Presentation is loading. Please wait.

Presentation is loading. Please wait.

FIREWALL APOORV SRIVASTAVA VAIBHAV KUMAR

Published byMae Alexander Modified over 6 years ago

Similar presentations

Presentation on theme: "FIREWALL APOORV SRIVASTAVA VAIBHAV KUMAR"— Presentation transcript:

1 FIREWALL APOORV SRIVASTAVA- 2011026 VAIBHAV KUMAR- 2011166
HARENDRA SINGH YOGENDRA SINGH

2 Introduction Internet age Evolution of information systems
Inevitable to provide an access to the Internet to/from any size of organizations Persistent security concerns

3 What are the risks? Theft or disclosure of internal data
Unauthorized access to internal hosts Interception or alteration of data Denial of service

4 What needs to be secured?
Crown jewels: patent work, source code, market analysis; information assets Any way into your network Any way out of your network Information about your network

5 What is firewall? An effective means of protecting a local system or network of systems from network-based threats while at the same time affording access to the outside world via wide area networks and the Internet What does firewall do?? Isolate the private network resources Allow users to access the public resources A single choke point of control and monitoring Imposes restrictions on network services Only authorized traffic is allowed Is itself immune to penetration

6 Firewall Characteristics
Design goals: All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall) Only authorized traffic (defined by the local security policy) will be allowed to pass The firewall itself is immune to penetration (use of trusted system with a secure operating system)

7 Firewall Characteristics
Four general techniques: Service control Determines the types of Internet services that can be accessed, inbound or outbound Direction control Determines the direction in which particular service requests are allowed to flow User control Controls access to a service according to which user is attempting to access Behavior control Controls how particular services are used (e.g. filter )

8 Types of Firewalls Four common types of Firewalls:
Packet-filtering routers Application-level gateways Circuit-level gateways (Bastion host)

9 Types of Firewalls Packet-filtering Router

10 Types of Firewalls Packet filtering
The action a device takes to selectively control the flow of data to and from a network. Packet filters allow or block packets, usually while routing them from one network to another (most often from the Internet to an internal network, and vice versa). To accomplish packet filtering, you set up a set of rules that specify what types of packets (e.g., those to or from a particular IP address or port) are to be allowed and what types are to be blocked. Packet filtering may occur in a router, in a bridge, or on an individual host. It is sometimes known as screening.

11 Types of Firewalls Packet-filtering Router
Applies a set of rules to each incoming IP packet and then forwards or discards the packet Filter packets going in both directions The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header Two default policies (discard or forward)

12 Types of Firewalls Advantages: Simplicity Transparency to users
High speed Disadvantages: Difficulty of setting up packet filter rules Lack of Authentication

13 Types of Firewalls Application-level Gateway

14 Types of Firewalls Also called proxy server
Application-level Gateway Also called proxy server Acts as a relay of application-level traffic

15 Types of Firewalls Proxy
A program that deals with external servers on behalf of internal clients. Proxy clients talk to proxy servers, which relay approved client requests on to real servers, and relay answers back to clients.

16 Types of Firewalls Advantages: Higher security than packet filters
Only need to scrutinize a few allowable applications Easy to log and audit all incoming traffic Disadvantages: Additional processing overhead on each connection (gateway as splice point)

17 Circuit Level Gateway Bastion Host

18 Circuit Level Gateway A circuit-level gateway monitors TCP handshaking between packets from trusted clients or servers to untrusted hosts and vice versa to determine whether a requested session is legitimate. To filter packets in this way, a circuit-level gateway relies on data contained in the packet headers for the Internet's TCP session-layer protocol. This gateway operates two layers higher than a packet-filtering firewall. This handshaking involves an exchange of TCP packets that are flagged SYN (synchronize) or ACK (acknowledge). These packet types are legitimate only at certain points during the session. When a user Web page access request passes throaugh the circuit gateway, basic internal user information, such as IP address, is exchanged for proper feedback. Then, the proxy server forwards the request to the Web server. Upon receiving the request, the external server sees the proxy server’s IP address but does not receive any internal user information. The Web or real server sends the proxy server a proper response, which is forwarded to the client or end user via the circuit-level gateway.

19 Circuit Level Gateway Circuit level gateways work at the session layer of the OSI model. They monitor TCP handshaking between packets to determine whether a requested session is legitimate. Does not allow end to end TCP connection Sets up two TCP connection , one between itself and a TCP user inside and other between itself and another TCP user outside. Information passed to a remote computer through a circuit level gateway appears to have originated from the gateway.

20 Circuit Level Gateway Firewall technology supervise TCP handshaking among packets to confirm a session is genuine. Firewall traffic is clean based on particular session rules and may be controlled to a acknowledged computers only. Circuit-level firewalls conceal the network itself from the external, which is helpful for interdicting access to impostors. But Circuit-Level Firewalls don't clean entity packets. This is useful for hiding information about protected networks. Circuit level gateways are relatively inexpensive and have the advantage of hiding information about the private network they protect. On the other hand, they do not filter individual packets. User where internal users are trusted for all outbound services. Disadv: Requires Ified client SOCKS package v5 : RFC 1928 Uses Port 1080

21 Bastion Host A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computer In computer security, a DMZ or Demilitarized Zone (sometimes referred to as a perimeter network) is a physical or logical sub-network that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military operation is not permitted.

22 Bastion Host It is a system identified by firewall administrator as critical strong point in network security. A bastion host is a computer that is fully exposed to attack. The system is on the public side of the demilitarized zone (DMZ), unprotected by a firewall or filtering router. Indeed the firewalls and routers can be considered bastion hosts. Other types of bastion hosts include web, mail, DNS, and FTP servers. In computer security, a DMZ or Demilitarized Zone (sometimes referred to as a perimeter network) is a physical or logical sub-network that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network (LAN); an external attacker only has direct access to equipment in the DMZ, rather than any other part of the network. The name is derived from the term "demilitarized zone", an area between nation states in which military operation is not permitted.

23 Bastion Host Placement
There are two common network configurations that include bastion hosts and their placement. The first requires two firewalls, with bastion hosts sitting between the first "outside world" firewall, and an inside firewall, in a demilitarized zone (DMZ).

24 Bastion Host Placement Often smaller networks do not have multiple firewalls, so if only one firewall exists in a network, bastion hosts are commonly placed outside the firewall. Example DNS (Domain Name System) server server FTP (File Transfer Protocol)

25 How to bypass the firewall ?

26 How to bypass the firewall ?
“Legal” ways: - IP address spoofing - Source routing - Tiny fragments “Illegal” ways: - Rootkit - Trojan

27 IP ADDRESS SPOOFING IP address spoofing can be defined as an intentional misrepresentation of the source IP address in an IP packet in order to conceal the identity of the sender or to impersonate another computing system. In IP address spoofing, the user gains unauthorized access to a computer or a network by making it appear that the message comes from a trusted machine by “spoofing” the IP address of that machine

28 SOURCE ROUTING Source routing is a technique that the sender of a packet can specify the route that a packet should take through the network. As a packet travels through the network, each router will examine the "destination IP address" and choose the next hop to forward the packet. In source routing, the "source" (i.e. the sender) makes some or all of these decisions.

29 SOURCE ROUTING(cont..) A: Sender F: Destination
To bypass the firewall, the sender A specific the routing: A -> B -> C -> D -> E -> F A C B D E F

30 TINY FRAGMENT Tiny fragments is a means that the user uses the IP fragmentation to create extremely small fragments and force the TCP header information into a separate packet fragment. This way is designed to bypass the filtering rules that depend on TCP header information. The users hopes that only the first fragment is examined by the filtering router and the remaining fragments are passed through.

31 ROOTKIT Rootkit is a set of software tools intended to conceal running processes, files or system data, thereby helping an intruder to maintain access to a system whilst avoiding detection. Rootkit is known to exist for a variety of operating systems such as Linux, Solaris, and versions of Microsoft Windows.

32 TROJAN In the computer software, a Trojan horse is a malicious program. The term is derived from the classical myth of the Trojan Horse. They may look useful or interesting (or at the very least harmless) to an unsuspecting user, but are actually harmful when executed. Often the term is shortened to simply Trojan.

33 References en.Wikipedia.org www.Lib.ru

34 Thank you

Download ppt "FIREWALL APOORV SRIVASTAVA VAIBHAV KUMAR"

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.

Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
How to bypass the firewall

How to bypass the firewall
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Similar presentations

Ads by Google