Presentation is loading. Please wait.

Presentation is loading. Please wait.

Firewalls Purpose of a Firewall Characteristic of a firewall

Published byJerome Collins Modified over 5 years ago

Similar presentations

Presentation on theme: "Firewalls Purpose of a Firewall Characteristic of a firewall"— Presentation transcript:

1 Firewalls Purpose of a Firewall Characteristic of a firewall
To allow ‘proper’ traffic and discard all other traffic Characteristic of a firewall All traffic must go through the firewall Allow and blocking traffic (Only Authorized traffic) The Firewall itself must be immune of attacked

2 Firewall – possibilities
5 areas to control: Services (web, ftp, mail …) i.e. Port# Network (hosts) i.e. IP addresses Direction i.e. control inside-out or reverse User i.e. only authorized users allow Behaviour (e.g. attachment to mail) (Denial of Service Inspection)

3 Firewall – limitations
3 limitations of Firewalls Cannot protect against: traffic not running trough the firewall (obvious!!) Cannot protect against threats from inside (e.g. as the school network) Cannot protect against viruses (i.e. they come in by legal traffic)

4 Firewall – Types 3 types of Firewalls Packet-filtering
Packet-filtering – with state-full inspection Application-gateways (application-proxy) Circuit-level proxy (transport-level)

5 Firewall – Packet-filtering
Level 3 – network (IP-packets) Filtering on (the access control list): Source/Destination IP-addresses Source/Destination Port-numbers IP-protocol field (e.g. icmp, tcp, egp) TCP-direction (SYN-bit) InBound / Outbound on each interface (sometimes also forwarding)

6 Firewall – Packet-filtering
Configurations Policies: 1:optimistic: default set to allow / forward 2:pessimistic: default set to discard / deny Setting up rules

7 Rules Examples

8 Firewall – Packet-filtering
Weakness Cannot ‘look’ into appl. Level information Limited logging information Do normally not support authentication Can be attack by weakness in IP (e.g. IP-spoofing)

9 Firewall – Packet-filtering
Stateful - inspection Normal packet-filtering only look at one packet at a time. Stateful packet-filtering can remember a sequence of packets. Can detect Spoofing Source routing Tiny fragment

10 Firewall – Application-level
Level 5 Application gateway Using Proxy Servers (e.g. a mail-client and a mail-server) Spilt connections into 2 (one for inbound and one for outbound)

11 Firewall – Application-level
More secure Stateful inspection even more developed User authentication are used Weakness slow-down performance need to have proxies for all services

12 Firewall – Transport-level
Spilt connections into 2 (one for inbound and one for outbound) More secure than Filter but less than Application Stateful inspection more developed Weakness slow-down performance (but better than Application)

13 Firewall – solutions Solutions: HW – Screening router
SW – Computer Based (build in the OS) SW – Dedicated Host Firewall

14 Firewall – Architecture
Best Practice solution For small and middle companies: Screened subnet firewall MOST secure DMZ – demilitarized zone (2 packet-filter + bastion host on the net (DMZ) in between) Home Firewall like ZoneAlarm / XP-firewall

Download ppt "Firewalls Purpose of a Firewall Characteristic of a firewall"

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University

Firewalls Dr.P.V.Lakshmi Information Technology GIT,GITAM University
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Winter 20021 CMPE 155 Week 7. Winter 20022 Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.

Winter CMPE 155 Week 7. Winter Assignment 6: Firewalls What is a firewall? –Security at the network level. Wide-area network access makes.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.

Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Lecture 14 Firewalls modified from slides of Lawrie Brown.

Lecture 14 Firewalls modified from slides of Lawrie Brown.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.

Firewalling Techniques Prabhaker Mateti. ACK Not linux specific Not linux specific Some figures are from 3com Some figures are from 3com.
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.

Chapter 10 Firewalls. Introduction seen evolution of information systems now everyone want to be on the Internet and to interconnect networks has persistent.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Similar presentations

Ads by Google