Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Published byMyles Mills Modified over 5 years ago

Similar presentations

Presentation on theme: "Firewall – Survey Purpose of a Firewall Characteristic of a firewall"— Presentation transcript:

1 Firewall – Survey Purpose of a Firewall Characteristic of a firewall
To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall All traffic must go through the firewall Allow and blocking traffic The Firewall itself should be immune of attacked

2 Firewall – possibilities
5 areas to control: Services (web, ftp, mail …) i.e. Port# Network (hosts) i.e. IP addresses Direction i.e. control inside-out or reverse User i.e. only authorized users allow Behaviour (e.g. attachment to mail) (Denial of Service Inspection)

3 Firewall – solutions Solutions: HW – screening router
SW – Computer Based (build in the OS) SW – dedicated Host Firewall

4 Firewall – limitations
3 limitations of Firewalls Cannot protect against traffic not running trough the firewall (obvious!!) Cannot protect against threats from inside (e.g. as the school network) Cannot protect against viruses (i.e. they come in by legal traffic)

5 Firewall – Types 3 types of Firewalls Packet-filtering
Packet-filtering – with state-full inspection Application- gateways

6 Firewall – Packet-filtering
Level 3 – network (IP-packets) Filtering on (the access control list): Source/Destination IP-addresses Source/Destination Port-numbers IP-protocol field (e.g. icmp, tcp, egp) TCP-direction (SYN-bit) IN / OUT on each interface

7 Firewall – Packet-filtering
Configurations Policies: 1:optimistic: default set to allow 2:pessimistic: default set to discard (normal) Setting up rules

8 Firewall – Packet-filtering
Weakness Cannot ‘look’ into appl. Level information Limited logging information Do normally not support authentication Can be attack by weakness in IP (e.g. IP-spoofing)

9 Firewall – Packet-filtering
Stateful - inspection Normal packet-filtering only look at one packet at a time. Stateful packet-filtering can remember a sequence of packets. (can be used to detect spoofing)

10 Firewall – Application-level
Level 5 Application gateway Using Proxy Servers (e.g. a mail-client and a mail-server) Spilt connections into 2 (one for inbound and one for outbound)

11 Firewall – Application-level
More secure Stateful inspection even more developed User authentication are used Weakness slow-down performance need to have proxies for all services

12 Firewall – Architecture
One recommended solution: Screened subnet firewall MOST secure DMZ – demilitarized zone (2 packet-filter + bastion host on the net (DMZ) in between) Home Firewall like ZoneAlarm/XP-firewall

13 Firewall – Testing Lookup for Misconfiguration The rules (the sequence of the rules) Policies before setting up ACL Testing (using port-scanning etc.) The snort tool Maintain Firewall Keep up checking the ACLs and the updating the firewall

14 Intrusion – Systems Intrusion Detection System (IDS)
Logging/alarm intrusion Intrusion Prevention System (IPS) Detect and filters out suspicious traffic

Download ppt "Firewall – Survey Purpose of a Firewall Characteristic of a firewall"

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.

Lecture slides for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 9 “Firewalls and Intrusion Prevention.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Pertemuan 05 Firewall Matakuliah: H0451/Praktikum Jaringan Komputer Tahun: 2006 Versi: 1/0.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.

Similar presentations

Ads by Google