Presentation is loading. Please wait.

Presentation is loading. Please wait.

Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

Similar presentations

Presentation on theme: "Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external."— Presentation transcript:

1 Beth Johnson April 27, 1998

2 What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external connection to guarantee that the internal networks remain free from unauthorized traffic A firewall consists of two barriers and a secure computer called a bastion host Each barrier uses a filter to restrict datagram traffic To be effective, a firewall that uses datagram filtering should restrict access to: -all IP sources -IP destinations -protocols -protocol ports except those that are explicitly decided to be available externally

3 Firewall continued A packet filter that allows a manager to specify which datagrams to admit instead of which datagrams to block can make such restrictions easy to specify The bastion host offers externally-visible servers, and runs clients that access outside servers Usually, a firewall blocks all datagrams arriving from external sources except those destined for the bastion host

4 Implementing a Firewall A firewall can be implemented in one of several ways -the choice depends on details such as the number of external connections In many cases, each barrier in a firewall is implemented with a router that contains a packet filter A firewall can also use a stub network to keep external traffic off network A stub network consists of a short wire to which only three computers connect


6 The Wall Raptor Systems Inc. Used for smaller networks Has powerful logging capabilities so you can figure out if someone has tried to crack your network Also, get Raptor’s WebNOT utility, which blocks 15,000 unsavory Web sites For a nominal fee, the vendor will provide periodic updates The wall can only be implemented on a 25- user network Cost: $995 list

7 Gauntlet Internet Firewall Trusted Information Systems (TIS) Positioned as an application gateway Uses proxies to enforce network traffic rules Proxies track and log traffic as it flows through the firewall Can configure smoke alarms to notify you when illegal activity occurs Firewalls automatically builds a log report that tracks anomalies You can also receive the alerts via e-mail or pager

8 Gauntlet continued Gauntlet is available in two versions -software -only solution -$11,500 it installs on an existing BSD Unix, HP/UX, or SunOS host -turnkey solution -$15,000 runs on a Pentium Machine

9 Check Point Firewall-1 Check Point Software Technologies Ltd. Check Point redefined the way people think about firewalls with its stateful-inspection engine, which works at the network layer instead of an application-proxy-based firewall Easy to add new services as they emerge Firewall-1 comes with all of the basic services including: -HTTP -SSL -NNTP -SMTP -DNS Administrators can control each of these services using flexible rules

10 Firewall-1 continued Can place specific restrictions on individual FTP sites and directories, and can selectively allow gets but not puts Check Point has developed Content Vectoring Protocol (CVP), which defines how a firewall forwards packets and data to specialized servers An administrator can configure and monitor Firewall-1 on the firewall itself or from anywhere on the network Any unauthorized use can trigger a visible or audible alert to the System Status screen or one of many other options such as e-mail Firewall-1 optional encryption module turns the firewall into a VPN node Dynamic TCP/IP addresses are allowed Cost: 50 nodes -$4,995 unlimited -$18,990

11 AltaVista Firewall 97 Digital Equipment Corp. Application-proxy-based firewall Suitable for small networks because of the lack of remote configuration capabilities and inability to work with more than two-adapter configurations vulnerable to SYN-flood attacks AltaVista has solid support for most of the basic services, except for some minor deficiencies with HTTP Telnet and FTP access can be finely regulated Cost: 50 nodes -$3,995 unlimited -$14,995

12 Firewall/Plus Network-1 Software & Technology Aimed at networks of all sizes Runs as a Window NT service on both Intel and Alpha platforms Firewall/Plus uses both proxies and stateful inspection Packets are allowed or denied based on choices made by the administrator configuration Firewall/Plus can run transparently without an IP address -to run in this manner, the firewall must be placed between the internet connection and the local network Consists of a firewall engine and a user interface for making modifications to the engine

13 Firewalls/Plus continued You can remotely manage the firewall by loading the user interface on a remote PC and then connecting to a predefined TCP port over an encrypted connection Cost: 50 nodes -$3,750 unlimited -$13,000

14 Basic Mini Firewall Computer Peripheral Systems Used with a dial-up Internet connection at a desktop The Basic Mini Firewall is tiny enough to slip into your pocket It connects to your phone line and your 10 Base-T LAN Product works by breaking your connection to the LAN when you connect to the Internet via your modem Isn’t flexible (and being off the LAN can sometimes be inconvenient) Makes LAN off-limits Cost: $85 list

Download ppt "Beth Johnson April 27, 1998. What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external."

Similar presentations

Ads by Google