Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing Firewalls

Published byEmilia Pohl Modified over 5 years ago

Similar presentations

Presentation on theme: "Implementing Firewalls"— Presentation transcript:

1 Implementing Firewalls
Based on slides accompanying the book Network Defense and Countermeasures by Chuck Easttom (2018) Chapter 3:

2 Objectives Understand how firewalls are deployed in different networks
host-based firewalls vs router-based firewalls Other configurations

3 Implementing Firewalls
Need to understand the firewall’s relationship to the network it is protecting Most common solutions Network host-based Dual-homed host Router-based firewall Screened host The following slides address each of these solutions.

4 Network Host-Based Firewalls
c.f., Host-Based Firewalls (Windows Firewall) Software-based solution runs on top of an operating system Must harden the operating system: Ensure all patches are updated Uninstall unneeded applications or utilities Close unused ports Turn off all unused services Cheap solution Q: What are the trade-offs (vs commercial-grade firewalls)? Hardening of operating systems is covered more in Chapter 8, “Operating System Hardening.” A ‘host-based firewall’ may become a ‘network host-based firewall’ when it is placed between two segments of networks. On the other hand, a ‘host-based firewall’ may be just a host computer (that is, an end device).

5 In Practice: Demilitarized Zone (DMZ)
Two separate firewalls One faces the outside world One faces the inside Web, , and FTP servers are located in the area in-between them Explain how a DMZ is configured and the benefits that can be derived from this configuration. Refer to Figure 3.3.

6

7 Dual-Homed Hosts Expanded version of the Network Host-based Firewall
Also runs on top of the OS of a server An older technology Automatic routing is disabled on the host The outer and the inner networks cannot see each other; both talk to the dual-homed host Disadvantage, as with Network host firewalls, is its reliance on the security of the OS See Figure 3.4 for a sample configuration of a dual-homed host firewall.

8 Dual-Homed Hosts NOTE: correction in the chart
Q: Is the dual-homed host firewall an application-level firewall? Dual-homed gateway firewall “… uses proxy servers on the gateway for access and for services like Telnet, FTP, and .”

9 Router-Based Firewall
Usually the first line of defense Uses simple packet filtering Ideal for novice administrators Can be preconfigured by vendor for specific needs of user Can be placed between segments of a network Emphasize that the benefit with the router-based solution is its ease of setup and configuration.

10 Screened Host A combination of firewalls
Bastion host and screening router is used Similar in concept to the dual-homed host (except for the use of a screening router) Explain what a Bastion host is and the screening router. Figure 3.5 illustrates this type of setup. Explain that packet filters work at the network layer of the OSI, and these firewall solutions can block traffic on specific ports for both incoming and outgoing traffic.

11 screened host firewall
Image source: The packet-filtering router allows only traffic destined to the bastion host. A network-level firewall

12 screened host firewall
Image source:

13 screened subnet firewall
The single bastion host in the screened host firewall is expanded into a subnet of bastion hosts. The subnet is called perimeter network, in which public servers (HTTP, FTP, etc) are hosted. If one of the hosts in the perimeter network is compromised, the hacker can only snoop on traffic transmitted over the subnet (but not traffic between hosts in the protected network). Communication within the protected network is therefore protected from snooping. Q: Is the perimeter network a DMZ? Source:

14 screened subnet firewall
Source:

15 In Practice: Utmost Security
Multiple firewalls Stateful packet inspecting firewall Application gateway Screened firewall routers separating each network segment Dual-perimeter firewall, packet screening on all routers, individual packet filtering firewalls on every server

16 In Practice: Utmost Security

17 Selecting and Using a Firewall
Configure it properly Consider a consultant for initial setup Review logs periodically for anomalies Utilize statistics for baseline performance Outline the proper use of firewalls and how they can be used to baseline your system performance and what you would use the baseline information for.

18 Using Proxy Servers Prevent the outside world from gathering information about your internal network Provide valuable log information Can redirect certain traffic, based on configuration Typically runs on the firewall machine Protects against spoofing Include some of your own experiences with proxy servers and how they can benefit your security solution.

19 Network Address Translation (NAT)
Supersedes proxy servers Translates internal IP addresses to public addresses Can explicitly map ports to internal addresses for web servers Explain that some operating systems come with this feature that can be configured separately.

20 Summary Firewalls and proxy servers are critical for network security solutions Many solutions are available, which vary in price and features Choose the most secure solution that the budget allows

21 Summary Types of Firewalls Types of Implementations Packet filter
Stateful packet inspection Circuit level gateway Application gateway Types of Implementations Host-based Network host-based Router-based Dual-homed, screened host, screened subnet

Download ppt "Implementing Firewalls"

Similar presentations

IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Firewall Configuration Strategies

Firewall Configuration Strategies
Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.
Guide to Network Defense and Countermeasures Third Edition

Guide to Network Defense and Countermeasures Third Edition
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 7 Network Perimeter Security.
5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/4/01EMTM 5531 EMTM 553: E-commerce Systems Lecture 7b: Firewalls Insup Lee Department of Computer and Information Science University of Pennsylvania.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.
Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey

Firewalls1 Firewalls Mert Özarar Bilkent University, Turkey
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls CS591 Topics in Internet Security November 15 1999 Steve Miskovitz, Steve Peckham, Kan Hayashi.

Firewalls CS591 Topics in Internet Security November Steve Miskovitz, Steve Peckham, Kan Hayashi.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Similar presentations

Ads by Google