Presentation is loading. Please wait.

Presentation is loading. Please wait.

Why do we need Firewalls?

Published byBryan Jonathan Gilmore Modified over 6 years ago

Similar presentations

Presentation on theme: "Why do we need Firewalls?"— Presentation transcript:

1 Why do we need Firewalls?
Internet connectivity is a must for most people and organizations especially for me  But a convenient Internet connectivity is an invitation for intruders and hackers yet another example of tradeoff between convenience and security Question: What do we mean by “convenient” Internet connection? Firewall basically provides us an option to play within spectrum of this tradeoff

2 What is a Firewall? Effective means of protection local network of systems from network-based security threats from outer world while providing (limited) access to the outside world (the Internet)

3 Firewall Basics The firewall is inserted between the internal network and the Internet (a choke point) Establish a controlled link and protect the network from Internet-based attacks keeps unauthorized users away, imposes restrictions on network services; only authorized traffic is allowed Location for monitoring security-related events auditing, alarms can be implemented some firewalls supports IPSec, so VPNs can be implemented firewall-to-firewall some firewalls support NAT (not so security related) Open discussion: can’t we put one firewall for each station within the local network? What are pros and cons?

4 Firewall Characteristics - 1
Design goals: All traffic from inside to outside must pass through the firewall (physically blocking all access to the local network except via the firewall) Only authorized traffic (defined by the local security policy) will be allowed to pass The firewall itself is immune to penetration (use of trusted system with a secure operating system)

5 Firewall Characteristics - 2
General techniques for access control Service control Determines the types of Internet services that can be accessed Mostly using TCP port numbers Direction of traffic is important for the decision Some services are open for outbound, but not inbound (or vice versa) User control Controls access to a service according to which user is attempting to access it need to authenticate users. This is easy for internal users, but what can be done for external ones? Behavior control Controls how particular services are used (e.g. filter for spam control)

6 Firewall Limitations cannot protect from attacks bypassing it
best example: dial-in, dial-out cannot protect against internal threats e.g. fired sysadmin  cannot protect against transfer of all virus infected programs or files because of heavy traffic and huge range of O/S & file types

7 Types of Firewalls Packet-filtering routers Application-level gateways
Circuit-level gateways

8 Packet-filtering Router
Foundation of any firewall system Applies a set of rules to each incoming IP packet and then forwards or discards the packet (in both directions) The packet filter is typically set up as a list of rules based on matches to fields in the IP or TCP header context is not checked Two default policies (discard or forward)

9 Packet-filtering Router
Filtering rules are based on Source and Destination IP addresses Source and destination ports (services) and transport protocols (TCP or UDP) Router’s physical interface Rules are listed and a match is tried to be found starting with the first rule Action is either forward or discard If no match, then default policy is used Default is either discard or forward

10 Packet Filtering Examples
{our hosts} 21 21 {our hosts} {our hosts} For data traffic is passive mode

11 Stateful Inspection Example E shown that
>1024 ports need to be opened not only due to FTP, all services have such a structure <1024 ports are for servers, a client using a service should use a local port number between 1024 and 16383 So the firewall should keep track of the currently opened >1024 ports A stateful inspection firewall keeps track of outbound TCP connection with local port numbers in a table and allow inbound traffic for >1024 ports if there is an entry in that table (see next slide for an example table)

12 Stateful Inspection

13 Packet-filtering Router
Advantages: Simplicity High speed Transparency to users Disadvantages Difficulty of setting up packet filter rule configuration is error-prone a port is either open or close; no application layer flexibility no user authentication IP address spoofing attacker uses an internal IP address and hopes that packet penetrates into the system countermeasure: do not accept internal IPs from external interface

14 Application-level Gateway
Application-level Gateway (proxy server) Acts as a relay of application-level traffic Proxy obtains application specific information from the user and relays to the server Only allowable applications can pass through Feature-based processing is possible Additional processing overhead on each connection

15 Circuit-level Gateway
Sets up two TCP connections The gateway relays TCP segments from one connection to the other An example is the SOCKS package Users first connects to SOCKS server on port 1080 User authentication is performed Connection request is evaluated Port 1080 for SOCKS

16 Bastion Host A system identified by the firewall administrator as a critical strong point in the network security Used in various firewall configuration (we’ll see now) The bastion host serves as a platform for an application-level or circuit-level gateway i.e. a proxy Potentially exposed to "hostile" elements, hence is secured to withstand this Trusted system Carefully configured and maintained

17 Firewall Configurations
In addition to the use of simple configuration of a single system (single packet filtering router or single gateway), more complex configurations are possible

18 Screened host firewall system (dual-homed bastion host)
Only packets from and to the bastion host are allowed to pass through the router The bastion host performs authentication and proxy functions

19 Dual-homed Bastion Host
Good security because of two reasons: This configuration implements both packet-level and application-level filtering An intruder must generally penetrate two separate systems in order to get to the internal network This configuration also affords flexibility in providing direct Internet access to a public information server, e.g. Web server by configuring the router

20 Screened-subnet Firewall System
securer creates an isolated sub-network between routers Internet and private network have access to this subnet Traffic across the subnet is blocked This subnet is called DMZ (demilitarized zone) Internal network is invisible to the Internet DMZ

21 Host-Based Firewalls Software module to secure individual hosts
filter packet flows Available as add-on for many OSs Often used on servers Advantages: tailored filter rules for specific host needs protection from both internal / external attacks additional layer of protection to organizational firewall A host-based firewall is a software module used to secure an individual host. Such modules are available in many operating systems or can be provided as an add-on package. Like conventional standalone firewalls, host-resident firewalls filter and restrict the flow of packets. A common location for such firewalls is a server. There are several advantages to the use of a server-based or workstation-based firewall: • Filtering rules can be tailored to the host environment. Specific corporate security policies for servers can be implemented, with different filters for servers used for different application. • Protection is provided independent of topology. Thus both internal and external attacks must pass through the firewall. • Used in conjunction with standalone firewalls, the host-based firewall provides an additional layer of protection. A new type of server can be added to the network, with its own firewall, without the necessity of altering the network firewall configuration.

22 Personal Firewall controls traffic flow to/from PC/workstation
for both home or corporate use software module on PC or in home cable/DSL router/gateway typically less complex than standalone and host-based firewalls primary role to deny unauthorized access may also monitor/detect/block malware activity A personal firewall controls the traffic between a personal computer or workstation on one side, and the Internet or enterprise network on the other side. Personal firewall functionality can be used in the home environment and on corporate intranets. Typically, the personal firewall is a software module on the personal computer. In a home environment with multiple computers connected to the Internet, firewall functionality can also be housed in a router that connects all of the home computers to a DSL, cable modem, or other Internet interface. Personal firewalls are typically much less complex than either server-based firewalls or standalone firewalls. The primary role of the personal firewall is to deny unauthorized remote access to the computer. The firewall can also monitor outgoing activity in an attempt to detect and block worms and other malware. An example of a personal firewall is the capability built in to the Mac OS X. When the user enables the personal firewall in Mac OS X, all inbound connections are denied except for those the user explicitly permits. For increased protection, advanced firewall features may be available, such as: Stealth mode hides the Mac on the Internet by dropping unsolicited communication packets, making it appear as though no Mac is present. UDP packets can be blocked, restricting network traffic to TCP packets only for open ports. The firewall may also supports logging, an important tool for checking on unwanted activity.

23 Distributed Firewalls
A distributed firewall configuration involves standalone firewall devices plus host-based firewalls working together under a central administrative control. Figure 9.5from the text suggests a distributed firewall configuration. Administrators can configure host-resident firewalls on hundreds of servers and workstation as well as configuring personal firewalls on local and remote user systems. Tools let the network administrator set policies and monitor security across the entire network. These firewalls protect against internal attacks and provide protection tailored to specific machines and applications. Standalone firewalls provide global protection, including internal firewalls and an external firewall, as discussed previously. With distributed firewalls, it may make sense to establish both an internal and an external DMZ. Web servers that need less protection because they have less critical information on them could be placed in an external DMZ, outside the external firewall. What protection is needed is provided by host-based firewalls on these servers. An important aspect of a distributed firewall configuration is security monitoring. Such monitoring typically includes log aggregation and analysis, firewall statistics, and fine-grained remote monitoring of individual hosts if needed.

Download ppt "Why do we need Firewalls?"

Similar presentations

Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 9 – Firewalls and.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.

Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
—On War, Carl Von Clausewitz

—On War, Carl Von Clausewitz
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.

Access Control for Networks Problems: –Enforce an access control policy Allow trust relationships among machines –Protect local internet from outsiders.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Similar presentations

Ads by Google