contd.) Disadvantages of application firewalls Proxy services introduce performance delays. Proxy services are vulnerable to operating-system and application-level bugs. Proxy services often require modifications to clients or client procedures, thus adding a task to the configuration process. New proxy must be written for each protocol that you want to pass through the firewall.

17 Is firewall sufficient A firewall can’t protect from malicious insiders. A firewall can’t protect against viruses. A firewall can’t protect from completely new threats. A firewall can’t protect against connections that don’t go through it.

Download ppt "FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion."

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 

Personal Info 1 Prepared by: Mr. NHEAN Sophan  Presenter: Mr. NHEAN Sophan  Position: Desktop Support  Company: Khalibre Co,. Ltd 
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

Similar presentations

Ads by Google